[jira] [Commented] (METRON-1866) Improve metron-bro-plugin-kafka documentation

Fri, 09 Nov 2018 14:57:33 -0800 


    [ 
https://issues.apache.org/jira/browse/METRON-1866?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16682037#comment-16682037
 ] 

ASF GitHub Bot commented on METRON-1866:
----------------------------------------

Github user nickwallen commented on a diff in the pull request:

    
https://github.com/apache/metron-bro-plugin-kafka/pull/17#discussion_r232417353
  
    --- Diff: README.md ---
    @@ -145,23 +217,35 @@ event bro_init() &priority=-5
     
     #### Notes
      * `logs_to_send` is mutually exclusive with `$pred`, thus for each log 
you want to set `$pred` on, you must individually setup a `Log::add_filter` and 
refrain from including that log in `logs_to_send`.
    + * In Bro 2.5.x the bro project introduced a [logger 
function](https://www.bro.org/sphinx/cluster/index.html#logger) which removes 
the logging functions from the manager thread, and taking advantage of that is 
highly recommended.  If you are running this plugin on Bro 2.4.x, you may 
encounter issues where the manager thread is taking on too much responsibility 
and pinning a single CPU core without the ability to spread the load across 
additional cores.  In this case, it may be in your best interest to prefer 
using a bro logging predicate over filtering in your Metron cluster [using 
Stellar](https://github.com/apache/metron/tree/master/metron-stellar/stellar-common)
 in order to lessen the load of that thread.
      * You can also filter IPv6 logs from within your Metron cluster [using 
Stellar](https://github.com/apache/metron/tree/master/metron-stellar/stellar-common#is_ip).
  In that case, you wouldn't apply a predicate in your bro configuration, and 
instead Stellar would filter the logs out before they were processed by the 
enrichment layer of Metron.
      * It is also possible to use the `is_v6_subnet()` bro function in your 
predicate, as of their [2.5 
release](https://www.bro.org/sphinx-git/install/release-notes.html#bro-2-5), 
however the above example should work on [bro 
2.4](https://www.bro.org/sphinx-git/install/release-notes.html#bro-2-4) and 
newer, which has been the focus of the kafka plugin.
     
     ## Settings
     
    -### `kafka_conf`
    +### `logs_to_send`
    --- End diff --
    
    Nevermind.  You're wanting to preceed this with #2


> Improve metron-bro-plugin-kafka documentation
> ---------------------------------------------
>
>                 Key: METRON-1866
>                 URL: https://issues.apache.org/jira/browse/METRON-1866
>             Project: Metron
>          Issue Type: Task
>            Reporter: Jon Zeolla
>            Priority: Major
>




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to