You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@metron.apache.org by GitBox <gi...@apache.org> on 2019/02/12 20:21:01 UTC

[GitHub] JonZeolla edited a comment on issue #23: [DEPENDS ON METRON-1910] METRON-1992: Support sending a log to multiple topics

JonZeolla edited a comment on issue #23: [DEPENDS ON METRON-1910] METRON-1992: Support sending a log to multiple topics
URL: https://github.com/apache/metron-bro-plugin-kafka/pull/23#issuecomment-461897366
 
 
   By the way, I found the following helpful when validating this works via docker.
   ```
   diff --git a/docker/in_docker_scripts/configure_bro_plugin.sh b/docker/in_docker_scripts/configure_bro_plugin.sh
   index 74551c2..7eb2c2c 100755
   --- a/docker/in_docker_scripts/configure_bro_plugin.sh
   +++ b/docker/in_docker_scripts/configure_bro_plugin.sh
   @@ -29,12 +29,22 @@ echo "Configuring kafka plugin"
    {
      echo "@load packages"
      echo "redef Kafka::logs_to_send = set(HTTP::LOG, DNS::LOG, Conn::LOG, DPD::LOG, FTP::LOG, Files::LOG, Known::CERTS_LOG, SMTP::LOG, SSL::LOG, Weird::LOG, Notice::LOG, DHCP::LOG, SSH::LOG, Software::LOG, RADIUS::LOG, X509::LOG, Known::DEVICES_LOG, RFB::LOG, Stats::LOG, CaptureLoss::LOG, SIP::LOG);"
   -  echo "redef Kafka::topic_name = \"bro\";"
   +  echo "redef Kafka::topic_name = \"notbro\";"
      echo "redef Kafka::tag_json = T;"
      echo "redef Kafka::kafka_conf = table([\"metadata.broker.list\"] = \"kafka:9092\");"
      echo "redef Kafka::logs_to_exclude = set(Conn::LOG, DHCP::LOG);"
      echo "redef Known::cert_tracking = ALL_HOSTS;"
      echo "redef Software::asset_tracking = ALL_HOSTS;"
   +  echo 'event bro_init() &priority=-10
   +{
   +    # Also send RADIUS to the bro topic
   +    local shew_radius_filter: Log::Filter = [
   +        $name = "kafka-radius-shew",
   +        $writer = Log::WRITER_KAFKAWRITER,
   +        $path = "shew_bro_radius",
   +        $config = table(["topic_name"] = "bro")
   +    ];
   +    Log::add_filter(RADIUS::LOG, shew_radius_filter);
   +}'
    } >> /usr/local/bro/share/bro/site/local.bro
   
    sed -i '86 a @load policy/protocols/dhcp/known-devices-and-hostnames.bro' /usr/local/bro/share/bro/site/local.bro
   ```

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services