[Bro] send all logs to kafka
Youzha
yuza.rasfar at gmail.com
Mon Apr 3 07:15:26 PDT 2017
hi Zeolla,
yeah i sending all the logs to the same topic (bro topic).
maybe i do something wrong about the writing of config *set(HTTP::LOG,
DNS::LOG, CONN::LOG, Known::SERVICES_LOG, Weird::LOG, Notice::LOG); ?*
*maybe there are case sensitive words? or anything else? can you give me
some lists of the logs that i can use? *
On Mon, Apr 3, 2017 at 8:03 PM Zeolla at GMail.com <zeolla at gmail.com> wrote:
> Are you sending all of those logs to the same topic? Some of your
> kafka-related bro configs are missing in the above email, can you send
> everything? For instance, Kafka::kafka_conf, Kafka::topic_name (if used),
> etc.
>
> How are you verifying that they are properly getting onto kafka? I've
> never sent anything other than http, conn, and dns to kafka before, but I
> feel like that should work. I could be wrong.
>
> Jon
>
> On Mon, Apr 3, 2017 at 3:17 AM tkg_cangkul <yuza.rasfar at gmail.com> wrote:
>
> hi,
>
> i'm trying to using bro kafka plugin to send the bro logs into kafka.
> i've a problem to send all the logs type to kafka.
>
> i've set this into my local.bro :
>
>
>
>
> *@load Bro/Kafka/logs-to-kafka.bro redef Kafka::logs_to_send =
> set(HTTP::LOG, DNS::LOG, CONN::LOG, Known::SERVICES_LOG, Weird::LOG,
> Notice::LOG); *but when i check on kafka topic. there are only *http,
> conn, & dns*.
> i've check in my bro logs dir and there are so many types of log.
>
>
>
> is there any config that i missed?
> pls help.
>
> Best Regards,
>
> Tukang_Cangkul
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
> --
>
> Jon
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170403/7c82fabb/attachment.html
More information about the Bro
mailing list