devel: Add event metadata plugin example #327
Conversation
awelzel
force-pushed
the
topic/awelzel/event-metadata-plugin
branch
from
5445a05 to
3aba4a0
Compare
awelzel
force-pushed
the
topic/awelzel/event-metadata-plugin
branch
from
1f32071 to
6190118
Compare
|
@ckreibich - would you be up for skimming this through? It's just a short example how to use custom event metadata :-) |
ckreibich
left a comment
ckreibich
left a comment
There was a problem hiding this comment.
I like it a lot. Cool example of things newly possible in Zeek, and integrating them into a modern environment. I just have a few nits — feel free to handle as you see fit.
Going forward I don't think we should add more full-blown plugins in the docs though, for a few reasons:
- We won't catch errors in them as easily as if they were packages with CI etc
- People need to clone zeek-docs to get to the source.
- If people build on this, I'd argue they are more likely to ship the result in a package.
I think it'd be very nice to have "tutorial packages" for typical package/plugin scenarios that people can study. Sort of a more fleshed-out starting point than the raw package templates, that we can then link to from the docs. @bbannier also flagged the other day that it'd be nice to focus on building out more of a "utility ecosystem" for Zeek, so this could be part of that.
If you want to keep it here for now, I'm a-okay with that. But it seems fairly straightforward to make them packages, too.
I was fairly close putting a
Yeah, agree. Honest answer here unfortunately is that I'm steering clear of |
awelzel
force-pushed
the
topic/awelzel/event-metadata-plugin
branch
from
6190118 to
44078df
Compare
I wonder if we should actually publish this kind of plugin somewhere officially, or integrate the functionality into Zeek as an optional feature.
I'm pretty impressed how "easy" it is to do cluster event latency monitoring using a Prometheus histogram with an external plugin now that we have all that infrastructure...