This is a suggestion to add functionality to recover from a system crash or the crash of the generic sguil agent.
Lets say the generic agent is reading a syslog file and crashes. When you start the agent back up, it will re-read events it has already seen, inputting them to the database and presenting them as new events. I think if there was something similar to barnyard's waldo file, the agent could resume where it left off prior to the crash.
Log in to post a comment.