You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Current documentation for applying a filter to a zeek stream before it is sent to Kafka is using the "$pred" feature. This feature was depreciated in Zeek version 4.x in favor of using the "hook" feature (https://docs.zeek.org/en/master/frameworks/logging.html#filter-log-records) but was still supported, but in version 5.x a "zeekctl check" will fail with:
error in /usr/local/zeek/share/zeek/site/local.zeek, lines 150-158: orphaned field "pred" in record coercion ((coerce [$name=kafka-ssl, $writer=Log::WRITER_KAFKAWRITER, $config=table(metadata.broker.list = cikafka.my-company.com:9093), $pred=no_ssl_int, $path=DC2_Network_Monitor_Zeek_SSL_Raw] to Log::Filter))
The above referenced Zeek documentation shows how to filter using hooks with the ASCII writer, but it is unclear how to implement a hook filter specific to a Kafka topic in a local.zeek configuration file.
Your environment
Version of Zeek - 5.0.8
Version or commit hash of the zeek-kafka package - v1.1.0
Operating System and version - Ubuntu Server 20.04
The text was updated successfully, but these errors were encountered:
Summary of the issue
Current documentation for applying a filter to a zeek stream before it is sent to Kafka is using the "$pred" feature. This feature was depreciated in Zeek version 4.x in favor of using the "hook" feature (https://docs.zeek.org/en/master/frameworks/logging.html#filter-log-records) but was still supported, but in version 5.x a "zeekctl check" will fail with:
error in /usr/local/zeek/share/zeek/site/local.zeek, lines 150-158: orphaned field "pred" in record coercion ((coerce [$name=kafka-ssl, $writer=Log::WRITER_KAFKAWRITER, $config=table(metadata.broker.list = cikafka.my-company.com:9093), $pred=no_ssl_int, $path=DC2_Network_Monitor_Zeek_SSL_Raw] to Log::Filter))
The above referenced Zeek documentation shows how to filter using hooks with the ASCII writer, but it is unclear how to implement a hook filter specific to a Kafka topic in a local.zeek configuration file.
Your environment
The text was updated successfully, but these errors were encountered: