<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">To run a local proof of concept and see a working config, apply the below patch to master and then run `./run_end_to_end.sh --kafka-topic=dns` (just requires docker and bash &gt; 4) from the docker/ folder.  The issue is, like Seth said earlier, you need to configure the metadata.broker.list in Kafka::kafka_conf not in the logging filter&#39;s $config table (although we could likely add that option pretty easily - feel free to open a ticket at <a href="https://issues.apache.org/jira/browse/METRON-2060?filter=-4&amp;jql=project%20%3D%20METRON%20order%20by%20created%20DESC" target="_blank">https://issues.apache.org/jira/browse/METRON-2060?filter=-4&amp;jql=project%20%3D%20METRON%20order%20by%20created%20DESC</a>).</div><div dir="ltr"><br></div><div dir="ltr">If you&#39;re going to run up the PoC and have already built the plugin&#39;s bro docker container on your computer in the recent past you can add `--skip-docker-build` to speed things up, but it will need to be built the first time around at least.  If you want to poke around in the container running bro after things are up you can run `./scripts/docker_execute_shell.sh` from the docker/ folder for convenience and it will drop you into a shell.  Also, don&#39;t forget to run `./finish_end_to_end.sh` from docker/ when you&#39;re done to clean everything up.  Our docker testing environment is currently limited to testing one kafka topic at a time but this same approach should work if you configure multiple filters with different topics specified.  I&#39;m doing exactly this in one of my bro clusters using master of the plugin.</div><div dir="ltr"><div><br></div><div>```</div><div><div>diff --git a/docker/in_docker_scripts/configure_bro_plugin.sh b/docker/in_docker_scripts/configure_bro_plugin.sh</div><div>index c292504..afdd0ad 100755</div><div>--- a/docker/in_docker_scripts/configure_bro_plugin.sh</div><div>+++ b/docker/in_docker_scripts/configure_bro_plugin.sh</div><div>@@ -28,13 +28,22 @@ shopt -s nocasematch</div><div> echo &quot;Configuring kafka plugin&quot;</div><div> {</div><div>   echo &quot;@load packages&quot;</div><div>-  echo &quot;redef Kafka::logs_to_send = set(HTTP::LOG, DNS::LOG, Conn::LOG, DPD::LOG, FTP::LOG, Files::LOG, Known::CERTS_LOG, SMTP::LOG, SSL::LOG, Weird::LOG, Notice::LOG, DHCP::LOG, SSH::LOG, Software::LOG, RADIUS::LOG, X509::LOG, Known::DEVICES_LOG, RFB::LOG, Stats::LOG, CaptureLoss::LOG, SIP::LOG);&quot;</div><div>-  echo &quot;redef Kafka::topic_name = \&quot;bro\&quot;;&quot;</div><div>+  echo &quot;redef Kafka::topic_name = \&quot;\&quot;;&quot;</div><div>   echo &quot;redef Kafka::tag_json = T;&quot;</div><div>   echo &quot;redef Kafka::kafka_conf = table([\&quot;metadata.broker.list\&quot;] = \&quot;kafka:9092\&quot;);&quot;</div><div>-  echo &quot;redef Kafka::logs_to_exclude = set(Conn::LOG, DHCP::LOG);&quot;</div><div>   echo &quot;redef Known::cert_tracking = ALL_HOSTS;&quot;</div><div>   echo &quot;redef Software::asset_tracking = ALL_HOSTS;&quot;</div><div>+  echo &#39;event bro_init() &amp;priority=-10</div><div>+{</div><div>+# handles DNS</div><div>+local dns_filter: Log::Filter = [</div><div>+$name = &quot;kafka-dns&quot;,</div><div>+$writer = Log::WRITER_KAFKAWRITER,</div><div>+$config = table([&quot;topic_name&quot;] = &quot;dns&quot;),</div><div>+$path = &quot;dns&quot;</div><div>+];</div><div>+Log::add_filter(DNS::LOG, dns_filter);</div><div>+}&#39;</div><div> } &gt;&gt; /usr/local/bro/share/bro/site/local.bro</div><div><br></div><div> # Load &quot;known-devices-and-hostnames.bro&quot; which is necessary in bro 2.5.5 to</div></div><div>```</div><div><br></div><div>Let me know if that works for you or if you have any other questions</div><div><br></div><div><div><div dir="ltr" class="m_-4497383537281550949gmail_signature">- Jon Zeolla<br>Zeolla@GMail.Com</div></div><br></div></div></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Apr 3, 2019 at 11:41 AM Arda Savran &lt;<a href="mailto:asavran@layerxtech.com" target="_blank">asavran@layerxtech.com</a>&gt; wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hello again:<div><br></div><div>I tried the script on the web site and it still fails the check:</div><div><br></div><div><div>##! Local site policy. Customize as appropriate.