[jira] [Comment Edited] (METRON-348) bro-plugin-kafka is missing an important update

Wed, 02 Nov 2016 13:52:28 -0700 

    [ 
https://issues.apache.org/jira/browse/METRON-348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15630450#comment-15630450
 ] 

Jon Zeolla edited comment on METRON-348 at 11/2/16 8:51 PM:
------------------------------------------------------------

After working with some of the bro devs I was able to validate that there's not 
a way for the for loop approach used before to work if you need a predicate to 
filter IPv6 traffic.  See attached (logs-to-kafka2.bro) for a method to send 
Conn, DNS, and HTTP traffic to Metron and have an IPv6 traffic filter.


was (Author: [email protected]):
After working with some of the bro devs I was able to validate that there's not 
a way for the for loop approach used before to work if you need a predicate to 
filter IPv6 traffic.  See attached for a method to send Conn, DNS, and HTTP 
traffic to Metron and have an IPv6 traffic filter.

> bro-plugin-kafka is missing an important update
> -----------------------------------------------
>
>                 Key: METRON-348
>                 URL: https://issues.apache.org/jira/browse/METRON-348
>             Project: Metron
>          Issue Type: Bug
>            Reporter: Jon Zeolla
>         Attachments: logs-to-kafka.bro, logs-to-kafka2.bro
>
>   Original Estimate: 2h
>  Remaining Estimate: 2h
>
> Metron's bro-plugin-kafka 
> (https://github.com/apache/incubator-metron/tree/master/metron-sensors/bro-plugin-kafka)
>  is missing an important update 
> (https://github.com/bro/bro-plugins/commit/b9f1f35415cb0db065348da0a5043a8353b4a0a8).
>   I have opened a ticket with the bro devs in order to seek a long term 
> resolution to this issue (https://github.com/bro/bro-plugins/issues/31).  
> My suggestion was to have the bro team update the bro/bro-plugins repo to 
> turn folders (plugins) into individual branches so that they could be 
> referenced and updated easily in Metron and other projects as a submodule.  I 
> was going to wait to hear back before filing a PR, but I'm not against a 
> short term fix of simply updating kafka/src/KafkaWriter.cc and 
> kafka/src/KafkaWriter.h.  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to