Github user nickwallen commented on the pull request:
https://github.com/apache/incubator-metron/pull/17#issuecomment-180056871
The values in `bro-plugin-kafka/scripts/init.bro` are merely defaults.
They could even be completely removed from there. I just find them useful so
that a user doesn't have to define all of the configuration values all of the
time. For example a user will rarely want to change `max_wait_on_delivery`.
The way to configure the kafka broker and topic name as a user of this
plugin is described in the README. You define these in your
`.../site/local.bro` script so that it looks something like the following:
```
@load Metron/Kafka/logs-to-kafka.bro
redef Kafka::logs_to_send = set(Conn::LOG, HTTP::LOG, DNS::LOG);
redef Kafka::kafka_broker_list = "localhost:9092";
redef Kafka::topic_name = "bro";
```
As an example, you can see how the Ansible scripts configure these values
in `deployment/roles/bro/tasks/bro-plugin-kafka.yml`.
```
- name: Configure bro plugin
lineinfile:
dest: /usr/local/bro/share/bro/site/local.bro
line: "{{ item }}"
with_items:
- "@load Metron/Kafka/logs-to-kafka.bro"
- "redef Kafka::logs_to_send = set(HTTP::LOG, DNS::LOG);"
- "redef Kafka::kafka_broker_list = \"{{ kafka_broker_url }}\";"
- "redef Kafka::topic_name = \"{{ bro_topic }}\";"
```
Good eye. Does that make sense?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
