Page 1 of 1
NLS to Analyse Threat Avert
Posted: Wed Apr 10, 2019 1:56 am
by lukedevon
Hi
Can we use Nagios LS to analyse Threat Avert (TA) by injecting logs over kafka? If this can be done, can you give me some guide?
For example :
Akamai-Nominum DNS + Kafka Stream ---> NLS (Kafka input)
https://www.akamai.com/uk/en/multimedia ... -brief.pdf
Regards
Luke
Re: NLS to Analyse Threat Avert
Posted: Wed Apr 10, 2019 12:43 pm
by cdienger
There is a Kafka input installed on NLS. You can confirm by running " /usr/local/nagioslogserver/logstash/bin/logstash-plugin list | grep kafka" which should return an input and output for Kafka. The plugin is documented at
https://www.elastic.co/guide/en/logstas ... kafka.html.
As far as configuring it to send logs over from TA, we don't have documentation on this and you'll need to refer to TA and Kafka documentation .
Re: NLS to Analyse Threat Avert
Posted: Sun Apr 14, 2019 8:47 pm
by lukedevon
Hi,
As I googled, I found the sample input plugin configuration as follows.
input {
kafka {
bootstrap_servers => "localhost:9092"
topics => ["beats"]
}
}
I tried;
1.
kafka {
port => 9092
}
2.
kafka {
bootstrap_servers => 9092
}
But these syntaxes are not acceptable for Nagios LS. How can I cnfigure NLS input plugin for Kafka?
Thank you
Luke.
Re: NLS to Analyse Threat Avert
Posted: Mon Apr 15, 2019 2:36 pm
by cdienger
Do you have a zookeeper server setup? The input needs to be configured to connect to a remote one since it doesn't have one installed.
The config would look something like:
Code: Select all
kafka {
topic_id => 'id'
zk_connect => 'zookkeeper:2181'
}