Uploaded image for project: 'Metron (Retired)'
  1. Metron (Retired)
  2. METRON-25

Create Bro Plugin to Send Logs Directly to Kafka

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Done
    • Priority: Critical
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:

      Description

      Create a Bro plugin that will consume the logs produced by Bro and send them directly to a Kafka topic. The types of logs to send should be configurable, so that only a subset of them are published to Kafka. For example, I may only want DNS::LOG and HTTP::LOG sent to Kafka. This should not interfere with the existing file based logging which is useful for diagnostics and troubleshooting.

      The alternative solution to creating this Bro plugin is to use some means of tailing the log files that are generated by Bro. Each stream in Bro is logged to a separate file, so you'd have to tail each of these files independently. Tailing log files like this is problematic.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              nickwallen Nick Allen
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 48h
                48h
                Remaining:
                Remaining Estimate - 48h
                48h
                Logged:
                Time Spent - Not Specified
                Not Specified