forked from berthayes/cp-siem
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsend-to-kafka.zeek
89 lines (79 loc) · 2.13 KB
/
send-to-kafka.zeek
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
#@load packages/metron-bro-plugin-kafka
@load Apache/Kafka
redef Kafka::topic_name = "";
redef Kafka::kafka_conf = table(
["metadata.broker.list"] = "broker:29092"
);
event zeek_init()
{
# handles HTTP
local http_filter: Log::Filter = [
$name = "kafka-http",
$writer = Log::WRITER_KAFKAWRITER,
$path = "http"
];
Log::add_filter(HTTP::LOG, http_filter);
# handles DNS
local dns_filter: Log::Filter = [
$name = "kafka-dns",
$writer = Log::WRITER_KAFKAWRITER,
$path = "dns"
];
Log::add_filter(DNS::LOG, dns_filter);
# handles CONN
local conn_filter: Log::Filter = [
$name = "kafka-conn",
$writer = Log::WRITER_KAFKAWRITER,
$path = "conn"
];
Log::add_filter(Conn::LOG, conn_filter);
# handles Files
local files_filter: Log::Filter = [
$name = "kafka-files",
$writer = Log::WRITER_KAFKAWRITER,
$path = "files"
];
Log::add_filter(Files::LOG, files_filter);
# Handles DHCP
local dhcp_filter: Log::Filter = [
$name = "kafka-dhcp",
$writer = Log::WRITER_KAFKAWRITER,
$path = "dhcp"
];
Log::add_filter(DHCP::LOG, dhcp_filter);
# handles software
local software_filter: Log::Filter = [
$name = "kafka-software",
$writer = Log::WRITER_KAFKAWRITER,
$path = "software"
];
Log::add_filter(Software::LOG, software_filter);
# handles weird
local weird_filter: Log::Filter = [
$name = "kafka-weird",
$writer = Log::WRITER_KAFKAWRITER,
$path = "weird"
];
Log::add_filter(Weird::LOG, weird_filter);
# handles x509
local x509_filter: Log::Filter = [
$name = "kafka-x509",
$writer = Log::WRITER_KAFKAWRITER,
$path = "x509"
];
Log::add_filter(X509::LOG, x509_filter);
# handles ssl
local ssl_filter: Log::Filter = [
$name = "kafka-ssl",
$writer = Log::WRITER_KAFKAWRITER,
$path = "ssl"
];
Log::add_filter(SSL::LOG, ssl_filter);
# Handle known_services
local known_services_filter: Log::Filter = [
$name = "kafka-known-services",
$writer = Log::WRITER_KAFKAWRITER,
$path = "known_services"
];
Log::add_filter(Known::SERVICES_LOG, known_services_filter);
}