[Bro] send all logs to kafka

[Zeolla@GMail.com]

Are you sending all of those logs to the same topic?  Some of your
kafka-related bro configs are missing in the above email, can you send
everything?  For instance, Kafka::kafka_conf, Kafka::topic_name (if used),
etc.

How are you verifying that they are properly getting onto kafka?  I've
never sent anything other than http, conn, and dns to kafka before, but I
feel like that should work.  I could be wrong.

Jon

On Mon, Apr 3, 2017 at 3:17 AM tkg_cangkul <yuza.rasfar at gmail.com> wrote:

> hi,
>
> i'm trying to using bro kafka plugin to send the bro logs into kafka.
> i've a problem to send all the logs type to kafka.
>
> i've set this into my local.bro :
>
>
>
>
> *@load Bro/Kafka/logs-to-kafka.bro redef Kafka::logs_to_send =
> set(HTTP::LOG, DNS::LOG, CONN::LOG, Known::SERVICES_LOG, Weird::LOG,
> Notice::LOG); *but when i check on kafka topic. there are only *http,
> conn, & dns*.
> i've check in my bro logs dir and there are so many types of log.
>
>
>
> is there any config that i missed?
> pls help.
>
> Best Regards,
>
> Tukang_Cangkul
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

-- 

Jon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170403/aa8df793/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screenshot from 2017-04-03 14:08:41.png
Type: image/png
Size: 10553 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170403/aa8df793/attachment-0002.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screenshot from 2017-04-03 14:08:41.png
Type: image/png
Size: 10553 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170403/aa8df793/attachment-0003.bin