[mrbluecoat]

Was going to ask if it was only passive monitoring or active controlling and found https://docs.qpoint.io/appendix/qcontrol-beta

> Security enforcement: Allowing or denying traffic based on precise conditions

Very cool. What are your supported log sinks?

[jonfriesen]

Thanks! We're really excited about Qcontrol and what it will be able to provide! The rules in that doc are powered by our Rulekit project https://github.com/qpoint-io/rulekit if you're curious about seeing more.

As far as log sinks, we have stdout right now. We have been working on Fluentbit and will eventually add a bunch more. If you have a request, drop them here!

We also have a services concept which support an "event store" and "object store", where the object store handles artifacts that may contain sensitive data and don't need to be indexed for search/aggregation (this is an S3 compliant store). The event store handles all of the events from connection audit logs (these cover the ip protocol level) to individual http request/response pairs. The event store is a custom API we use and need to write some proper documentation for, stay tuned!

[otterley]

Standard output is all you need. Let a consumer on the other end do the rest of the work. Don’t make supporting every log collector under the sun your problem. Add OTel support if you really feel the need to.

[mrbluecoat]

My vote would be https://vector.dev/ or https://nanomq.io/ over Fluent Bit for performance reasons. That said, S3/MinIO is fairly universal so that along with stdout should be fine. I'd be interested to learn more about your custom local Pulse Service: https://docs.qpoint.io/readme/data-flow#fully-self-hosted-ma...