I guess what I'm trying to understand is how the patch you pointed to changes the behavior in Metron. That is, if we only grab http and dns and point to a single topic, do we need it?
Besides that, we seem to have a licensing issue. The same code in the Bro project is not Apache licensed. That seems like an issue. On Sunday, July 24, 2016, Jon Zeolla (JIRA) <j...@apache.org> wrote: > > [ > https://issues.apache.org/jira/browse/METRON-348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15391089#comment-15391089 > ] > > Jon Zeolla commented on METRON-348: > ----------------------------------- > > But then Ansible would be pulling down their entire bro/bro-plugins repo, > including a bunch of plugins that aren't that useful with out-of-the-box > Metron. It would still be helpful for bro to have a branch for each plugin > (or a repo for each, but that seems less likely), and then reference the > repo/branch for their kafka plugin in the Ansible task or in the Metron > code base (whichever we decide on). Of course a change on bro/bro-plugins > isn't required, or even that important because it is a somewhat small repo, > but I think it's worth it to wait and see what their response will be. > > Personally, I find it nice that this code is pointed to in the metron > repo, but I can see an argument against it. My biggest concern is > providing outdated code in Metron - hence my resistance to simply update > what's there with a copy/paste. > > There shouldn't have to be any updates to the existing parsers. With this > plugin you specify a topic_name to send to, then all of the logs will go to > that single topic. It is only unique per bro log if you leave topic_name > undefined. If you only want the HTTP and DNS logs, then you just set > `redef Kafka::logs_to_send = set(HTTP::LOG, DNS::LOG);` in your local.bro. > > > bro-plugin-kafka is missing an important update > > ----------------------------------------------- > > > > Key: METRON-348 > > URL: https://issues.apache.org/jira/browse/METRON-348 > > Project: Metron > > Issue Type: Bug > > Reporter: Jon Zeolla > > Fix For: 0.2.1BETA > > > > Original Estimate: 2h > > Remaining Estimate: 2h > > > > Metron's bro-plugin-kafka ( > https://github.com/apache/incubator-metron/tree/master/metron-sensors/bro-plugin-kafka) > is missing an important update ( > https://github.com/bro/bro-plugins/commit/b9f1f35415cb0db065348da0a5043a8353b4a0a8). > I have opened a ticket with the bro devs in order to seek a long term > resolution to this issue (https://github.com/bro/bro-plugins/issues/31). > > My suggestion was to have the bro team update the bro/bro-plugins repo > to turn folders (plugins) into individual branches so that they could be > referenced and updated easily in Metron and other projects as a submodule. > I was going to wait to hear back before filing a PR, but I'm not against a > short term fix of simply updating kafka/src/KafkaWriter.cc and > kafka/src/KafkaWriter.h. > > > > -- > This message was sent by Atlassian JIRA > (v6.3.4#6332) >
