Troubleshooting Apache Kafka
This reference provides troubleshooting options for configuring Apache Kafka to enable Client Authentication.
Apache Kafka
Issue | Solution |
---|---|
The Use As A Gateway Log Source option is selected in the log source configuration, but log sources are not being automatically detected. | Events being streamed from Kafka must contain a valid Syslog RFC3164 or RFC5424 compliant header, so QRadar can correctly determine the log source identifier of each event. |
No events are being received and the following error is displayed in the log source
configuration form: “Encountered an error while attempting to fetch topic metadata... Please
verify the configuration information. " |
Verify that the bootstrap server and port details that are entered into the configuration are valid. If Client Authentication is enabled, verify the following things:
|
No events are being received and the following error is displayed in the log source
configuration form: “The user specified list of topics did not contain any topics that
exists in the Kafka cluster. Please verify the topic list. " |
When you use the List Topics options to subscribe to topics, QRadar attempts to verify the topics available in the Kafka cluster to the specified topics when the log source is initially started. If no topics match between what was entered in the configuration and what is available on the cluster, you are presented with this message. Verify the topic names that are entered in the configuration; also, consider the use of the Regex Pattern Matching option for subscribing to topics. |
When any parameter value in the property file on the Kafka server is changed, expected results are not received. | Disable, then re-enable the Kafka log source. |