zeek log send to kafka with differnet topic per module

[frank-s-liu]

Summary of the issue

it works all module with same topic. but it doest work with different topic, I test this scenario case based on example 4 in README file

Expected behavior

...

Steps to reproduce

1 module Kafka; 2 3 4 #redef Kafka::logs_to_send = set(HTTP::LOG, DNS::LOG); 5 redef Kafka::topic_name = ""; 6 #redef Kafka::send_all_active_logs = T; 7 redef Kafka::tag_json = T;

event zeek_init() &priority=-10 { local pop_filter: Log::Filter = [ $name = "kafka-pop", $writer = Log::WRITER_KAFKAWRITER, $config = table( ["metadata.broker.list"] = "192.168.31.138:9092" ), $path = "zeek_pop3" ]; Log::add_filter(HM_POP3::LOG, pop_filter); }

Where applicable, consider providing a patch that uses the end to end testing environment.

Logs, errors, etc.

%3|1669597397.563|FAIL|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Connect to ipv4#127.0.0.1:9092 failed: Connection refused (after 0ms in state CONNECT) %3|1669597397.563|ERROR|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: localhost:9092/bootstrap: Connect to ipv4#127.0.0.1:9092 failed: Connection refused (after 0ms in state CONNECT) %3|1669597397.563|ERROR|rdkafka#producer-1| [thrd:localhost:9092/bootstrap]: 1/1 brokers are down 1377201785.011707 error: zeek_pop3/Log::WRITER_KAFKAWRITER: Unable to deliver 21 message(s) 1377201785.011707 error: zeek_pop3/Log::WRITER_KAFKAWRITER: terminating thread

Your environment

• Version of Zeek
• 5.0.2
• Version or commit hash of the zeek-kafka package
• b632187c7afdc75365a256a7d9bb2e5cc81ab46f
• Operating System and version
• ubuntu 20.04

[frank-s-liu]

change configuration as follows, (redef kafka_conf )it works.

5 redef Kafka::topic_name = ""; 6 #redef Kafka::send_all_active_logs = T; 7 redef Kafka::tag_json = T; 8 9 redef Kafka::kafka_conf = table( 10 ["metadata.broker.list"] = "192.168.31.138:9092" 11 );