Hello,
Excited to learn and use zeek.
I was wondering whether there is any way/package/plugin where, I could make outbound tcp connections using broker or scoket library? My goal is to send the logs as they are generating in real time to a server or a port. So, for that I am using broker to send the logs, but is there a way to use socket library and send the logs? Probably using packet source API like zeek af_packet plugin?
Thanks & Regards,
Brijesh
Hi,
you can indeed make outbound connections via broker; however the other endpoint also has to use the same broker library version as your running Zeek installation. If that works you can use Broker::peer for this purpose (see the broker framework documentation).
However, there is a good chance that you do not want that; if you want the logs being sent out in a specific protocol, you probably want to use a log-writer that can send logs on to another host. There are writers that output the Zeek log in a variety of formats, including raw TCP connections. You can, e.g., search for them on packages.zeek.org.
I hope this helps a bit 
Thank You @johanna for replying. I will explore zeek-kafka on how to write LOG-WRITER. Are there any other writer plugins that you know of?