Github user JonZeolla commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/547#discussion_r113576968 --- Diff: metron-sensors/bro-plugin-kafka/README.md --- @@ -94,6 +95,52 @@ event bro_init() } ``` +### Example 3 + +As documented in [METRON-285](https://issues.apache.org/jira/browse/METRON-285) and [METRON-286](https://issues.apache.org/jira/browse/METRON-286), various components in Metron do not currently support IPv6. Because of this, you may not want to send bro logs that contain IPv6 source or destination IPs into Metron. In this example, we are assuming a somewhat standard bro configuration for sending logs into a Metron cluster, such that: + * Each type of bro log is sent to the `bro` topic, but is tagged with the appropriate log type (such as `http`, `dns`, or `conn`). This is done by setting `topic_name` to `bro`, setting `$path` to an empty string (or leaving it unset), and by setting `tag_json` to true. + * The Kafka writer is set appropriately to send logs to the `bro` Kafka topic being used in your Metron cluster. This requires that your `kafka_conf` and `$config` tables are appropriately configured. + --- End diff -- My goal was just to be explicit. I can take another stab at it tomorrow.
--- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---