berthayes / zeek-tcpreplay-kafka Goto Github PK

With Kafka Connect, it's relatively easy to import/export all kinds of data to/from Kafka. We want to show a similar story for the Zeek Kafka plugin. This whole conversation started when we wanted to push a fix to the entrypoint script for this project's docker image. The change was simple, but the build steps aren't cached and are prone to failure. The dockerfile in this repo does a lot of from-scratch compiling, and that's not a fast or easy experience for anyone who wants to use the Kafka plugin for Zeek. This repo should be a nice example to show an easy path to using Zeek + Kafka.

We may be able to take inspiration from the zeek kafka plugin repo:

• https://github.com/SeisoLLC/zeek-kafka/tree/main/docker

I've also filed an issue there asking if they publish a docker image with zeek and the kafka plugin working off the shelf:

• SeisoLLC/zeek-kafka#33

There's also the official zeek docker image on docker hub broplatform/bro:<version>. The github repo is here:

• https://github.com/zeek/zeek-docker

I tried installing the kafka plugin with zkg (the recommended way) using broplatform/bro:4.1.0 as a base but ran into various issues. Zeek 4+ comes with zkg, but it won't actually run without python 3. Even so, installing the plugin still failed with some C error:

fatal error: Desc.h: No such file or directory

I was already chasing build dependencies, which made me question what zkg was actually doing for me. I'll try again and document the steps better so I can maybe get help from the kafka zeek plugin folks.