metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nickwallen <...@git.apache.org>
Subject [GitHub] incubator-metron pull request: [METRON-25] Create Bro Plugin to Se...
Date Thu, 04 Feb 2016 21:19:07 GMT
Github user nickwallen commented on the pull request:

    https://github.com/apache/incubator-metron/pull/17#issuecomment-180056871
  
    The values in `bro-plugin-kafka/scripts/init.bro` are merely defaults.  They could even
be completely removed from there.  I just find them useful so that a user doesn't have to
define all of the configuration values all of the time.  For example a user will rarely want
to change `max_wait_on_delivery`.
    
    The way to configure the kafka broker and topic name as a user of this plugin is described
in the README.  You define these in your `.../site/local.bro` script so that it looks something
like the following:
    
    ```
    @load Metron/Kafka/logs-to-kafka.bro
    redef Kafka::logs_to_send = set(Conn::LOG, HTTP::LOG, DNS::LOG);
    redef Kafka::kafka_broker_list = "localhost:9092";
    redef Kafka::topic_name = "bro";
    ```
    
    As an example, you can see how the Ansible scripts configure these values in `deployment/roles/bro/tasks/bro-plugin-kafka.yml`.
    
    ```
    - name: Configure bro plugin
      lineinfile:
        dest: /usr/local/bro/share/bro/site/local.bro
        line: "{{ item }}"
      with_items:
        - "@load Metron/Kafka/logs-to-kafka.bro"
        - "redef Kafka::logs_to_send = set(HTTP::LOG, DNS::LOG);"
        - "redef Kafka::kafka_broker_list = \"{{ kafka_broker_url }}\";"
        - "redef Kafka::topic_name = \"{{ bro_topic }}\";"
    ```
    
    Good eye.  Does that make sense?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message