Hello folks:
I just installed zeek from source on a CentOS7.5 platform. Everything works fine. I can confirm that the logs are getting populated with http, dns etc. data.
I am trying to write the data to a remote Kafka topic. I believe I compiled everything correctly based on the following link: https://packages.zeek.org/packages/view/7388aa77-4fb7-11e8-88be-0a645a3f3086
And I am getting the expected return when I execute:
$ bro -N Apache::Kafka
Apache::Kafka - Writes logs to Kafka (dynamic, version 0.3)
Next, I edited /usr/local/bro/share/bro/site/local.bro and appended the following:
@load packages/metron-bro-plugin-kafka/Apache/Kafka redef Kafka::logs_to_send = set(HTTP::LOG, DNS::LOG); redef Kafka::kafka_conf = table( [“metadata.broker.list”] = “XX.XX.XX.XX:9092” );
Unfortunately, this part doesn’t work:
[root@localhost scripts]# broctl check
Warning: broctl config has changed (run the broctl “deploy” command)
bro scripts failed.
fatal error in /usr/local/bro/share/bro/site/local.bro, line 7: can’t find packages/metron-bro-plugin-kafka/Apache/Kafka
Has this happened to anyone before? Is there a fix for this?
Thanks,