metron-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jon Zeolla (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (METRON-348) bro-plugin-kafka is missing an important update
Date Sat, 10 Sep 2016 12:29:20 GMT

    [ https://issues.apache.org/jira/browse/METRON-348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15479726#comment-15479726
] 

Jon Zeolla commented on METRON-348:
-----------------------------------

One note - if you use the logs-to-kafka.bro provided via bro/bro-plugins it will send IPv6
traffic to Metron, which will cause a few things to fail, primarily the enrichments.  Because
of that, I had to tweak logs-to-kafka.bro so that it won't send IPv6 (see attached file).
 

If we just pull or suggest to pull from bro/bro-plugins it will cause issues until METRON-293,
METRON-285, and METRON-286 are addressed.  Thoughts?  

> bro-plugin-kafka is missing an important update
> -----------------------------------------------
>
>                 Key: METRON-348
>                 URL: https://issues.apache.org/jira/browse/METRON-348
>             Project: Metron
>          Issue Type: Bug
>            Reporter: Jon Zeolla
>             Fix For: 0.2.1BETA
>
>         Attachments: logs-to-kafka.bro
>
>   Original Estimate: 2h
>  Remaining Estimate: 2h
>
> Metron's bro-plugin-kafka (https://github.com/apache/incubator-metron/tree/master/metron-sensors/bro-plugin-kafka)
is missing an important update (https://github.com/bro/bro-plugins/commit/b9f1f35415cb0db065348da0a5043a8353b4a0a8).
 I have opened a ticket with the bro devs in order to seek a long term resolution to this
issue (https://github.com/bro/bro-plugins/issues/31).  
> My suggestion was to have the bro team update the bro/bro-plugins repo to turn folders
(plugins) into individual branches so that they could be referenced and updated easily in
Metron and other projects as a submodule.  I was going to wait to hear back before filing
a PR, but I'm not against a short term fix of simply updating kafka/src/KafkaWriter.cc and
kafka/src/KafkaWriter.h.  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message