NLS to Analyse Threat Avert

[lukedevon]

Hi

Can we use Nagios LS to analyse Threat Avert (TA) by injecting logs over kafka? If this can be done, can you give me some guide?

For example :

Akamai-Nominum DNS + Kafka Stream ---> NLS (Kafka input)

https://www.akamai.com/uk/en/multimedia ... -brief.pdf

Regards
Luke

[cdienger]

There is a Kafka input installed on NLS. You can confirm by running " /usr/local/nagioslogserver/logstash/bin/logstash-plugin list | grep kafka" which should return an input and output for Kafka. The plugin is documented at https://www.elastic.co/guide/en/logstas ... kafka.html.

As far as configuring it to send logs over from TA, we don't have documentation on this and you'll need to refer to TA and Kafka documentation .

[lukedevon]

Hi,

As I googled, I found the sample input plugin configuration as follows.

input {
kafka {
bootstrap_servers => "localhost:9092"
topics => ["beats"]
}
}

I tried;

1.

kafka {
port => 9092
}

2.

kafka {
bootstrap_servers => 9092
}

But these syntaxes are not acceptable for Nagios LS. How can I cnfigure NLS input plugin for Kafka?

Thank you
Luke.

[cdienger]

Do you have a zookeeper server setup? The input needs to be configured to connect to a remote one since it doesn't have one installed.

The config would look something like:

Code: Select all

kafka {
topic_id => 'id'
zk_connect => 'zookkeeper:2181'
}