Okay, great. It's possible that you need to do something like the
following to get known devices:
echo "redef Software::asset_tracking = ALL_HOSTS;" >>
/usr/local/bro/share/bro/site/local.bro
These snippets are from my testing instructions related to adding support
for bro 2.5.2 logs (link <https://github.com/apache/metron/pull/844>).
They should find their way into the plugin README eventually.
Jon
On Tue, Feb 13, 2018 at 6:35 AM bharath phatak <bharath.pha...@gmail.com>
wrote:
> Hi Jon,
>
> Other than Known::DEVICES_LOG rest all worked.
>
> Thanks,
> Bharath
> On Tue, Feb 13, 2018, 4:15 PM zeo...@gmail.com <zeo...@gmail.com> wrote:
>
> > Try
> >
> > redef Kafka::logs_to_send = set(HTTP::LOG, DNS::LOG, Conn::LOG, DPD::LOG,
> > FTP::LOG, Files::LOG, Known::CERTS_LOG, SMTP::LOG, SSL::LOG, Weird::LOG,
> > Notice::LOG, DHCP::LOG, SSH::LOG, Software::LOG, RADIUS::LOG, X509::LOG,
> > Known::DEVICES_LOG, RFB::LOG, Stats::LOG, CaptureLoss::LOG, SIP::LOG);
> >
> > Note that you usually wouldn't want to send reporter.log, as that's where
> > errors get sent and it could become an infinite loop.
> >
> > Jon
> >
> > On Tue, Feb 13, 2018, 05:26 bharath phatak <bharath.pha...@gmail.com>
> > wrote:
> >
> > > Hi Team,
> > >
> > > Can some one help me out on the list of
> > > redef Kafka::logs_to_send values?
> > >
> > > I want to push all logs generated by bro to Kafka.
> > >
> > > I tried adding log file name but getting bro is crashing
> > >
> > > Ex weird::LOG, Files::LOG
> > >
> > > Thanks,
> > > Bharath
> > >
> >
> >
> > --
> >
> > Jon
> >
>
--
Jon
