Suricata Eve Kafka Output Plugin for Suricata 6.0.x

This plugin provides a Suricata Eve output for Kafka. Base on suricata-redis-output: https://github.com/jasonish/suricata-redis-output/tree/6.0

Building

git clone https://github.com/Center-Sun/suricata-kafka-output.git
cd suricata-kafka-output
cargo build --release

As there is no standard way (yet) to install Suricata plugins we'll install the plugin to /usr/local/lib/suricata/plugins.

mkdir -p /usr/local/lib/suricata/plugins
cp target/release/libkafka_output.so /usr/local/lib/suricata/plugins/

Add a section to your suricata.yaml that looks like:

plugins:
  - /usr/local/lib/suricata/plugins/libkafka_output.so

Then set the filetype in your eve configuration section to kafka.

Add a section to your suricata.yaml that looks like:

kafka:
  brokers: "kafka1:9092,kafka2:9092"
  topic: suricata
  client-id: suricata_client_01
  buffer-size: 1024

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
src		src
.gitignore		.gitignore
Cargo.toml		Cargo.toml
LICENSE.txt		LICENSE.txt
README.md		README.md