Hey everyone. Upcoming user here, attended an Engineer course previously. I’m upgrading Bro to 2.6.3 from 2.5.x and finding out all about what appears to be the deprecation of the Kafka plugin. I’ve gone round and round on the Bro documents on how to get logs passed to Kafka, I was curious how Rock is handling integrating newer versions of Bro with Kafka and the rest of the stack. I haven’t gotten to FSF yet, but will I run into issues there too?
We’re not giving up on Kafka and it’s certainly not going anywhere. I know Corelight uses it in their appliances, for example. That said, we’re working hard on a new release and have rebuilt that Kafka plugin with the latest greatest (among some other plugins). You can get the RPMs here: https://copr.fedorainfracloud.org/coprs/g/rocknsm/testing/
These are still testing, but feedback is welcomed. I’m pretty confident they all work as intended.
I have a 2.6.3 image – can the output write to a remote rocknsm image ?