# suricata-kafka-output

**Repository Path**: FTimes/suricata-kafka-output

## Basic Information

- **Project Name**: suricata-kafka-output
- **Description**: Output to Kafka is supported by Suricata version 7 and 6
- **Primary Language**: Unknown
- **License**: MIT
- **Default Branch**: 6.x
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2025-03-07
- **Last Updated**: 2025-03-07

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# Suricata Eve Kafka Output Plugin for Suricata 6.0.x

This plugin provides a Suricata Eve output for Kafka. Base on suricata-redis-output: https://github.com/jasonish/suricata-redis-output/tree/6.0

## Building

```
git clone https://github.com/CTimes/suricata-kafka-output.git
cd suricata-kafka-output
cargo build --release
```

## Installing

As there is no standard way (yet) to install Suricata plugins we'll install the
plugin to `/usr/local/lib/suricata/plugins`.

```
mkdir -p /usr/local/lib/suricata/plugins
cp target/release/libkafka_output.so /usr/local/lib/suricata/plugins/
```

Add a section to your `suricata.yaml` that looks like:

```
plugins:
  - /usr/local/lib/suricata/plugins/libkafka_output.so
```

Then set the `filetype` in your `eve` configuration section to
`kafka`.

## Configuration

Add a section to your `suricata.yaml` that looks like:

```
kafka:
  brokers: "kafka1:9092,kafka2:9092"
  topic: suricata
  client-id: suricata_client_01
  buffer-size: 1024
```