Kafka Plugin with Zeek

Jahan_Wadia · September 10, 2021, 5:27pm

Hi Folks,

I am currently using the Apache Kafka plugin to send logs to the Kafka server. The current setup is designed to use the plugin to send each zeek log(5 log streams) to a specific kafka topic as described here.
But the requirement now is to:
1 - Continuing to send the existing zeek logs to their specific topics as described above.
2 - Send all the other selected log streams to just one topic name on kafka cluster.

I have tried to set this up but it does not seem to work. Is this possible to do?
Appreciate your help!

Thanks,
Jahan

JonZeolla · September 11, 2021, 2:42pm

Hi Jahan,

If I understand your use case properly, I think example 6 is very close to what you’re looking for.

https://github.com/seisollc/zeek-kafka#example-6—sending-a-log-to-multiple-topics

Keep in mind that the metron-bro-plugin-kafka project is no longer supported. Please use https://github.com/SeisoLLC/zeek-kafka instead. The project has been forked, renamed, and is now being maintained there.

Let me know if that helps. Thanks,

Topic		Replies	Views
Send logs to kafka with different topic using zeek-kafka plugin Zeek development	2	282	November 29, 2022
Bro scripts to write logs to Kafka fails Zeek	4	89	May 6, 2022
kafka plugin silently fails Zeek	2	103	May 6, 2022
Zeek 3.1.2 and Kafka - No data flow Zeek	7	98	May 6, 2022
Cannot send logs to their individual Kafka topics Zeek	7	179	May 6, 2022

Kafka Plugin with Zeek

Related topics