</div><div>##!</div><div>##! This file will not be overwritten when upgrading or reinstalling!</div><div><br></div><div>#@load packages</div><div><br></div><div>#@load /usr/local/bro/lib/bro/plugins/packages/metron-bro-plugin-kafka/scripts/Apache/Kafka</div><div>#redef Kafka::send_all_active_logs = T;</div><div>#redef Kafka::tag_json = T;</div><div>#redef Kafka::kafka_conf = table([&quot;metadata.broker.list&quot;] = &quot;<a href="http://13.88.224.129:9092" target="_blank">13.88.224.129:9092</a>&quot;);</div><div><br></div><div>###########</div><div>###########</div><div><br></div><div>@load /usr/local/bro/lib/bro/plugins/packages/metron-bro-plugin-kafka/scripts/Apache/Kafka</div><div>redef Kafka::logs_to_send = set(DHCP::LOG);</div><div>redef Kafka::topic_name = &quot;bro&quot;;</div><div>redef Kafka::kafka_conf = table(</div><div>    [&quot;metadata.broker.list&quot;] = &quot;XX.XX.XX.XX:9092&quot;</div><div>);</div><div>redef Kafka::tag_json = T;</div><div><br></div><div>event bro_init() &amp;priority=-10</div><div>{</div><div>    # Send DHCP to the shew_bro_dhcp topic</div><div>    local shew_dhcp_filter: Log::Filter = [</div><div>        $name = &quot;kafka-dhcp-shew&quot;,</div><div>        $writer = Log::WRITER_KAFKAWRITER,</div><div>        $path = &quot;shew_bro_dhcp&quot;</div><div>        $config = table([&quot;topic_name&quot;] = &quot;shew_bro_dhcp&quot;)</div><div>    ];</div><div>    Log::add_filter(DHCP::LOG, shew_dhcp_filter);</div><div>}</div><div><br></div><div>###########</div><div>###########</div></div><div><br></div><div><div>[root@localhost site]# broctl check</div><div>bro scripts failed.</div><div>error in /usr/local/bro/share/bro/site/local.bro, lines 29-30: not a record (shew_bro_dhcp$config)</div><div>error in /usr/local/bro/share/bro/site/local.bro, lines 26-31 and error: type clash for field &quot;path&quot; ((coerce [$name=kafka-dhcp-shew, $writer=Log::WRITER_KAFKAWRITER, $path=shew_bro_dhcp$&lt;error&gt; = table(topic_name = shew_bro_dhcp)] to Log::Filter) and error)</div></div><div><br></div><div>Am I doing something wrong?</div><div><br></div><div>Thanks,</div><div><br></div><div><br></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Apr 3, 2019 at 9:52 AM Arda Savran &lt;<a href="mailto:asavran@layerxtech.com" target="_blank">asavran@layerxtech.com</a>&gt; wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>I used the master. </div><div><br></div><div>I changed the beginning of my local.bro as follows and did a &quot;broctl check&quot; and &quot;broctl deploy&quot;:</div><div><br></div><div>#@load packages</div><div><br></div><div>#@load /usr/local/bro/lib/bro/plugins/packages/metron-bro-plugin-kafka/scripts/Apache/Kafka</div><div>#redef Kafka::send_all_active_logs = T;</div><div>#redef Kafka::tag_json = T;</div><div>#redef Kafka::kafka_conf = table([&quot;metadata.broker.list&quot;] = &quot;XX.XX.XX.XX:9092&quot;);</div><div><br></div><div>###########</div><div>###########</div><div><br></div><div>@load /usr/local/bro/lib/bro/plugins/packages/metron-bro-plugin-kafka/scripts/Apache/Kafka</div><div>redef Kafka::topic_name = &quot;&quot;;</div><div>redef Kafka::tag_json = T;</div><div>redef Kafka::debug = &quot;all&quot;;</div><div><br></div><div>event bro_init() &amp;priority=-10</div><div>{</div><div># handles DNS</div><div>local dns_filter: Log::Filter = [</div><div>$name = &quot;kafka-dns&quot;,</div><div>$writer = Log::WRITER_KAFKAWRITER,</div><div>$config = table([&quot;metadata.broker.list&quot;] = &quot;

XX.XX.XX.XX:9092&quot;),</div><div><b>$config = table([&quot;topic_name&quot;] = &quot;bro_dns&quot;),</b></div><div>$path = &quot;dns&quot;</div><div>];</div><div>Log::add_filter(DNS::LOG, dns_filter);</div><div>}</div><div><br></div><div>Still having no luck:</div><div><br></div><div><div>[root@localhost current]# tail -f stderr.log</div><div>%7|1554299460.116|CONNECT|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Connecting to ipv4#<a href="http://127.0.0.1:9092" target="_blank">127.0.0.1:9092</a> (plaintext) with socket 34</div><div>%7|1554299460.116|STATE|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Broker changed state DOWN -&gt; CONNECT</div><div>%7|1554299460.116|BROADCAST|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: Broadcasting state change</div><div>%7|1554299460.116|BROKERFAIL|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: failed: err: Local: Broker transport failure: (errno: Connection refused)</div><div>%7|1554299460.116|FAIL|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Connect to ipv4#<a href="http://127.0.0.1:9092" target="_blank">127.0.0.1:9092</a> failed: Connection refused</div><div>%7|1554299460.116|STATE|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Broker changed state CONNECT -&gt; DOWN</div><div>%7|1554299460.116|BROADCAST|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: Broadcasting state change</div><div>%7|1554299460.116|BUFQ|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Purging bufq with 0 buffers</div><div>%7|1554299460.116|BUFQ|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Updating 0 buffers on connection reset</div><div>%7|1554299460.116|RECONNECT|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Delaying next reconnect by 435ms</div><div>%7|1554299460.394|NOINFO|rdkafka#producer-1| [thrd:main]: Topic bro_dns partition count is zero: should refresh metadata</div><div>%7|1554299460.394|METADATA|rdkafka#producer-1| [thrd:main]: Skipping metadata refresh of 1 topic(s): no usable brokers</div><div>%7|1554299460.552|RECONNECT|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Delaying next reconnect by 276ms</div><div>%7|1554299460.827|CONNECT|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: broker in state DOWN connecting</div><div>%7|1554299460.827|CONNECT|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Connecting to ipv4#<a href="http://127.0.0.1:9092" target="_blank">127.0.0.1:9092</a> (plaintext) with socket 34</div><div>%7|1554299460.827|STATE|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Broker changed state DOWN -&gt; CONNECT</div><div>%7|1554299460.827|BROADCAST|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: Broadcasting state change</div><div>%7|1554299460.827|BROKERFAIL|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: failed: err: Local: Broker transport failure: (errno: Connection refused)</div><div>%7|1554299460.827|FAIL|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Connect to ipv4#<a href="http://127.0.0.1:9092" target="_blank">127.0.0.1:9092</a> failed: Connection refused</div><div>%7|1554299460.827|STATE|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Broker changed state CONNECT -&gt; DOWN</div><div>%7|1554299460.827|BROADCAST|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: Broadcasting state change</div><div>%7|1554299460.827|BUFQ|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Purging bufq with 0 buffers</div><div>%7|1554299460.827|BUFQ|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Updating 0 buffers on connection reset</div><div>%7|1554299461.394|NOINFO|rdkafka#producer-1| [thrd:main]: Topic bro_dns partition count is zero: should refresh metadata</div><div>%7|1554299461.394|METADATA|rdkafka#producer-1| [thrd:main]: Skipping metadata refresh of 1 topic(s): no usable brokers</div><div>%7|1554299461.827|CONNECT|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: broker in state DOWN connecting</div><div>%7|1554299461.828|CONNECT|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Connecting to ipv4#<a href="http://127.0.0.1:9092" target="_blank">127.0.0.1:9092</a> (plaintext) with socket 34</div><div>%7|1554299461.828|STATE|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Broker changed state DOWN -&gt; CONNECT</div><div>%7|1554299461.828|BROADCAST|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: Broadcasting state change</div><div>%7|1554299461.828|BROKERFAIL|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: failed: err: Local: Broker transport failure: (errno: Connection refused)</div><div>%7|1554299461.828|FAIL|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Connect to ipv4#<a href="http://127.0.0.1:9092" target="_blank">127.0.0.1:9092</a> failed: Connection refused</div><div>%7|1554299461.828|STATE|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Broker changed state CONNECT -&gt; DOWN</div><div>%7|1554299461.828|BROADCAST|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: Broadcasting state change</div><div>%7|1554299461.828|BUFQ|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Purging bufq with 0 buffers</div><div>%7|1554299461.829|BUFQ|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Updating 0 buffers on connection reset</div><div>%7|1554299461.829|RECONNECT|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Delaying next reconnect by 715ms</div></div><div><br></div><div><br></div><div>Do you have any other suggestions for me?</div><div><br></div><div>Thanks</div><div><br></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Apr 3, 2019 at 8:38 AM Zeolla@GMail.com &lt;<a href="mailto:zeolla@gmail.com" target="_blank">zeolla@gmail.com</a>&gt; wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr">Are you using master?  The easiest way to fix this is likely to add a key of &quot;topic_name&quot; and a value of &quot;dns&quot; to your $config table, similar to as shown <a href="https://github.com/apache/metron-bro-plugin-kafka#example-6---sending-a-log-to-multiple-topics" target="_blank">here</a>.  Please let me know if that works for you.<div><br></div><div><div>There is a known issue in master where the plugin is not falling back to use $path as the destination topic name, and I have a <a href="https://github.com/apache/metron-bro-plugin-kafka/pull/26" target="_blank">PR open</a> for it but unfortunately haven&#39;t had a lot of time to finish (it is just pending some btests - functionally it is done) and get that merged.<br clear="all"><div><div dir="ltr" class="gmail-m_-4497383537281550949gmail-m_2896324676486940702gmail-m_7613371031744150675gmail-m_-1498369062144051283m_613365343647410097gmail_signature"><br>- Jon Zeolla<br>Zeolla@GMail.Com</div></div><br></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Apr 2, 2019 at 11:37 AM Arda Savran &lt;<a href="mailto:asavran@layerxtech.com" target="_blank">asavran@layerxtech.com</a>&gt; wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hello folks:<div><br></div><div>I have successfully been able to send everything to a remote single Kafka Topic from a local Bro machine and following is my local.bro file to make that happen:</div><div><br></div><div><div><b>##! Local site policy. Customize as appropriate.</b></div><div><b>##!</b></div><div><b>##! This file will not be overwritten when upgrading or reinstalling!</b></div><div><b><br></b></div><div><b>#@load packages</b></div><div><b><br></b></div><div><b>@load /usr/local/bro/lib/bro/plugins/packages/metron-bro-plugin-kafka/scripts/Apache/Kafka</b></div><div><b>redef Kafka::send_all_active_logs = T;</b></div><div><b>redef Kafka::tag_json = T;</b></div><div><b>redef Kafka::kafka_conf = table([&quot;metadata.broker.list&quot;] = &quot;XX.XX.XX.XX:9092&quot;);</b></div><div><br></div><div>However, when I change that to write logs to their individual Kafka topics I get an error message under stderr.log. Following is my updated local.bro:</div><div><br></div><div><div><b>##! Local site policy. Customize as appropriate.</b></div><div><b>##!</b></div><div><b>##! This file will not be overwritten when upgrading or reinstalling!</b></div><div><b><br></b></div><div><b>#@load packages</b></div><div><b><br></b></div><div><b>#@load /usr/local/bro/lib/bro/plugins/packages/metron-bro-plugin-kafka/scripts/Apache/Kafka</b></div><div><b>#redef Kafka::send_all_active_logs = T;</b></div><div><b>#redef Kafka::tag_json = T;</b></div><div><b>#redef Kafka::kafka_conf = table([&quot;metadata.broker.list&quot;] = &quot;XX.XX.XX.XX:9092&quot;);</b></div><div><b><br></b></div><div><b>###########</b></div><div><b>###########</b></div><div><b><br></b></div><div><b>@load /usr/local/bro/lib/bro/plugins/packages/metron-bro-plugin-kafka/scripts/Apache/Kafka</b></div><div><b>redef Kafka::topic_name = &quot;&quot;;</b></div><div><b>redef Kafka::tag_json = T;</b></div><div><b>redef Kafka::debug = &quot;all&quot;;</b></div><div><b><br></b></div><div><b>event bro_init() &amp;priority=-10</b></div><div><b>{</b></div><div><b># handles DNS</b></div><div><b>local dns_filter: Log::Filter = [</b></div><div><b>$name = &quot;kafka-dns&quot;,</b></div><div><b>$writer = Log::WRITER_KAFKAWRITER,</b></div><div><b>$config = table([&quot;metadata.broker.list&quot;] = &quot;XX.XX.XX.XX:9092&quot;),</b></div><div><b>$path = &quot;dns&quot;</b></div><div><b>];</b></div><div><b>Log::add_filter(DNS::LOG, dns_filter);</b></div><div><b>}</b></div><div><b><br></b></div><div><b>###########</b></div><div><b>###########</b></div></div><div><br></div></div><div>I enter &quot;broctl check&quot; and &quot;broctl deploy&quot; after that; but get the following:</div><div><br></div><div><div>[root@localhost current]# tail -f stderr.log</div><div>%7|1554218121.957|STATE|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Broker changed state DOWN -&gt; CONNECT</div><div>%7|1554218121.957|BROADCAST|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: Broadcasting state change</div><div>%7|1554218121.957|BROKERFAIL|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: failed: err: Local: Broker transport failure: (errno: Connection refused)</div><div>%7|1554218121.957|FAIL|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Connect to ipv4#<a href="http://127.0.0.1:9092" target="_blank">127.0.0.1:9092</a> failed: Connection refused</div><div>%7|1554218121.957|STATE|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Broker changed state CONNECT -&gt; DOWN</div><div>%7|1554218121.957|BROADCAST|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: Broadcasting state change</div><div>%7|1554218121.957|BUFQ|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Purging bufq with 0 buffers</div><div>%7|1554218121.957|BUFQ|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Updating 0 buffers on connection reset</div><div>%7|1554218122.309|NOINFO|rdkafka#producer-1| [thrd:main]: Topic  partition count is zero: should refresh metadata</div><div>%7|1554218122.309|METADATA|rdkafka#producer-1| [thrd:main]: Skipping metadata refresh of 1 topic(s): no usable brokers</div><div>%7|1554218122.957|CONNECT|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: broker in state DOWN connecting</div><div>%7|1554218122.958|CONNECT|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Connecting to ipv4#<a href="http://127.0.0.1:9092" target="_blank">127.0.0.1:9092</a> (plaintext) with socket 29</div><div>%7|1554218122.958|STATE|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Broker changed state DOWN -&gt; CONNECT</div><div>%7|1554218122.958|BROADCAST|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: Broadcasting state change</div><div>%7|1554218122.958|BROKERFAIL|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: failed: err: Local: Broker transport failure: (errno: Connection refused)</div><div>%7|1554218122.958|FAIL|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Connect to ipv4#<a href="http://127.0.0.1:9092" target="_blank">127.0.0.1:9092</a> failed: Connection refused</div><div>%7|1554218122.958|STATE|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Broker changed state CONNECT -&gt; DOWN</div><div>%7|1554218122.958|BROADCAST|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: Broadcasting state change</div><div>%7|1554218122.958|BUFQ|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Purging bufq with 0 buffers</div><div>%7|1554218122.958|BUFQ|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Updating 0 buffers on connection reset</div><div>%7|1554218122.958|RECONNECT|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Delaying next reconnect by 301ms</div><div>%7|1554218123.259|RECONNECT|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Delaying next reconnect by 53ms</div><div>%7|1554218123.309|NOINFO|rdkafka#producer-1| [thrd:main]: Topic  partition count is zero: should refresh metadata</div></div><div><br></div><div>Yes, I have iptables enabled on the local bro machine but it works with the first configuration option file. How come bro thinks that the kafka broker is local. It is supposed to send the messages to XX.XX.XX.XX.</div><div><br></div><div>Thanks in advance.</div><div><br></div></div></div></div></div></div></div>
_______________________________________________<br>
Zeek mailing list<br>
<a href="mailto:zeek@zeek.org" target="_blank">zeek@zeek.org</a><br>
<a href="http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek" rel="noreferrer" target="_blank">http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek</a></blockquote></div>
</blockquote></div>
</blockquote></div>
</blockquote></div>