docker/in_docker_scripts/configure_plugin.sh - metron-bro-plugin-kafka - Git at Google

 #!/usr/bin/env bash

 #
 #  Licensed to the Apache Software Foundation (ASF) under one or more
 #  contributor license agreements.  See the NOTICE file distributed with
 #  this work for additional information regarding copyright ownership.
 #  The ASF licenses this file to You under the Apache License, Version 2.0
 #  (the "License"); you may not use this file except in compliance with
 #  the License.  You may obtain a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 #  Unless required by applicable law or agreed to in writing, software
 #  distributed under the License is distributed on an "AS IS" BASIS,
 #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 #

 shopt -s nocasematch

 #
 # Configures the zeek kafka plugin
 # Configures the kafka broker
 # Configures the plugin for all the traffic types
 # Configures the plugin to add some additional json values
 #

 function help {
   echo " "
   echo "usage: ${0}"
   echo "    --kafka-topic                  [OPTIONAL] The kafka topic to configure. Default: zeek"
   echo "    -h/--help                      Usage information."
   echo " "
   echo " "
 }

 KAFKA_TOPIC=zeek

 # Handle command line options
 for i in "$@"; do
   case $i in
   #
   # KAFKA_TOPIC
   #
   #   --kafka-topic
   #
     --kafka-topic=*)
       KAFKA_TOPIC="${i#*=}"
       shift # past argument=value
     ;;
   #
   # -h/--help
   #
     -h | --help)
       help
       exit 0
       shift # past argument with no value
     ;;
   #
   # Unknown option
   #
     *)
       UNKNOWN_OPTION="${i#*=}"
       echo "Error: unknown option: $UNKNOWN_OPTION"
       help
     ;;
   esac
 done

 echo "Configuring kafka plugin"
 {
   echo "@load packages"
   echo "redef Kafka::logs_to_send = set(HTTP::LOG, DNS::LOG, Conn::LOG, DPD::LOG, FTP::LOG, Files::LOG, Known::CERTS_LOG, SMTP::LOG, SSL::LOG, Weird::LOG, Notice::LOG, DHCP::LOG, SSH::LOG, Software::LOG, RADIUS::LOG, X509::LOG, RFB::LOG, Stats::LOG, CaptureLoss::LOG, SIP::LOG);"
   echo "redef Kafka::topic_name = \"${KAFKA_TOPIC}\";"
   echo "redef Kafka::tag_json = T;"
   echo "redef Kafka::kafka_conf = table([\"metadata.broker.list\"] = \"kafka-1:9092,kafka-2:9092\");"
   echo "redef Kafka::additional_message_values = table([\"FIRST_STATIC_NAME\"] = \"FIRST_STATIC_VALUE\", [\"SECOND_STATIC_NAME\"] = \"SECOND_STATIC_VALUE\");"
   echo "redef Kafka::logs_to_exclude = set(Conn::LOG, DHCP::LOG);"
   echo "redef Known::cert_tracking = ALL_HOSTS;"
   echo "redef Software::asset_tracking = ALL_HOSTS;"
 } >> /usr/local/zeek/share/zeek/site/local.zeek

 # Comment out the load statement for "log-hostcerts-only.zeek" in zeek's
 # default local.zeek as of 3.1.2 in order to log all certificates to x509.log
 sed -i 's%^@load protocols/ssl/log-hostcerts-only%#&%' /usr/local/zeek/share/zeek/site/local.zeek
	#!/usr/bin/env bash

	#
	# Licensed to the Apache Software Foundation (ASF) under one or more
	# contributor license agreements. See the NOTICE file distributed with
	# this work for additional information regarding copyright ownership.
	# The ASF licenses this file to You under the Apache License, Version 2.0
	# (the "License"); you may not use this file except in compliance with
	# the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	#

	shopt -s nocasematch

	#
	# Configures the zeek kafka plugin
	# Configures the kafka broker
	# Configures the plugin for all the traffic types
	# Configures the plugin to add some additional json values
	#

	function help {
	echo " "
	echo "usage: ${0}"
	echo " --kafka-topic [OPTIONAL] The kafka topic to configure. Default: zeek"
	echo " -h/--help Usage information."
	echo " "
	echo " "
	}

	KAFKA_TOPIC=zeek

	# Handle command line options
	for i in "$@"; do
	case $i in
	#
	# KAFKA_TOPIC
	#
	# --kafka-topic
	#
	--kafka-topic=*)
	KAFKA_TOPIC="${i#*=}"
	shift # past argument=value
	;;
	#
	# -h/--help
	#
	-h \| --help)
	help
	exit 0
	shift # past argument with no value
	;;
	#
	# Unknown option
	#
	*)
	UNKNOWN_OPTION="${i#*=}"
	echo "Error: unknown option: $UNKNOWN_OPTION"
	help
	;;
	esac
	done

	echo "Configuring kafka plugin"
	{
	echo "@load packages"
	echo "redef Kafka::logs_to_send = set(HTTP::LOG, DNS::LOG, Conn::LOG, DPD::LOG, FTP::LOG, Files::LOG, Known::CERTS_LOG, SMTP::LOG, SSL::LOG, Weird::LOG, Notice::LOG, DHCP::LOG, SSH::LOG, Software::LOG, RADIUS::LOG, X509::LOG, RFB::LOG, Stats::LOG, CaptureLoss::LOG, SIP::LOG);"
	echo "redef Kafka::topic_name = \"${KAFKA_TOPIC}\";"
	echo "redef Kafka::tag_json = T;"
	echo "redef Kafka::kafka_conf = table([\"metadata.broker.list\"] = \"kafka-1:9092,kafka-2:9092\");"
	echo "redef Kafka::additional_message_values = table([\"FIRST_STATIC_NAME\"] = \"FIRST_STATIC_VALUE\", [\"SECOND_STATIC_NAME\"] = \"SECOND_STATIC_VALUE\");"
	echo "redef Kafka::logs_to_exclude = set(Conn::LOG, DHCP::LOG);"
	echo "redef Known::cert_tracking = ALL_HOSTS;"
	echo "redef Software::asset_tracking = ALL_HOSTS;"
	} >> /usr/local/zeek/share/zeek/site/local.zeek

	# Comment out the load statement for "log-hostcerts-only.zeek" in zeek's
	# default local.zeek as of 3.1.2 in order to log all certificates to x509.log
	sed -i 's%^@load protocols/ssl/log-hostcerts-only%#&%' /usr/local/zeek/share/zeek/site/local.zeek