Thanks Jon. I will try this out. Appreciate your response. On Wed, Feb 14, 2018, 12:08 AM zeo...@gmail.com <zeo...@gmail.com> wrote:
> Okay, great. It's possible that you need to do something like the > following to get known devices: > > echo "redef Software::asset_tracking = ALL_HOSTS;" >> > /usr/local/bro/share/bro/site/local.bro > > These snippets are from my testing instructions related to adding support > for bro 2.5.2 logs (link <https://github.com/apache/metron/pull/844>). > They should find their way into the plugin README eventually. > > Jon > > On Tue, Feb 13, 2018 at 6:35 AM bharath phatak <bharath.pha...@gmail.com> > wrote: > > > Hi Jon, > > > > Other than Known::DEVICES_LOG rest all worked. > > > > Thanks, > > Bharath > > On Tue, Feb 13, 2018, 4:15 PM zeo...@gmail.com <zeo...@gmail.com> wrote: > > > > > Try > > > > > > redef Kafka::logs_to_send = set(HTTP::LOG, DNS::LOG, Conn::LOG, > DPD::LOG, > > > FTP::LOG, Files::LOG, Known::CERTS_LOG, SMTP::LOG, SSL::LOG, > Weird::LOG, > > > Notice::LOG, DHCP::LOG, SSH::LOG, Software::LOG, RADIUS::LOG, > X509::LOG, > > > Known::DEVICES_LOG, RFB::LOG, Stats::LOG, CaptureLoss::LOG, SIP::LOG); > > > > > > Note that you usually wouldn't want to send reporter.log, as that's > where > > > errors get sent and it could become an infinite loop. > > > > > > Jon > > > > > > On Tue, Feb 13, 2018, 05:26 bharath phatak <bharath.pha...@gmail.com> > > > wrote: > > > > > > > Hi Team, > > > > > > > > Can some one help me out on the list of > > > > redef Kafka::logs_to_send values? > > > > > > > > I want to push all logs generated by bro to Kafka. > > > > > > > > I tried adding log file name but getting bro is crashing > > > > > > > > Ex weird::LOG, Files::LOG > > > > > > > > Thanks, > > > > Bharath > > > > > > > > > > > > > -- > > > > > > Jon > > > > > > -- > > Jon >
