[Bro] send all logs to kafka
yuza.rasfar at gmail.com
Mon Apr 3 07:49:53 PDT 2017
i've missed to answer your question before .
This is all of my config to bro-kafka .
redef Kafka::logs_to_send = set(HTTP::LOG, DNS::LOG, CONN::LOG,
Known::ServicesInfo, Weird::LOG, Notice::LOG, SSH::LOG, SMTP::LOG,
redef Kafka::topic_name = "bro";
redef Kafka::tag_json = T;
redef Kafka::kafka_conf = table(["metadata.broker.list"] = "hostname:6667");
*I can verifying that they are getting onto kafka or not by using this
*bin/kafka-console-consumer.sh --bootstrap-server hostname:6667 --topic
bro --from-beginning |grep weird*
On 03/04/17 21:15, Youzha wrote:
> hi Zeolla,
> yeah i sending all the logs to the same topic (bro topic).
> maybe i do something wrong about the writing of config *set(HTTP::LOG,
> DNS::LOG, CONN::LOG, Known::SERVICES_LOG, Weird::LOG, Notice::LOG); ?*
> *maybe there are case sensitive words? or anything else? can you give
> me some lists of the logs that i can use?
> On Mon, Apr 3, 2017 at 8:03 PM Zeolla at GMail.com <zeolla at gmail.com
> <mailto:zeolla at gmail.com>> wrote:
> Are you sending all of those logs to the same topic? Some of your
> kafka-related bro configs are missing in the above email, can you
> send everything? For
> instance, Kafka::kafka_conf, Kafka::topic_name (if used), etc.
> How are you verifying that they are properly getting onto kafka?
> I've never sent anything other than http, conn, and dns to kafka
> before, but I feel like that should work. I could be wrong.
> On Mon, Apr 3, 2017 at 3:17 AM tkg_cangkul <yuza.rasfar at gmail.com
> <mailto:yuza.rasfar at gmail.com>> wrote:
> i'm trying to using bro kafka plugin to send the bro logs into
> i've a problem to send all the logs type to kafka.
> i've set this into my local.bro :
> *@load Bro/Kafka/logs-to-kafka.bro
> redef Kafka::logs_to_send = set(HTTP::LOG, DNS::LOG,
> CONN::LOG, Known::SERVICES_LOG, Weird::LOG, Notice::LOG);
> *but when i check on kafka topic. there are only *http, conn,
> & dns*.
> i've check in my bro logs dir and there are so many types of log.
> is there any config that i missed?
> pls help.
> Best Regards,
> Bro mailing list
> bro at bro-ids.org <mailto:bro at bro-ids.org>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro