<div class="socmaildefaultfont" dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10pt" ><div dir="ltr" >Howdy,</div>
<div dir="ltr" > </div>
<div dir="ltr" >I'm currently using the latest kafka package manager on Bro 3.0.2. The plugin is configured to send to two kafka brokers. Unfortunately, it seems to work for some time and then quietly stops sending to the second broker.</div>
<div dir="ltr" > </div>
<div dir="ltr" >Here's my zeek config for kafka:</div>
<div dir="ltr" > </div>
<div dir="ltr" ><div><span style="font-family:Courier New,Courier,monospace;" >@load packages/metron-bro-plugin-kafka<br>redef Kafka::topic_name = "";<br>redef Kafka::kafka_conf = table(<br> ["metadata.broker.list"] = "broker1:9092, broker2:9092"<br>);</span></div>
<div><br><span style="font-family:Courier New,Courier,monospace;" >event zeek_init()<br>{<br> local protocol_list = table(<br> ["conn" ] = Conn::LOG,<br> ["dhcp" ] = DHCP::LOG,<br> ["dns" ] = DNS::LOG,<br> ["ftp" ] = <a href="FTP::LOG" >FTP::LOG</a>,<br> ["http"] = <a href="HTTP::LOG" >HTTP::LOG</a>,<br> ["ssl"] = SSL::LOG,<br> ["x509"] = X509::LOG<br> );</span></div>
<div><span style="font-family:Courier New,Courier,monospace;" > for (proto, log_id in protocol_list ) {<br> local this_filter: Log::Filter = [<br> $name = "kafka-" + proto,<br> $writer = Log::WRITER_KAFKAWRITER,<br> $config = table(<br> ["metadata.broker.list"] = "broker1:9092, broker2:9092"<br> ),<br> $path = proto<br> ];<br> Log::add_filter(log_id, this_filter);<br> }<br>}</span></div>
<div> </div>
<div> </div></div>
<div dir="ltr" >Does anyone see anything wrong with my config? It works fine for a single broker.</div>
<div dir="ltr" > </div>
<div dir="ltr" >I notice the failure since all the netstat entries disappear for broker2, and it stops receiving data. Broker1 is fine.</div>
<div dir="ltr" > </div>
<div dir="ltr" >Thanks,</div>
<div dir="ltr" > </div>
<div dir="ltr" >-Erich</div></div><BR>