Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
While I took care of the issues with using inotify, I should look more specifically at filebeat on Malcolm and whether or not it's supporting reading from network drives correctly in the case of something like kubernetes.
I don't know it's going to be an issue... but I don't know it's not going to be an issue. Sort of related to idaholab/Malcolm#102, we could replace it with fluent-bit if it works better (if we have a problem).
mmguero
commented
2 weeks ago 