JonZeolla edited a comment on issue #23: [DEPENDS ON METRON-1910] METRON-1992: Support sending a log to multiple topics URL: https://github.com/apache/metron-bro-plugin-kafka/pull/23#issuecomment-461897366 By the way, I found the following patch to `docker/in_docker_scripts/configure_bro_plugin.sh` helpful when validating this works via docker. ``` { echo "@load packages" echo "redef Kafka::logs_to_send = set(HTTP::LOG, DNS::LOG, Conn::LOG, DPD::LOG, FTP::LOG, Files::LOG, Known::CERTS_LOG, SMTP::LOG, SSL::LOG, Weird::LOG, Notice::LOG, DHCP::LOG, SSH::LOG, Software::LOG, RADIUS::LOG, X509::LOG, Known::DEVICES_LOG, RFB::LOG, Stats::LOG, CaptureLoss::LOG, SIP::LOG);" - echo "redef Kafka::topic_name = \"bro\";" + echo "redef Kafka::topic_name = \"notbro\";" echo "redef Kafka::tag_json = T;" echo "redef Kafka::kafka_conf = table([\"metadata.broker.list\"] = \"kafka:9092\");" echo "redef Kafka::logs_to_exclude = set(Conn::LOG, DHCP::LOG);" echo "redef Known::cert_tracking = ALL_HOSTS;" echo "redef Software::asset_tracking = ALL_HOSTS;" + echo 'event bro_init() &priority=-10 +{ + # Also send RADIUS to the bro topic + local shew_radius_filter: Log::Filter = [ + $name = "kafka-radius-shew", + $writer = Log::WRITER_KAFKAWRITER, + $path = "shew_bro_radius", + $config = table(["topic_name"] = "bro") + ]; + Log::add_filter(RADIUS::LOG, shew_radius_filter); +}' } >> /usr/local/bro/share/bro/site/local.bro ```
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
