General Information
Preference Documentation
Log Data Documentation
- Log Data Examples
- Interesting Types of Events
  - SSH Logins and Activity
Related Tech and Configurations
- macOS
Compliance
- cmdReporter and US Govt Standards Details
  - How cmdReporter Meets CMMC, DFARS, and NIST 800-171 Requirements
  - NIST 800-53r4 (high) controls met by using cmdReporter
- Security Baseline Reporting Preferences
  - Security Benchmark Reporting Logs

Kafka Logging

Daniel Griggs

Modified on: Tue, 6 Oct, 2020 at 3:36 PM

Kafka-specific Remote Logging Preferences

Overview

This article describes the preference keys available to configure the cmdReporter Kafka interface.

Kafka Operation Preferences

Key		Value Type	Sample Value	Function
LogRemoteEndpointEnabled		bool	true	Enable network transmission of log data
LogRemoteEndpointType		String	Kafka	Type of remote log aggregation server
LogRemoteEndpointURL		String	ssl://server.address:9093	URL where log data is to be sent. Applies to all remote logging types.
LogRemoteEndpointKafka		Dictionary	-	Container dictionary for Kafka preferences.
	TLSServerCertificate	Array of Strings	server_name.company.com Let's Encrypt Authority X3 DST Root CA X3	(Required) Common names of Public TLS certificate chain stored in system keychain. Mapped to Kafka-internal setting "ssl.ca.location" cmdReporter handles transformation to file path.
	TLSClientPrivateKey	String	(See example plist below)	(Optional) Decrypted and password-less client private key in pem format. Mapped to Kafka-internal setting "ssl.key.location" cmdReporter handles transformation to file path.
	TLSClientCertificate	String	(See example plist below)	(Optional) common names of client certificates stored in the system keychain. Mapped to Kafka-internal setting "ssl.certificate.location" cmdReporter handles transformation to file path.
	TopicName	String	cmdReporter	(Optional) Defaults to "cmdReporter"

Kafka Example Full Configuration

<!-- This configuration is for server TLS connections without authentication -->
<key>LogRemoteEndpointEnabled</key>
<true/>
<key>LogRemoteEndpointURL</key>
<string>ssl://server_name.company.com:9093</string>
<key>LogRemoteEndpointType</key>
<string>Kafka</string>
<key>LogRemoteEndpointKafka</key>
<dict>
  <key>TopicName</key>
  <string>cmdReporter</string>
  <key>TLSServerCertificate</key>
  <array>
    <string>server_name.company.com</string>
    <string>Let's Encrypt Authority X3</string>
    <string>DST Root CA X3</string>
  </array>
</dict>

Kafka TLS Certificate Configuration Details

See http://kafka.apache.org/documentation.html#security_ssl for more information on using SSL connections to Kafka brokers and detailed information on how to generate the proper certificates.

<key>LogRemoteEndpointKafka</key>
<dict>
  <key>TLSServerCertificate</key>
  <array>
    <string>server_name.company.com</string>
    <string>Let's Encrypt Authority X3</string>
    <string>DST Root CA X3</string>
  </array>
  <key>TLSClientPrivateKey</key>
  <string>-----BEGIN CERTIFICATE-----
{variable sized random bytes}
-----END CERTIFICATE-----</string>

  <key>TLSClientCertificate</key>
    <array>
    <string>client certificate CN</string>
  </array>

  <key>TopicName</key>
  <string>cmdReporter</string>
</dict>