Settings for a connector of the kafka type are described in the following tables.
Basic settings tab
Setting
Description
Name
Unique name of the resource. Maximum length of the name: 128 Unicode characters.
Required setting.
Tenant
The name of the tenant that owns the resource.
Required setting.
Type
Connector type. You need to select kafka.
Required setting.
URL
URL that you want to connect to. You can enter a URL in one of the following formats:
<host name>:<port number>
<IPv4 address>:<port number>
<IPv6 address>:<port number>
Topic
Subject of Kafka messages. Maximum length of the subject: 255 characters. You can use the following characters: a–z, A–Z, 0–9, ".", "_", and "-".
Authorization
Agents must be authorized to connect to the connector. Available values:
disabled. The default value.
PFX. When this option is selected, you must generate a PFX certificate with a private key in PKCS#12 container format in an external Certificate Authority, export the PFX certificate from the key store, and upload the PFX certificate to the KUMA web interface as a PFX secret.
In the Secret drop-down list, select the uploaded PFX certificate. If you have not uploaded any PFX certificates, the Secret field displays No data.
If you want to add a new PFX certificate, click the button to the right of the Secret drop-down list.
The Secret window opens.
In the Name field, enter the name of the PFX secret.
Click Upload PFX and select the PKCS#12 container file to which you exported the PFX certificate with the private key.
In the Password field, enter the PFX certificate security password that was set in the PFX Certificate Export Wizard.
Click Save.
The PFX secret is added and displayed in the Secret drop-down list.
plain. If this option is selected, you must indicate the secret containing user account credentials for authorization when connecting to the connector.
If you have created a secret, select it from the Secret drop-down list. If no secrets have been created, the Secret drop-down list displays No data.
If you want to add a new secret, click the button on the right of the Secret list.
The Secret window opens.
In the Name field, enter the name of the secret.
In the User and Password fields, enter the credentials of the user account that the Agent will use to connect to the connector.
If necessary, add more information about the secret in the Description field.
Click the Save button.
The secret will be added and displayed in the Secret list.
GroupID.
The GroupID parameter for Kafka messages. Maximum length of the parameter: 255 characters. You can use the following characters: a–z, A–Z, 0–9, ".", "_", and "-".
Description
Description of the resource. Maximum length of the description: 4000 Unicode characters.
Advanced settings tab
Setting
Description
Size of message to fetch
Size of one message in the request, in bytes. The default value is 16 MB.
Maximum fetch wait time
Timeout for one message in seconds. The default value is 5 seconds.
Character encoding
Character encoding. The default value is UTF-8.
TLS mode
TLS encryption mode. Available values:
Disabled means TLS encryption is not used. The default value.
Enabled means TLS encryption is used, but certificates are not verified.
With verification means TLS encryption is used with verification of the certificate signed with the KUMA root certificate. The root certificate and key of KUMA are created automatically during application installation and are stored on the KUMA Core server in the folder /opt/kaspersky/kuma/core/certificates/.
Custom CA means TLS encryption is used with verification that the certificate was signed by a Certificate Authority. If you select this value, from the Custom CA drop-down list, select a secret with a certificate signed by the CA.
You can create a CA-signed certificate on the KUMA Core server (the following command examples use OpenSSL).
To create a certificate signed by a Certificate Authority:
Generate a key to be used by the Certificate Authority, for example:
openssl genrsa -out ca.key 2048
Create a certificate for the generated key, for example:
openssl req -new -x509 -days 365 -key ca.key -subj "/CN=<common host name of Certificate Authority>" -out ca.crt
Create a private key and a request to have it signed by the Certificate Authority, for example:
openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "/CN=<common host name of KUMA server>" -out server.csr
Create the certificate signed by the Certificate Authority. You need to include the domain names or IP addresses of the server for which you are creating the certificate in the subjectAltName variable, for example:
Upload the generated server.crt certificate to the KUMA web interface into a secret of the certificate type, then select the secret of the certificate type in the Custom CA drop-down list.
To use KUMA certificates on third-party devices, you must change the certificate file extension from CERT to CRT. Otherwise, you can get the x509: certificate signed by unknown authority error.
When using TLS encryption, you cannot specify an IP address as the URL.