ACE can take a while to shut down. Some modules might be busy performing a large task (such as collecting PCAP) or the system might be busy writing a very large JSON file to disk.
When ACE requests a shut down, it waits for N seconds before giving up and sending SIGKILL to all the worker processes. If ACE is in the middle of writing the data.json file (or likely any analysis details) then the analysis essentially becomes lost.
So we need a cleaner approach to shutdown. Analysis modules that have a long execution pattern should have some capability to receive an interruption and gracefully cancel the current process.
ACE can take a while to shut down. Some modules might be busy performing a large task (such as collecting PCAP) or the system might be busy writing a very large JSON file to disk.
When ACE requests a shut down, it waits for N seconds before giving up and sending SIGKILL to all the worker processes. If ACE is in the middle of writing the data.json file (or likely any analysis details) then the analysis essentially becomes lost.
So we need a cleaner approach to shutdown. Analysis modules that have a long execution pattern should have some capability to receive an interruption and gracefully cancel the current process.