New Metron user. I set up a beefy box as a single node instance of Metron for learning purposes mostly following the instructions at https://cwiki.apache.org/confluence/display/METRON/Metron+0.4.1+with+HDP+2.5+bare-metal+install+on+Centos+7+with+MariaDB+for+Metron+REST with the primary exception that I installed the latest Bro release (2.5.3) from rpms before realizing that I needed the source for building the Kafka plugin so I built Bro from source, symlinked /opt/bro to /usr/local/bro, then built and installed the Kafka plugin. The end of my local.bro looks like: redef Kafka::logs_to_send = set(Conn::LOG); redef Kafka::topic_name = "bro"; redef Kafka::tag_json = T; redef Kafka::kafka_conf = table( ["metadata.broker.list"] = "127.0.0.1:6667" ); I know its picking this up because I was getting errors about misconfigurations here, such as when I forgot to change the IP address from the placeholder, and now bro starts without error. I send traffic to bro via tcp-replay, and I see that is working because I am getting the expected logs in /usr/local/bro/logs/current, such as conn.log . Before doing that I set up a Kafka cli consumer: [root@ip-172-31-38-75 ~]# /usr/hdp/2.5.3.0-37/kafka/bin/kafka-console-consumer.sh --zookeeper localhost:2181 --topic bro {metadata.broker.list=ip-172-31-38-75.us-east-2.compute.internal:6667, request.timeout.ms=30000, client.id=console-consumer-35841, security.protocol=PLAINTEXT} I would expect to get spammed by conn logs on that consumer, but... nothing. Any thoughts on where I went wrong or how I can go about debugging this? Thanks! Terry ... View more