Introduction
This document details the steps required to output alerts into Kafka. The documentation is created under the assumption that the steps required for setting up and maintaining Kafka(Cluster, Topics, etc) are known and handled by the users.
Setting up the sensor
Below examples will set up the sensor to send the alerts to the Kafka cluster and the topic defined by the user
Add the below code to the file capsule8-sensor.yaml
alert_output:
outputs:
- type: kafka
enabled: true
tls_enabled: true
client_key_file_path: "{{file path to key}}"
client_cert_file_path: "{{file path to cert}}"
client_ca_file_path: "{{file path to ca}}"
topic: "capsule8-alerts"
brokers:
- <BROKER URL>
Setting the Topic
topic: # Please use the topic set up in kafka clusterSetting the Brokers
brokers: # Kafka brokers created while setting up KafkaAnother way to configure the sensor's connection to Kafka is by turning off TLS. Please use the below code in the file capsule8-sensor.yamlto turn off TLS.
alert_output:
outputs:
- type: kafka
enabled: true
tls_enabled: false
topic: "quickstart-events"
brokers:
- localhost:9092Once the capsule8-sensor.yamlis updated restart the sensor using the below command
$ sudo systemctl restart capsule8-sensor After restarting the sensor, trigger an alert to make sure the alerts are flowing to Kafka.
Comments
0 comments
Please sign in to leave a comment.