Provides a Suricata Eve output for Kafka with Suricate Eve plugin

Related tags

Miscellaneous suricata-kafka-output
Overview

Suricata Eve Kafka Output Plugin for Suricata 6.0.x

This plugin provides a Suricata Eve output for Kafka. Base on suricata-redis-output: https://github.com/jasonish/suricata-redis-output/tree/6.0

Building

git clone https://github.com/Center-Sun/suricata-kafka-output.git
cd suricata-kafka-output
cargo build --release

Installing

As there is no standard way (yet) to install Suricata plugins we'll install the plugin to /usr/local/lib/suricata/plugins.

mkdir -p /usr/local/lib/suricata/plugins
cp target/release/libkafka_output.so /usr/local/lib/suricata/plugins/

Add a section to your suricata.yaml that looks like:

plugins:
  - /usr/local/lib/suricata/plugins/libkafka_output.so

Then set the filetype in your eve configuration section to kafka.

Configuration

Add a section to your suricata.yaml that looks like:

kafka:
  brokers: "kafka1:9092,kafka2:9092"
  topic: suricata
  buffer-size: 1024
You might also like...
This crate provides a convenient macro that allows you to generate type wrappers that promise to always uphold arbitrary invariants that you specified.

prae This crate provides a convenient macro that allows you to generate type wrappers that promise to always uphold arbitrary invariants that you spec

null 96 Dec 4, 2022
todo-or-die provides procedural macros that act as checked reminders.

todo-or-die provides procedural macros that act as checked reminders.

David Pedersen 552 Dec 24, 2022
Provides two APIs for easily cancelling futures, with the option to fallback to a timeout cancellation

tokio-context Provides two different methods for cancelling futures with a provided handle for cancelling all related futures, with a fallback timeout

Peter Farr 18 Dec 27, 2022
global allocator that provides hooks for tracking allocation events

tracking-allocator A GlobalAlloc-compatible allocator implementation that provides the ability to track allocation events. examples As allocators are

Toby Lawrence 39 Dec 22, 2022
`fugit` provides a comprehensive library of `Duration` and `Instant` for the handling of time in embedded systems, doing all it can at compile time.

fugit fugit provides a comprehensive library of Duration and Instant for the handling of time in embedded systems, doing all it can at compile time. T

Emil Fresk 40 Oct 2, 2022
cooptex provides deadlock-free Mutexes.

cooptex provides deadlock-free Mutexes. The [CoopMutex::lock] method wraps the [std::sync::Mutex] return value with a Result that will request

Shelby Doolittle 12 Oct 10, 2022
Provides a wrapper to deserialize clap app using serde.

clap-serde Provides a wrapper to deserialize clap app using serde. API Reference toml const CLAP_TOML: &'static str = r#" name = "app_clap_serde" vers

null 17 Jan 9, 2023
A (mostly) drop-in replacement for Rust's Result that provides backtrace support

Errant A (mostly) drop-in replacement for Rust's Result that provides backtrace support. Please note that Errant is still very early in development an

Joshua Barretto 17 Dec 26, 2022
This repository provides an emulator for iterated prisoner's dilemma.

Iterated Prisoner's Dilemma Emulator Name This repository provides an emulator for iterated prisoner's dilemma. Description You can run the program by

tison 3 Jan 28, 2022
Comments
  • Error while running

    Error while running

    11/4/2022 -- 12:44:36 - - brokers parameter required! thread '' panicked at 'explicit panic', src/lib.rs:55:13 note: run with RUST_BACKTRACE=1 environment variable to display a backtrace fatal runtime error: failed to initiate panic, error 5 Aborted (core dumped)

    opened by cybersecurity99 15
  • Error

    Error

    Hi bro I tried this bit got this error: couldn't read /home/jason/oisf/code/suricata/master-6.0.x/rust/src/lib.rs: No such file or directory (os error 2)

    error: could not compile suricata due to previous error warning: build failed, waiting for other jobs to finish... error: build failed

    opened by cybersecurity99 1
  • How to add more partition in kafka Configuration

    How to add more partition in kafka Configuration

    Hi @Center-Sun How can we add more partition configuration in this Kafka plugin ? As currently it is creating only 1 partition, so it can't handle high speed rate .

    Thanks

    opened by cybersecurity99 13
Owner
Center
Everyone has his weakside~~~
Center
GitHub
Devops kafka topics like files with kls, ktail, khead and kecho

Devops kafka topics like files with kls, ktail, khead and kecho

imotai 4 Dec 31, 2021
Simple benchmark to compare different Kafka clients performance with similar configuration.

Kafka Producer Benchmark Simple benchmark to compare different clients performance against similar configuration. The project is relatively low tech a

Jean-Louis Boudart 11 Nov 2, 2022
A dead-simple tool for working with data in Kafka

ktool - a tool for Kafka ktool is a dead-simple tool for working with data in Kafka: Copy partitions / topics to disk Replay messages Inspect message

Dom 5 Nov 4, 2022
Rust library for program synthesis of string transformations from input-output examples 🔮

Synox implements program synthesis of string transformations from input-output examples. Perhaps the most well-known use of string program synthesis in end-user programs is the Flash Fill feature in Excel. These string transformations are learned from input-output examples.

Anish Athalye 21 Apr 27, 2022
Shows only the first page of rustc output

cargo-first-page Shows only the first page of rustc output. Installation cargo install cargo-firstpage Usage Prefix the cargo command by firstpage: T

Cecile Tonglet 11 Dec 19, 2021
use variant nesting information to flter overlapping sites from vg deconstruct output

vcfbub popping bubbles in vg deconstruct VCFs overview The VCF output produced by a command like vg deconstruct -e -a -H '#' ... includes information

null 11 Dec 28, 2022
A stupid macro that compiles and executes Rust and spits the output directly into your Rust code

inline-rust This is a stupid macro inspired by inline-python that compiles and executes Rust and spits the output directly into your Rust code. There

William 19 Nov 29, 2022
CLI tool that make it easier to perform multiple lighthouse runs towards a single target and output the result in a "plotable" format.

Lighthouse Groupie CLI tool that make it easier to perform multiple lighthouse runs towards a single target and output the result in a "plotable" form

Polestar 1 Jan 12, 2022
🥅 Dead simple webhook worker for Sentry to output events in a Discord channel

?? Sentry Webhook Dead simple webhook worker for Sentry to output events in a Discord channel Why? This is just a simple Rust HTTP service to do so, t

Noel 5 Nov 7, 2022
A dynamic output configuration tool that automatically detects and configures connected outputs based on a set of profiles.

shikane A dynamic output configuration tool that automatically detects and configures connected outputs based on a set of profiles. Each profile speci

Hendrik Wolff 15 May 4, 2023