Describe the enhancement:
Similar to Filebeats support to read from a TCP socket, it would be very helpful to read from a UNIX stream socket (optionally UNIX datagram sockets for more flexibility, I guess).
Describe a specific use case for the enhancement or feature:
My particular use-case is to be able to read my Suricata eve.json file as a stream instead of paying penalty of disk I/O. However, this isn't an isolated feature. Many UNIX tools can optionally write to UNIX sockets as an output. Various syslog engines are especially prevalent examples. For my Suricata use-case, this means I don't have to worry about on-disk management of log files because the rather verbose JSON log won't be eating up all my storage. It also means that Suricata and Filebeat will not be competing for the disk IOPS (which can get contentious on a production sensor) since the stream will exist in memory.
Describe the enhancement:
Similar to Filebeats support to read from a TCP socket, it would be very helpful to read from a UNIX stream socket (optionally UNIX datagram sockets for more flexibility, I guess).
Describe a specific use case for the enhancement or feature:
My particular use-case is to be able to read my Suricata eve.json file as a stream instead of paying penalty of disk I/O. However, this isn't an isolated feature. Many UNIX tools can optionally write to UNIX sockets as an output. Various syslog engines are especially prevalent examples. For my Suricata use-case, this means I don't have to worry about on-disk management of log files because the rather verbose JSON log won't be eating up all my storage. It also means that Suricata and Filebeat will not be competing for the disk IOPS (which can get contentious on a production sensor) since the stream will exist in memory.