-
Type:
Improvement
-
Status: Done
-
Priority:
Critical
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: None
-
Labels:
Create a Bro plugin that will consume the logs produced by Bro and send them directly to a Kafka topic. The types of logs to send should be configurable, so that only a subset of them are published to Kafka. For example, I may only want DNS::LOG and HTTP::LOG sent to Kafka. This should not interfere with the existing file based logging which is useful for diagnostics and troubleshooting.
The alternative solution to creating this Bro plugin is to use some means of tailing the log files that are generated by Bro. Each stream in Bro is logged to a separate file, so you'd have to tail each of these files independently. Tailing log files like this is problematic.
