https://github.com/Center-Sun/suricata-kafka-output

provides a Suricata Eve output for Kafka with Suricate Eve plugin
https://github.com/Center-Sun/suricata-kafka-output

intrusion-detection suricata

Last synced: 3 months ago
JSON representation

provides a Suricata Eve output for Kafka with Suricate Eve plugin

• Host: GitHub
• URL: https://github.com/Center-Sun/suricata-kafka-output
• Owner: Center-Sun
• License: mit
• Created: 2021-11-14T06:39:17.000Z (about 3 years ago)
• Default Branch: master
• Last Pushed: 2021-11-25T08:32:12.000Z (about 3 years ago)
• Last Synced: 2024-08-02T07:11:05.062Z (6 months ago)
• Topics: intrusion-detection, suricata
• Language: Rust
• Homepage:
• Size: 6.84 KB
• Stars: 13
• Watchers: 2
• Forks: 4
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.txt

Awesome Lists containing this project

• awesome-suricata - suricata-kafka-output - Suricata Eve Kafka Output Plugin for Suricata 6. (Output Tools)

README

        
# Suricata Eve Kafka Output Plugin for Suricata 6.0.x

This plugin provides a Suricata Eve output for Kafka. Base on suricata-redis-output: https://github.com/jasonish/suricata-redis-output/tree/6.0

## Building

```

git clone https://github.com/Center-Sun/suricata-kafka-output.git

cd suricata-kafka-output

cargo build --release

```

## Installing

As there is no standard way (yet) to install Suricata plugins we'll install the

plugin to `/usr/local/lib/suricata/plugins`.

```

mkdir -p /usr/local/lib/suricata/plugins

cp target/release/libkafka_output.so /usr/local/lib/suricata/plugins/

```

Add a section to your `suricata.yaml` that looks like:

```

plugins:

  - /usr/local/lib/suricata/plugins/libkafka_output.so

```

Then set the `filetype` in your `eve` configuration section to

`kafka`.

## Configuration

Add a section to your `suricata.yaml` that looks like:

```

kafka:

  brokers: "kafka1:9092,kafka2:9092"

  topic: suricata

  client-id: suricata_client_01

  buffer-size: 1024

```