subject:"Re\: metron\-bro\-plugin kafka"

Re: metron-bro-plugin kafka

2018-02-13 Thread bharath phatak

Thanks Jon. I will try this out.
Appreciate your response.

On Wed, Feb 14, 2018, 12:08 AM zeo...@gmail.com  wrote:

> Okay, great.  It's possible that you need to do something like the
> following to get known devices:
>
>  echo "redef Software::asset_tracking = ALL_HOSTS;" >>
> /usr/local/bro/share/bro/site/local.bro
>
> These snippets are from my testing instructions related to adding support
> for bro 2.5.2 logs (link ).
> They should find their way into the plugin README eventually.
>
> Jon
>
> On Tue, Feb 13, 2018 at 6:35 AM bharath phatak 
> wrote:
>
> > Hi Jon,
> >
> > Other than Known::DEVICES_LOG rest all worked.
> >
> > Thanks,
> > Bharath
> > On Tue, Feb 13, 2018, 4:15 PM zeo...@gmail.com  wrote:
> >
> > > Try
> > >
> > > redef Kafka::logs_to_send = set(HTTP::LOG, DNS::LOG, Conn::LOG,
> DPD::LOG,
> > > FTP::LOG, Files::LOG, Known::CERTS_LOG, SMTP::LOG, SSL::LOG,
> Weird::LOG,
> > > Notice::LOG, DHCP::LOG, SSH::LOG, Software::LOG, RADIUS::LOG,
> X509::LOG,
> > > Known::DEVICES_LOG, RFB::LOG, Stats::LOG, CaptureLoss::LOG, SIP::LOG);
> > >
> > > Note that you usually wouldn't want to send reporter.log, as that's
> where
> > > errors get sent and it could become an infinite loop.
> > >
> > > Jon
> > >
> > > On Tue, Feb 13, 2018, 05:26 bharath phatak 
> > > wrote:
> > >
> > > > Hi Team,
> > > >
> > > > Can some one help me out on the list of
> > > > redef Kafka::logs_to_send values?
> > > >
> > > > I want to push all logs generated by bro to Kafka.
> > > >
> > > > I tried adding log file name but getting bro is crashing
> > > >
> > > > Ex weird::LOG, Files::LOG
> > > >
> > > > Thanks,
> > > > Bharath
> > > >
> > >
> > >
> > > --
> > >
> > > Jon
> > >
> >
> --
>
> Jon
>

Re: metron-bro-plugin kafka

2018-02-13 Thread zeo...@gmail.com

Okay, great.  It's possible that you need to do something like the
following to get known devices:

 echo "redef Software::asset_tracking = ALL_HOSTS;" >>
/usr/local/bro/share/bro/site/local.bro

These snippets are from my testing instructions related to adding support
for bro 2.5.2 logs (link ).
They should find their way into the plugin README eventually.

Jon

On Tue, Feb 13, 2018 at 6:35 AM bharath phatak 
wrote:

> Hi Jon,
>
> Other than Known::DEVICES_LOG rest all worked.
>
> Thanks,
> Bharath
> On Tue, Feb 13, 2018, 4:15 PM zeo...@gmail.com  wrote:
>
> > Try
> >
> > redef Kafka::logs_to_send = set(HTTP::LOG, DNS::LOG, Conn::LOG, DPD::LOG,
> > FTP::LOG, Files::LOG, Known::CERTS_LOG, SMTP::LOG, SSL::LOG, Weird::LOG,
> > Notice::LOG, DHCP::LOG, SSH::LOG, Software::LOG, RADIUS::LOG, X509::LOG,
> > Known::DEVICES_LOG, RFB::LOG, Stats::LOG, CaptureLoss::LOG, SIP::LOG);
> >
> > Note that you usually wouldn't want to send reporter.log, as that's where
> > errors get sent and it could become an infinite loop.
> >
> > Jon
> >
> > On Tue, Feb 13, 2018, 05:26 bharath phatak 
> > wrote:
> >
> > > Hi Team,
> > >
> > > Can some one help me out on the list of
> > > redef Kafka::logs_to_send values?
> > >
> > > I want to push all logs generated by bro to Kafka.
> > >
> > > I tried adding log file name but getting bro is crashing
> > >
> > > Ex weird::LOG, Files::LOG
> > >
> > > Thanks,
> > > Bharath
> > >
> >
> >
> > --
> >
> > Jon
> >
>
-- 

Jon

Re: metron-bro-plugin kafka

2018-02-13 Thread bharath phatak

Hi Jon,

Other than Known::DEVICES_LOG rest all worked.

Thanks,
Bharath
On Tue, Feb 13, 2018, 4:15 PM zeo...@gmail.com  wrote:

> Try
>
> redef Kafka::logs_to_send = set(HTTP::LOG, DNS::LOG, Conn::LOG, DPD::LOG,
> FTP::LOG, Files::LOG, Known::CERTS_LOG, SMTP::LOG, SSL::LOG, Weird::LOG,
> Notice::LOG, DHCP::LOG, SSH::LOG, Software::LOG, RADIUS::LOG, X509::LOG,
> Known::DEVICES_LOG, RFB::LOG, Stats::LOG, CaptureLoss::LOG, SIP::LOG);
>
> Note that you usually wouldn't want to send reporter.log, as that's where
> errors get sent and it could become an infinite loop.
>
> Jon
>
> On Tue, Feb 13, 2018, 05:26 bharath phatak 
> wrote:
>
> > Hi Team,
> >
> > Can some one help me out on the list of
> > redef Kafka::logs_to_send values?
> >
> > I want to push all logs generated by bro to Kafka.
> >
> > I tried adding log file name but getting bro is crashing
> >
> > Ex weird::LOG, Files::LOG
> >
> > Thanks,
> > Bharath
> >
>
>
> --
>
> Jon
>

Re: metron-bro-plugin kafka

2018-02-13 Thread zeo...@gmail.com

Try

redef Kafka::logs_to_send = set(HTTP::LOG, DNS::LOG, Conn::LOG, DPD::LOG,
FTP::LOG, Files::LOG, Known::CERTS_LOG, SMTP::LOG, SSL::LOG, Weird::LOG,
Notice::LOG, DHCP::LOG, SSH::LOG, Software::LOG, RADIUS::LOG, X509::LOG,
Known::DEVICES_LOG, RFB::LOG, Stats::LOG, CaptureLoss::LOG, SIP::LOG);

Note that you usually wouldn't want to send reporter.log, as that's where
errors get sent and it could become an infinite loop.

Jon

On Tue, Feb 13, 2018, 05:26 bharath phatak  wrote:

> Hi Team,
>
> Can some one help me out on the list of
> redef Kafka::logs_to_send values?
>
> I want to push all logs generated by bro to Kafka.
>
> I tried adding log file name but getting bro is crashing
>
> Ex weird::LOG, Files::LOG
>
> Thanks,
> Bharath
>


-- 

Jon

Re: metron-bro-plugin kafka

Re: metron-bro-plugin kafka

Re: metron-bro-plugin kafka

Re: metron-bro-plugin kafka

4 matches

Site Navigation

Mail list logo

Footer information