No payload: Only push summary line of start/stop times, source/destination addresses, and traffic type.
No grouping: just pass individual logs. Should conflict with timeout option. *
In turn, the API of any log summarizer should be updated to account for these distinct behaviors.
*: I'm not sure if the No Grouping option should be implemented as a summarizer that doesn't summarize, or if the alert modules should just by bypassed in the pipeline.
CLI should accept flags for:
In turn, the API of any log summarizer should be updated to account for these distinct behaviors.
*: I'm not sure if the No Grouping option should be implemented as a summarizer that doesn't summarize, or if the alert modules should just by bypassed in the pipeline.