[Bro] send all logs to kafka

tkg_cangkul yuza.rasfar at gmail.com
Mon Apr 3 07:49:53 PDT 2017 

Sorry,

i've missed to answer your question before .
This is all of my config to bro-kafka .

*@load Bro/Kafka/logs-to-kafka.bro
redef Kafka::logs_to_send = set(HTTP::LOG, DNS::LOG, CONN::LOG, 
Known::ServicesInfo, Weird::LOG, Notice::LOG, SSH::LOG, SMTP::LOG, 
DHCP::LOG);
redef Kafka::topic_name = "bro";
redef Kafka::tag_json = T;
redef Kafka::kafka_conf = table(["metadata.broker.list"] = "hostname:6667");

*I can verifying that they are getting onto kafka or not by using this 
command :

*bin/kafka-console-consumer.sh --bootstrap-server hostname:6667 --topic 
bro --from-beginning |grep weird*

On 03/04/17 21:15, Youzha wrote:
> hi Zeolla,
>
> yeah i sending all the logs to the same topic (bro topic).
>
> maybe i do something wrong about the writing of config *set(HTTP::LOG, 
> DNS::LOG, CONN::LOG, Known::SERVICES_LOG, Weird::LOG, Notice::LOG); ?*
> *
> *
> *maybe there are case sensitive words? or anything else? can you give 
> me some lists of the logs that i can use?
> *
>
>
> On Mon, Apr 3, 2017 at 8:03 PM Zeolla at GMail.com <zeolla at gmail.com 
> <mailto:zeolla at gmail.com>> wrote:
>
>     Are you sending all of those logs to the same topic?  Some of your
>     kafka-related bro configs are missing in the above email, can you
>     send everything? For
>     instance, Kafka::kafka_conf, Kafka::topic_name (if used), etc.
>
>     How are you verifying that they are properly getting onto kafka? 
>     I've never sent anything other than http, conn, and dns to kafka
>     before, but I feel like that should work.  I could be wrong.
>
>     Jon
>
>     On Mon, Apr 3, 2017 at 3:17 AM tkg_cangkul <yuza.rasfar at gmail.com
>     <mailto:yuza.rasfar at gmail.com>> wrote:
>
>         hi,
>
>         i'm trying to using bro kafka plugin to send the bro logs into
>         kafka.
>         i've a problem to send all the logs type to kafka.
>
>         i've set this into my local.bro :
>
>         *@load Bro/Kafka/logs-to-kafka.bro
>         redef Kafka::logs_to_send = set(HTTP::LOG, DNS::LOG,
>         CONN::LOG, Known::SERVICES_LOG, Weird::LOG, Notice::LOG);
>
>         *but when i check on kafka topic. there are only *http, conn,
>         & dns*.
>         i've check in my bro logs dir and there are so many types of log.
>
>
>
>         is there any config that i missed?
>         pls help.
>
>         Best Regards,
>
>         Tukang_Cangkul
>
>         _______________________________________________
>         Bro mailing list
>         bro at bro-ids.org <mailto:bro at bro-ids.org>
>         http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>     -- 
>
>     Jon
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170403/77232fda/attachment.html

More information about the Bro mailing list