如何将 Suricata 日志发送到 Kafka? [英] How to send Suricata log to Kafka?
问题描述
根据文档
我不知道在 Suricata 上进行配置以启用将日志发送到 Kafka 主题.请帮忙.
我没有看到 Kafka 被列为输出类型,因此不,没有"
参考文档:https://suricata.readthedocs.io/en/suricata-5.0.2/output/index.html
另外,我不确定我理解你期望 http: yes 做什么,因为 Kafka 不是 HTTP 服务
你可以做的是设置filetype: unix_stream,然后我假设它是Syslog,你可以添加另一个服务,比如Kafka Connect或Fluentd或Logstash来路由它数据到卡夫卡.
换句话说,服务不需要与 Kafka 集成.有很多替代方法可以读取文件或 stdout/stderr/syslog 流
After install and config Suricata 5.0.2 according to document https://suricata.readthedocs.io/.
I try to change some configuration in suricata.yaml by adding:
- alert-json-log:
enabled: yes
filetype: kafka
kafka:
brokers: >
xxx-kafka-online003:9092,
xxx-kafka-online004:9092,
xxx-kafka-online005:9092,
xxx-kafka-online006:9092,
xxx-kafka-online007:9092
topic: nsm_event
partitions: 5
http: yes
Next I run Suricata, and receive the error Invalid entry for alert-json-log.filetype. Expected "regular" (default), "unix_stream", "pcie" or "unix_dgram"
I don't know to configure on Suricata to enable sending log to Kafka topics. Please help.
I don't see Kafka listed as an output type, therefore "no, there is not"
Refer docs: https://suricata.readthedocs.io/en/suricata-5.0.2/output/index.html
Plus, I'm not sure I understand what you expect http: yes to do since Kafka is not an HTTP service
What you could do is set filetype: unix_stream, then I assume that is Syslog, and you can add another service like Kafka Connect or Fluentd or Logstash to route that data to Kafka.
In other words, services don't need to integrate with Kafka. Plenty of alternatives exist to read files or stdout/stderr/syslog streams
这篇关于如何将 Suricata 日志发送到 Kafka?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
