Skip to content
/ suricata-kafka-output Public

provides a Suricata Eve output for Kafka with Suricate Eve plugin

License

MIT license
13 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Center-Sun/suricata-kafka-output

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 

Repository files navigation

Suricata Eve Kafka Output Plugin for Suricata 6.0.x

This plugin provides a Suricata Eve output for Kafka. Base on suricata-redis-output: https://github.com/jasonish/suricata-redis-output/tree/6.0

Building

git clone https://github.com/Center-Sun/suricata-kafka-output.git
cd suricata-kafka-output
cargo build --release

Installing

As there is no standard way (yet) to install Suricata plugins we'll install the plugin to /usr/local/lib/suricata/plugins.

mkdir -p /usr/local/lib/suricata/plugins
cp target/release/libkafka_output.so /usr/local/lib/suricata/plugins/

Add a section to your suricata.yaml that looks like:

plugins:
  - /usr/local/lib/suricata/plugins/libkafka_output.so

Then set the filetype in your eve configuration section to kafka.

Configuration

Add a section to your suricata.yaml that looks like:

kafka:
  brokers: "kafka1:9092,kafka2:9092"
  topic: suricata
  client-id: suricata_client_01
  buffer-size: 1024

About

provides a Suricata Eve output for Kafka with Suricate Eve plugin

Topics

suricata intrusion-detection

Resources

Readme

License

MIT license
Activity

Stars

13 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages