http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/bundles-maven-plugin/src/main/java/org/apache/metron/maven/plugins/bundles/BundleProvidedDependenciesMojo.java ---------------------------------------------------------------------- diff --git a/bundles-maven-plugin/src/main/java/org/apache/metron/maven/plugins/bundles/BundleProvidedDependenciesMojo.java b/bundles-maven-plugin/src/main/java/org/apache/metron/maven/plugins/bundles/BundleProvidedDependenciesMojo.java new file mode 100644 index 0000000..ca518b9 --- /dev/null +++ b/bundles-maven-plugin/src/main/java/org/apache/metron/maven/plugins/bundles/BundleProvidedDependenciesMojo.java @@ -0,0 +1,328 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.metron.maven.plugins.bundles; + +import org.apache.maven.artifact.Artifact; +import org.apache.maven.artifact.handler.ArtifactHandler; +import org.apache.maven.artifact.handler.manager.ArtifactHandlerManager; +import org.apache.maven.artifact.repository.ArtifactRepository; +import org.apache.maven.plugin.AbstractMojo; +import org.apache.maven.plugin.MojoExecutionException; +import org.apache.maven.plugin.MojoFailureException; +import org.apache.maven.plugins.annotations.Component; +import org.apache.maven.plugins.annotations.LifecyclePhase; +import org.apache.maven.plugins.annotations.Mojo; +import org.apache.maven.plugins.annotations.Parameter; +import org.apache.maven.plugins.annotations.ResolutionScope; +import org.apache.maven.project.DefaultProjectBuildingRequest; +import org.apache.maven.project.MavenProject; +import org.apache.maven.project.ProjectBuilder; +import org.apache.maven.project.ProjectBuildingException; +import org.apache.maven.project.ProjectBuildingRequest; +import org.apache.maven.project.ProjectBuildingResult; +import org.apache.maven.shared.dependency.tree.DependencyNode; +import org.apache.maven.shared.dependency.tree.DependencyTreeBuilder; +import org.apache.maven.shared.dependency.tree.DependencyTreeBuilderException; +import org.apache.maven.shared.dependency.tree.traversal.DependencyNodeVisitor; +import org.eclipse.aether.RepositorySystemSession; + +import java.util.ArrayDeque; +import java.util.Deque; +import java.util.HashMap; +import java.util.Map; + +/** + * Generates the listing of dependencies that is provided by the Bundle dependency of the current Bundle. This is important as artifacts that bundle dependencies will + * not project those dependences using the traditional maven dependency plugin. This plugin will override that setting in order to print the dependencies being + * inherited at runtime. + */ +@Mojo(name = "provided-bundle-dependencies", defaultPhase = LifecyclePhase.PACKAGE, threadSafe = false, requiresDependencyResolution = ResolutionScope.RUNTIME) +public class BundleProvidedDependenciesMojo extends AbstractMojo { + + /** + * The Maven project. + */ + @Parameter(defaultValue = "${project}", readonly = true, required = true) + private MavenProject project; + + /** + * The local artifact repository. + */ + @Parameter(defaultValue = "${localRepository}", readonly = true) + private ArtifactRepository localRepository; + + /** + * The {@link RepositorySystemSession} used for obtaining the local and remote artifact repositories. + */ + @Parameter(defaultValue = "${repositorySystemSession}", readonly = true) + private RepositorySystemSession repoSession; + + /** + * If specified, this parameter will cause the dependency tree to be written using the specified format. Currently supported format are: <code>tree</code> + * or <code>pom</code>. + */ + @Parameter(property = "mode", defaultValue = "tree") + private String mode; + + /** + * The packageType we are using for dependencies, should be bundle, but may + * be changed in the configuration if the plugin is producing + * other archive extensions, this is a 'shared' configuration + * with the BundleMojo + */ + @Parameter(property = "packageType", required = false, defaultValue = "bundle") + protected String packageType; + + /** + * The dependency tree builder to use for verbose output. + */ + @Component + private DependencyTreeBuilder dependencyTreeBuilder; + + /** + * * + * The {@link ArtifactHandlerManager} into which any extension {@link ArtifactHandler} instances should have been injected when the extensions were loaded. + */ + @Component + private ArtifactHandlerManager artifactHandlerManager; + + /** + * The {@link ProjectBuilder} used to generate the {@link MavenProject} for the bundle + * artifact the dependency tree is being generated for. + */ + @Component + private ProjectBuilder projectBuilder; + + /* + * @see org.apache.maven.plugin.Mojo#execute() + */ + @Override + public void execute() throws MojoExecutionException, MojoFailureException { + try { + // find the bundle dependency + Artifact bundleArtifact = null; + for (final Artifact artifact : project.getDependencyArtifacts()) { + if (packageType.equals(artifact.getType())) { + // ensure the project doesn't have two bundle dependencies + if (bundleArtifact != null) { + throw new MojoExecutionException("Project can only have one BUNDLE dependency."); + } + + // record the bundle dependency + bundleArtifact = artifact; + } + } + + // ensure there is a bundle dependency + if (bundleArtifact == null) { + throw new MojoExecutionException("Project does not have any BUNDLE dependencies."); + } + + // build the project for the bundle artifact + final ProjectBuildingRequest bundleRequest = new DefaultProjectBuildingRequest(); + bundleRequest.setRepositorySession(repoSession); + bundleRequest.setSystemProperties(System.getProperties()); + final ProjectBuildingResult bundleResult = projectBuilder.build(bundleArtifact, bundleRequest); + + // get the artifact handler for excluding dependencies + final ArtifactHandler bundleHandler = excludesDependencies(bundleArtifact); + bundleArtifact.setArtifactHandler(bundleHandler); + + // bundle artifacts by nature includes dependencies, however this prevents the + // transitive dependencies from printing using tools like dependency:tree. + // here we are overriding the artifact handler for all bundles so the + // dependencies can be listed. this is important because bundle dependencies + // will be used as the parent classloader for this bundle and seeing what + // dependencies are provided is critical. + final Map<String, ArtifactHandler> bundleHandlerMap = new HashMap<>(); + bundleHandlerMap.put(packageType, bundleHandler); + artifactHandlerManager.addHandlers(bundleHandlerMap); + + // get the dependency tree + final DependencyNode root = dependencyTreeBuilder.buildDependencyTree(bundleResult.getProject(), localRepository, null); + + // write the appropriate output + DependencyNodeVisitor visitor = null; + if ("tree".equals(mode)) { + visitor = new TreeWriter(); + } else if ("pom".equals(mode)) { + visitor = new PomWriter(); + } + + // ensure the mode was specified correctly + if (visitor == null) { + throw new MojoExecutionException("The specified mode is invalid. Supported options are 'tree' and 'pom'."); + } + + // visit and print the results + root.accept(visitor); + getLog().info("--- Provided BUNDLE Dependencies ---\n\n" + visitor.toString()); + } catch (DependencyTreeBuilderException | ProjectBuildingException e) { + throw new MojoExecutionException("Cannot build project dependency tree", e); + } + } + + /** + * Gets the Maven project used by this mojo. + * + * @return the Maven project + */ + public MavenProject getProject() { + return project; + } + + /** + * Creates a new ArtifactHandler for the specified Artifact that overrides the includeDependencies flag. When set, this flag prevents transitive + * dependencies from being printed in dependencies plugin. + * + * @param artifact The artifact + * @return The handler for the artifact + */ + private ArtifactHandler excludesDependencies(final Artifact artifact) { + final ArtifactHandler orig = artifact.getArtifactHandler(); + + return new ArtifactHandler() { + @Override + public String getExtension() { + return orig.getExtension(); + } + + @Override + public String getDirectory() { + return orig.getDirectory(); + } + + @Override + public String getClassifier() { + return orig.getClassifier(); + } + + @Override + public String getPackaging() { + return orig.getPackaging(); + } + + // mark dependencies has excluded so they will appear in tree listing + @Override + public boolean isIncludesDependencies() { + return false; + } + + @Override + public String getLanguage() { + return orig.getLanguage(); + } + + @Override + public boolean isAddedToClasspath() { + return orig.isAddedToClasspath(); + } + }; + } + + /** + * Returns whether the specified dependency has test scope. + * + * @param node The dependency + * @return What the dependency is a test scoped dep + */ + private boolean isTest(final DependencyNode node) { + return "test".equals(node.getArtifact().getScope()); + } + + /** + * A dependency visitor that builds a dependency tree. + */ + private class TreeWriter implements DependencyNodeVisitor { + + private final StringBuilder output = new StringBuilder(); + private final Deque<DependencyNode> hierarchy = new ArrayDeque<>(); + + @Override + public boolean visit(DependencyNode node) { + // add this node + hierarchy.push(node); + + // don't print test deps, but still add to hierarchy as they will + // be removed in endVisit below + if (isTest(node)) { + return false; + } + + // build the padding + final StringBuilder pad = new StringBuilder(); + for (int i = 0; i < hierarchy.size() - 1; i++) { + pad.append(" "); + } + pad.append("+- "); + + // log it + output.append(pad).append(node.toNodeString()).append("\n"); + + return true; + } + + @Override + public boolean endVisit(DependencyNode node) { + hierarchy.pop(); + return true; + } + + @Override + public String toString() { + return output.toString(); + } + } + + /** + * A dependency visitor that generates output that can be copied into a pom's dependency management section. + */ + private class PomWriter implements DependencyNodeVisitor { + + private final StringBuilder output = new StringBuilder(); + + @Override + public boolean visit(DependencyNode node) { + if (isTest(node)) { + return false; + } + + final Artifact artifact = node.getArtifact(); + if (!packageType.equals(artifact.getType())) { + output.append("<dependency>\n"); + output.append(" <groupId>").append(artifact.getGroupId()).append("</groupId>\n"); + output.append(" <artifactId>").append(artifact.getArtifactId()).append("</artifactId>\n"); + output.append(" <version>").append(artifact.getVersion()).append("</version>\n"); + output.append(" <scope>provided</scope>\n"); + output.append("</dependency>\n"); + } + + return true; + } + + @Override + public boolean endVisit(DependencyNode node) { + return true; + } + + @Override + public String toString() { + return output.toString(); + } + } +}
http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/bundles-maven-plugin/src/main/resources/META-INF/plexus/components.xml ---------------------------------------------------------------------- diff --git a/bundles-maven-plugin/src/main/resources/META-INF/plexus/components.xml b/bundles-maven-plugin/src/main/resources/META-INF/plexus/components.xml new file mode 100644 index 0000000..cacd29b --- /dev/null +++ b/bundles-maven-plugin/src/main/resources/META-INF/plexus/components.xml @@ -0,0 +1,52 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<component-set> + <components> + <component> + <role>org.apache.maven.lifecycle.mapping.LifecycleMapping</role> + <role-hint>bundle</role-hint> + <implementation>org.apache.maven.lifecycle.mapping.DefaultLifecycleMapping</implementation> + <configuration> + <lifecycles> + <lifecycle> + <id>default</id> + <phases> + <process-resources>org.apache.maven.plugins:maven-resources-plugin:resources</process-resources> + <compile>org.apache.maven.plugins:maven-compiler-plugin:compile</compile> + <process-test-resources>org.apache.maven.plugins:maven-resources-plugin:testResources</process-test-resources> + <test-compile>org.apache.maven.plugins:maven-compiler-plugin:testCompile</test-compile> + <test>org.apache.maven.plugins:maven-surefire-plugin:test</test> + <package>org.apache.metron:bundles-maven-plugin:bundle</package> + <install>org.apache.maven.plugins:maven-install-plugin:install</install> + <deploy>org.apache.maven.plugins:maven-deploy-plugin:deploy</deploy> + </phases> + </lifecycle> + </lifecycles> + </configuration> + </component> + <component> + <role>org.apache.maven.artifact.handler.ArtifactHandler</role> + <role-hint>bundle</role-hint> + <implementation>org.apache.maven.artifact.handler.DefaultArtifactHandler</implementation> + <configuration> + <type>bundle</type> + <language>java</language> + <addedToClasspath>false</addedToClasspath> + <includesDependencies>true</includesDependencies> + </configuration> + </component> + </components> +</component-set> http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-analytics/metron-maas-service/README.md ---------------------------------------------------------------------- diff --git a/metron-analytics/metron-maas-service/README.md b/metron-analytics/metron-maas-service/README.md index d234130..575c873 100644 --- a/metron-analytics/metron-maas-service/README.md +++ b/metron-analytics/metron-maas-service/README.md @@ -159,7 +159,7 @@ Now that we have a deployed model, let's adjust the configurations for the Squid * Edit the squid parser configuration at `$METRON_HOME/config/zookeeper/parsers/squid.json` in your favorite text editor and add a new FieldTransformation to indicate a threat alert based on the model (note the addition of `is_malicious` and `is_alert`): ``` { - "parserClassName": "org.apache.metron.parsers.GrokParser", + "parserClassName": "org.apache.metron.parsers.grok.GrokParser", "sensorTopic": "squid", "parserConfig": { "grokPath": "/patterns/squid", http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/configuration/metron-env.xml ---------------------------------------------------------------------- diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/configuration/metron-env.xml b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/configuration/metron-env.xml index 87866e8..4cdb235 100644 --- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/configuration/metron-env.xml +++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/configuration/metron-env.xml @@ -25,12 +25,54 @@ <display-name>Metron home</display-name> </property> <property> + <name>metron_extension_etc</name> + <value>/usr/metron/${metron.version}/extension_etc</value> + <description>Metron Extensions etc directory</description> + <display-name>Metron Extensions Etc</display-name> + </property> + <property> + <name>metron_extension_etc_parsers</name> + <value>/usr/metron/${metron.version}/extension_etc/parsers</value> + <description>Metron Extensions:Parsers etc directory</description> + <display-name>Metron Extensions:Parsers Etc</display-name> + </property> + <property> + <name>metron_extension_alt_etc</name> + <value>/usr/metron/${metron.version}/extension_alt_etc</value> + <description>Metron Extensions etc directory</description> + <display-name>Metron Extensions Etc</display-name> + </property> + <property> + <name>metron_extension_alt_etc_parsers</name> + <value>/usr/metron/${metron.version}/extension_alt_etc/parsers</value> + <description>Metron Extensions:Alt Parsers etc directory</description> + <display-name>Metron Extensions:Alt Parsers Etc</display-name> + </property> + <property> + <name>local_metron_extension_lib</name> + <value>/usr/metron/${metron.version}/extension_lib</value> + <description>Metron Extensions lib directory</description> + <display-name>Metron Extensions Etc</display-name> + </property> + <property> <name>metron_apps_hdfs_dir</name> <value>/apps/metron</value> <description>Metron apps HDFS dir</description> <display-name>Metron apps HDFS dir</display-name> </property> <property> + <name>metron_apps_extensions_lib_hdfs_dir</name> + <value>/apps/metron/extension_lib</value> + <description>Home for Metron extensions libraries</description> + <display-name>Metron apps extensions libraries HDFS dir</display-name> + </property> + <property> + <name>metron_apps_extensions_alt_lib_hdfs_dir</name> + <value>/apps/metron/extension_alt_lib</value> + <description>Home for Metron alternate extensions libraries</description> + <display-name>Metron apps alternate extensions libraries HDFS dir</display-name> + </property> + <property> <name>metron_zookeeper_config_dir</name> <value>config/zookeeper</value> <description>Metron Zookeeper config dir. Relative path to Metron home.</description> http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml ---------------------------------------------------------------------- diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml index 4213214..2844605 100644 --- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml +++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/metainfo.xml @@ -367,6 +367,45 @@ <name>metron-indexing</name> </package> <package> + <name>metron-parser-extension-asa</name> + </package> + <package> + <name>metron-parser-extension-bro</name> + </package> + <package> + <name>metron-parser-extension-cef</name> + </package> + <package> + <name>metron-parser-extension-fireeye</name> + </package> + <package> + <name>metron-parser-extension-ise</name> + </package> + <package> + <name>metron-parser-extension-lancope</name> + </package> + <package> + <name>metron-parser-extension-logstash</name> + </package> + <package> + <name>metron-parser-extension-paloalto</name> + </package> + <package> + <name>metron-parser-extension-snort</name> + </package> + <package> + <name>metron-parser-extension-sourcefire</name> + </package> + <package> + <name>metron-parser-extension-squid</name> + </package> + <package> + <name>metron-parser-extension-websphere</name> + </package> + <package> + <name>metron-parser-extension-yaf</name> + </package> + <package> <name>metron-elasticsearch</name> </package> <package> http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/metron_service.py ---------------------------------------------------------------------- diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/metron_service.py b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/metron_service.py index d808110..fbc2575 100644 --- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/metron_service.py +++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/metron_service.py @@ -27,12 +27,41 @@ from resource_management.libraries.functions.get_user_call_output import \ from metron_security import kinit -def init_config(): - Logger.info('Loading config into ZooKeeper') - Execute(ambari_format( - "{metron_home}/bin/zk_load_configs.sh --mode PUSH -i {metron_zookeeper_config_path} -z {zookeeper_quorum}"), - path=ambari_format("{java_home}/bin") - ) +def init_config(params): + Logger.info('Loading Metron config into ZooKeeper') + + Logger.info('Creating bundle.properties from template') + File(ambari_format("{metron_zookeeper_config_path}/bundle.properties"), + content=Template("bundle.properties.j2"), + owner=params.metron_user, + group=params.metron_group + ) + + Execute(ambari_format( + "{metron_home}/bin/zk_load_configs.sh --mode PUSH -i {metron_zookeeper_config_path} -z {zookeeper_quorum}"), + path=ambari_format("{java_home}/bin") + ) + + Logger.info('Loading Metron Parser Extension configs into ZooKeeper') + parsers_list = params.all_parsers.replace(' ', '').split(',') + alt_parsers_list = params.all_alt_parsers.replace(' ', '').split(',') + + for parser in parsers_list: + if params: + Execute(ambari_format( + "{metron_home}/bin/zk_load_configs.sh --mode PUSH -i " + params.metron_extensions_etc_parsers + "/" + parser + "/{metron_zookeeper_config_dir} -z {zookeeper_quorum}"), + path=ambari_format("{java_home}/bin") + ) + + + for parser in alt_parsers_list: + if not parser: + break + + Execute(ambari_format( + "{metron_home}/bin/zk_load_configs.sh --mode PUSH -i " + params.metron_extensions_alt_etc_parsers + "/" + parser + "/{metron_zookeeper_config_dir} -z {zookeeper_quorum}"), + path=ambari_format("{java_home}/bin") + ) def get_running_topologies(params): @@ -94,7 +123,7 @@ def load_global_config(params): group=params.metron_group ) - init_config() + init_config(params) def init_kafka_topics(params, topics): http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/params_linux.py ---------------------------------------------------------------------- diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/params_linux.py b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/params_linux.py index 7855d6c..abbddc5 100755 --- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/params_linux.py +++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/params_linux.py @@ -38,7 +38,15 @@ tmp_dir = Script.get_tmp_dir() hostname = config['hostname'] metron_home = status_params.metron_home +local_metron_extensions_lib = status_params.local_metron_extensions_lib +hdfs_metron_apps_extensions_lib = status_params.hdfs_metron_apps_extensions_lib +hdfs_metron_apps_extensions_alt_lib = status_params.hdfs_metron_apps_extensions_alt_lib +metron_extensions_etc_parsers = status_params.metron_extensions_etc_parsers +metron_extensions_alt_etc_parsers = status_params.metron_extensions_alt_etc_parsers parsers = status_params.parsers +all_parsers = status_params.all_parsers +all_alt_parsers = status_params.all_alt_parsers +geoip_url = config['configurations']['metron-env']['geoip_url'] parser_error_topic = config['configurations']['metron-parsers-env']['parser_error_topic'] geoip_hdfs_dir = "/apps/metron/geo/default/" metron_user = status_params.metron_user http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/status_params.py ---------------------------------------------------------------------- diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/status_params.py b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/status_params.py index 1935f2f..76f8570 100644 --- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/status_params.py +++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/params/status_params.py @@ -29,7 +29,16 @@ metron_user = config['configurations']['metron-env']['metron_user'] # Parsers parsers = config['configurations']['metron-parsers-env']['parsers'] +all_parsers = "asa,bro,cef,fireeye,ise,lancope,logstash,paloalto,snort,sourcefire,squid,websphere,yaf" +all_alt_parsers = "" metron_home = config['configurations']['metron-env']['metron_home'] +local_metron_extensions_lib = format(format(config['configurations']['metron-env']['local_metron_extension_lib'])) +hdfs_metron_apps_extensions_lib = format(format(config['configurations']['metron-env']['metron_apps_extensions_lib_hdfs_dir'])) +hdfs_metron_apps_extensions_alt_lib = format(format(config['configurations']['metron-env']['metron_apps_extensions_alt_lib_hdfs_dir'])) +metron_extensions_etc = format(format(config['configurations']['metron-env']['metron_extension_etc'])) +metron_extensions_etc_parsers = format(format(config['configurations']['metron-env']['metron_extension_etc_parsers'])) +metron_extensions_alt_etc = format(format(config['configurations']['metron-env']['metron_extension_etc'])) +metron_extensions_alt_etc_parsers = format(format(config['configurations']['metron-env']['metron_extension_alt_etc_parsers'])) metron_zookeeper_config_dir = config['configurations']['metron-env']['metron_zookeeper_config_dir'] metron_zookeeper_config_path = format('{metron_home}/{metron_zookeeper_config_dir}') parsers_configured_flag_file = metron_zookeeper_config_path + '/../metron_parsers_configured' http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/parser_commands.py ---------------------------------------------------------------------- diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/parser_commands.py b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/parser_commands.py index a487298..5d6b772 100755 --- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/parser_commands.py +++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/scripts/parser_commands.py @@ -34,6 +34,8 @@ import metron_security class ParserCommands: __params = None __parser_list = None + __all_parsers_list = None + __all_alt_parses_list = None __configured = False __acl_configured = False @@ -42,6 +44,8 @@ class ParserCommands: raise ValueError("params argument is required for initialization") self.__params = params self.__parser_list = self.__get_parsers(params) + self.__all_parsers_list = self.__get_all_parsers(params) + self.__all_alt_parses_list = self.__get_all_alt_parsers(params) self.__configured = os.path.isfile(self.__params.parsers_configured_flag_file) self.__acl_configured = os.path.isfile(self.__params.parsers_acl_configured_flag_file) @@ -49,6 +53,12 @@ class ParserCommands: def __get_parsers(self, params): return params.parsers.replace(' ', '').split(',') + def __get_all_parsers(self, params): + return params.all_parsers.replace(' ', '').split(',') + + def __get_all_alt_parsers(self, params): + return params.all_alt_parsers.replace(' ', '').split(',') + def is_configured(self): return self.__configured @@ -71,19 +81,65 @@ class ParserCommands: Logger.info( "Copying grok patterns from local directory '{0}' to HDFS '{1}'".format(self.__params.local_grok_patterns_dir, self.__params.hdfs_grok_patterns_dir)) - + # copy the global patterns self.__params.HdfsResource(self.__params.hdfs_grok_patterns_dir, type="directory", action="create_on_execute", owner=self.__params.metron_user, - mode=0755, - source=self.__params.local_grok_patterns_dir) + group=self.__params.hadoop_group, + mode=0775, + source=self.__params.local_grok_patterns_dir, + recursive_chown=True) + + parsers = self.get_all_parsers_list() + + # each parser extension may have patterns as well + for parser in parsers: + if not os.path.exists(self.__params.metron_extensions_etc_parsers + '/' + parser + '/patterns'): + continue + + Logger.info( + "Copying {0} grok patterns from local directory '{1}' to HDFS '{2}'".format(parser,self.__params.metron_extensions_etc_parsers + '/' + parser + '/patterns', + self.__params.hdfs_grok_patterns_dir + '/' + parser)) + self.__params.HdfsResource(self.__params.hdfs_grok_patterns_dir + '/' + parser, + type="directory", + action="create_on_execute", + owner=self.__params.metron_user, + group=self.__params.hadoop_group, + mode=0775, + source=self.__params.metron_extensions_etc_parsers + '/' + parser + '/patterns', + recursive_chown=True) + + Logger.info("Copying extension lib from local directory '{0}' to HDFS '{1}'".format(self.__params.local_metron_extensions_lib,self.__params.hdfs_metron_apps_extensions_lib)) + self.__params.HdfsResource(self.__params.hdfs_metron_apps_extensions_lib, + type="directory", + action="create_on_execute", + owner=self.__params.metron_user, + group=self.__params.hadoop_group, + mode=0775, + source=self.__params.local_metron_extensions_lib, + recursive_chown=True) + + Logger.info("Creating the extensions alt lib dir in HDFS {0}".format(self.__params.hdfs_metron_apps_extensions_alt_lib)) + self.__params.HdfsResource(self.__params.hdfs_metron_apps_extensions_alt_lib, + type="directory", + action="create_on_execute", + owner=self.__params.metron_user, + group=self.__params.hadoop_group, + mode=0775, + recursive_chown=True) Logger.info("Done initializing parser configuration") def get_parser_list(self): return self.__parser_list + def get_all_parsers_list(self): + return self.__all_parsers_list + + def get_all_alt_parsers_list(self): + return self.__all_alt_parses_list + def init_kafka_topics(self): Logger.info('Creating Kafka topics for parsers') # All errors go to indexing topics, so create it here if it's not already http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/bundle.properties.j2 ---------------------------------------------------------------------- diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/bundle.properties.j2 b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/bundle.properties.j2 new file mode 100644 index 0000000..d09595c --- /dev/null +++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/bundle.properties.j2 @@ -0,0 +1,21 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Core Properties # +bundle.library.directory={{default_fs}}/{{hdfs_metron_apps_extensions_lib}} +bundle.library.directory.alt={{default_fs}}/{{hdfs_metron_apps_extensions_alt_lib}} +bundle.archive.extension=bundle +bundle.meta.id.prefix=Bundle +bundle.extension.type.MessageParser=org.apache.metron.parsers.interfaces.MessageParser http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/global.json.j2 ---------------------------------------------------------------------- diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/global.json.j2 b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/global.json.j2 index 67226ff..b95ea50 100644 --- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/global.json.j2 +++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/global.json.j2 @@ -4,5 +4,6 @@ "es.date.format": "{{es_date_format}}", "parser.error.topic": "{{parser_error_topic}}", "update.hbase.table": "{{update_table}}", - "update.hbase.cf": "{{update_cf}}" + "update.hbase.cf": "{{update_cf}}", + "metron.apps.hdfs.dir": "{{metron_apps_hdfs_dir}}" } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/metron.j2 ---------------------------------------------------------------------- diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/metron.j2 b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/metron.j2 index 7233b54..7bef3fa 100644 --- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/metron.j2 +++ b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/templates/metron.j2 @@ -15,6 +15,7 @@ # limitations under the License. JAVA_HOME="{{java_home}}" METRON_HOME="{{metron_home}}" +METRON_HDFS_APPS_ROOT="{{metron_apps_hdfs_dir}}" METRON_USER="{{metron_user}}" METRON_LOG_DIR="{{metron_log_dir}}" METRON_PID_DIR="{{metron_pid_dir}}" http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-deployment/packaging/docker/rpm-docker/SPECS/metron.spec ---------------------------------------------------------------------- diff --git a/metron-deployment/packaging/docker/rpm-docker/SPECS/metron.spec b/metron-deployment/packaging/docker/rpm-docker/SPECS/metron.spec index 94c7e05..b95e6b0 100644 --- a/metron-deployment/packaging/docker/rpm-docker/SPECS/metron.spec +++ b/metron-deployment/packaging/docker/rpm-docker/SPECS/metron.spec @@ -29,6 +29,12 @@ %define metron_root %{_prefix}/%{base_name} %define metron_home %{metron_root}/%{full_version} +%define metron_extensions_lib %{metron_home}/extension_lib +%define metron_extensions_alt_lib %{metron_home}/extension_alt_lib +%define metron_extensions_etc %{metron_home}/extension_etc +%define metron_extensions_etc_parsers %{metron_extensions_etc}/parsers +%define metron_extensions_alt_etc %{metron_home}/extension_alt_etc +%define metron_extensions_alt_etc_parsers %{metron_extensions_alt_etc}/parsers # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -52,7 +58,21 @@ Source7: metron-pcap-backend-%{full_version}-archive.tar.gz Source8: metron-profiler-%{full_version}-archive.tar.gz Source9: metron-rest-%{full_version}-archive.tar.gz Source10: metron-config-%{full_version}-archive.tar.gz -Source11: metron-management-%{full_version}-archive.tar.gz +#extensions +Source11: metron-parser-asa-assembly-%{full_version}-archive.tar.gz +Source12: metron-parser-bro-assembly-%{full_version}-archive.tar.gz +Source13: metron-parser-cef-assembly-%{full_version}-archive.tar.gz +Source14: metron-parser-fireeye-assembly-%{full_version}-archive.tar.gz +Source15: metron-parser-ise-assembly-%{full_version}-archive.tar.gz +Source16: metron-parser-lancope-assembly-%{full_version}-archive.tar.gz +Source17: metron-parser-logstash-assembly-%{full_version}-archive.tar.gz +Source18: metron-parser-paloalto-assembly-%{full_version}-archive.tar.gz +Source19: metron-parser-snort-assembly-%{full_version}-archive.tar.gz +Source20: metron-parser-sourcefire-assembly-%{full_version}-archive.tar.gz +Source21: metron-parser-squid-assembly-%{full_version}-archive.tar.gz +Source22: metron-parser-websphere-assembly-%{full_version}-archive.tar.gz +Source23: metron-parser-yaf-assembly-%{full_version}-archive.tar.gz +Source24: metron-management-%{full_version}-archive.tar.gz %description Apache Metron provides a scalable advanced security analytics framework @@ -73,6 +93,25 @@ rm -rf %{_builddir}/* rm -rf %{buildroot} mkdir -p %{buildroot}%{metron_home} mkdir -p %{buildroot}/etc/init.d +mkdir -p %{buildroot}%{metron_extensions_lib} +mkdir -p %{buildroot}%{metron_extensions_etc} +mkdir -p %{buildroot}%{metron_extensions_etc_parsers} +mkdir -p %{buildroot}%{metron_extensions_alt_lib} +mkdir -p %{buildroot}%{metron_extensions_alt_etc} +mkdir -p %{buildroot}%{metron_extensions_alt_etc_parsers} +mkdir -p %{buildroot}%{metron_extensions_etc_parsers}/asa +mkdir -p %{buildroot}%{metron_extensions_etc_parsers}/bro +mkdir -p %{buildroot}%{metron_extensions_etc_parsers}/cef +mkdir -p %{buildroot}%{metron_extensions_etc_parsers}/fireeye +mkdir -p %{buildroot}%{metron_extensions_etc_parsers}/ise +mkdir -p %{buildroot}%{metron_extensions_etc_parsers}/lancope +mkdir -p %{buildroot}%{metron_extensions_etc_parsers}/logstash +mkdir -p %{buildroot}%{metron_extensions_etc_parsers}/paloalto +mkdir -p %{buildroot}%{metron_extensions_etc_parsers}/snort +mkdir -p %{buildroot}%{metron_extensions_etc_parsers}/sourcefire +mkdir -p %{buildroot}%{metron_extensions_etc_parsers}/squid +mkdir -p %{buildroot}%{metron_extensions_etc_parsers}/websphere +mkdir -p %{buildroot}%{metron_extensions_etc_parsers}/yaf # copy source files and untar tar -xzf %{SOURCE0} -C %{buildroot}%{metron_home} @@ -86,7 +125,33 @@ tar -xzf %{SOURCE7} -C %{buildroot}%{metron_home} tar -xzf %{SOURCE8} -C %{buildroot}%{metron_home} tar -xzf %{SOURCE9} -C %{buildroot}%{metron_home} tar -xzf %{SOURCE10} -C %{buildroot}%{metron_home} -tar -xzf %{SOURCE11} -C %{buildroot}%{metron_home} +tar -xzf %{SOURCE11} -C %{buildroot}%{metron_extensions_etc_parsers}/asa +tar -xzf %{SOURCE12} -C %{buildroot}%{metron_extensions_etc_parsers}/bro +tar -xzf %{SOURCE13} -C %{buildroot}%{metron_extensions_etc_parsers}/cef +tar -xzf %{SOURCE14} -C %{buildroot}%{metron_extensions_etc_parsers}/fireeye +tar -xzf %{SOURCE15} -C %{buildroot}%{metron_extensions_etc_parsers}/ise +tar -xzf %{SOURCE16} -C %{buildroot}%{metron_extensions_etc_parsers}/lancope +tar -xzf %{SOURCE17} -C %{buildroot}%{metron_extensions_etc_parsers}/logstash +tar -xzf %{SOURCE18} -C %{buildroot}%{metron_extensions_etc_parsers}/paloalto +tar -xzf %{SOURCE19} -C %{buildroot}%{metron_extensions_etc_parsers}/snort +tar -xzf %{SOURCE20} -C %{buildroot}%{metron_extensions_etc_parsers}/sourcefire +tar -xzf %{SOURCE21} -C %{buildroot}%{metron_extensions_etc_parsers}/squid +tar -xzf %{SOURCE22} -C %{buildroot}%{metron_extensions_etc_parsers}/websphere +tar -xzf %{SOURCE23} -C %{buildroot}%{metron_extensions_etc_parsers}/yaf +tar -xzf %{SOURCE24} -C %{buildroot}%{metron_home} + +# move the bundles from config to extensions lib +mv %{buildroot}%{metron_extensions_etc_parsers}/asa/lib/*.bundle %{buildroot}%{metron_extensions_lib}/ +mv %{buildroot}%{metron_extensions_etc_parsers}/bro/lib/*.bundle %{buildroot}%{metron_extensions_lib}/ +mv %{buildroot}%{metron_extensions_etc_parsers}/cef/lib/*.bundle %{buildroot}%{metron_extensions_lib}/ +mv %{buildroot}%{metron_extensions_etc_parsers}/fireeye/lib/*.bundle %{buildroot}%{metron_extensions_lib}/ +mv %{buildroot}%{metron_extensions_etc_parsers}/ise/lib/*.bundle %{buildroot}%{metron_extensions_lib}/ +mv %{buildroot}%{metron_extensions_etc_parsers}/lancope/lib/*.bundle %{buildroot}%{metron_extensions_lib}/ +mv %{buildroot}%{metron_extensions_etc_parsers}/logstash/lib/*.bundle %{buildroot}%{metron_extensions_lib}/ +mv %{buildroot}%{metron_extensions_etc_parsers}/paloalto/lib/*.bundle %{buildroot}%{metron_extensions_lib}/ +mv %{buildroot}%{metron_extensions_etc_parsers}/snort/lib/*.bundle %{buildroot}%{metron_extensions_lib}/ +mv %{buildroot}%{metron_extensions_etc_parsers}/sourcefire/lib/*.bundle %{buildroot}%{metron_extensions_lib}/ +mv %{buildroot}%{metron_extensions_etc_parsers}/websphere/lib/*.bundle %{buildroot}%{metron_extensions_lib}/ install %{buildroot}%{metron_home}/bin/metron-rest %{buildroot}/etc/init.d/ install %{buildroot}%{metron_home}/bin/metron-management-ui %{buildroot}/etc/init.d/ @@ -132,25 +197,414 @@ This package installs the Metron Parser files %dir %{metron_home}/config/zookeeper/parsers %dir %{metron_home}/patterns %dir %{metron_home}/lib +%dir %{metron_extensions_etc} +%dir %{metron_extensions_etc_parsers} +%dir %{metron_extensions_lib} +%dir %{metron_extensions_alt_etc} +%dir %{metron_extensions_alt_etc_parsers} +%dir %{metron_extensions_alt_lib} %{metron_home}/bin/start_parser_topology.sh -%{metron_home}/config/zookeeper/parsers/bro.json %{metron_home}/config/zookeeper/parsers/jsonMap.json -%{metron_home}/config/zookeeper/parsers/snort.json -%{metron_home}/config/zookeeper/parsers/squid.json -%{metron_home}/config/zookeeper/parsers/websphere.json -%{metron_home}/config/zookeeper/parsers/yaf.json -%{metron_home}/config/zookeeper/parsers/asa.json -%{metron_home}/patterns/asa %{metron_home}/patterns/common -%{metron_home}/patterns/fireeye -%{metron_home}/patterns/sourcefire -%{metron_home}/patterns/squid -%{metron_home}/patterns/websphere -%{metron_home}/patterns/yaf %attr(0644,root,root) %{metron_home}/lib/metron-parsers-%{full_version}-uber.jar # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +%package parser-extension-asa +Summary: Metron ASA Parser Extension Files +Group: Applications/Internet +Provides: parser-extension-asa = %{version} + +%description parser-extension-asa +This package installs the Metron ASA Parser Extension files + +%files parser-extension-asa +%defattr(-,root,root,755) +%dir %{metron_root} +%dir %{metron_home} +%dir %{metron_extensions_etc} +%dir %{metron_extensions_etc_parsers} +%dir %{metron_extensions_etc_parsers}/asa +%dir %{metron_extensions_etc_parsers}/asa/config +%dir %{metron_extensions_etc_parsers}/asa/config/zookeeper +%dir %{metron_extensions_etc_parsers}/asa/config/zookeeper/parsers +%dir %{metron_extensions_etc_parsers}/asa/config/zookeeper/enrichments +%dir %{metron_extensions_etc_parsers}/asa/config/zookeeper/indexing +%dir %{metron_extensions_etc_parsers}/asa/patterns +%dir %{metron_extensions_lib} +%{metron_extensions_etc_parsers}/asa/config/zookeeper/parsers/asa.json +%{metron_extensions_etc_parsers}/asa/config/zookeeper/enrichments/asa.json +%{metron_extensions_etc_parsers}/asa/config/zookeeper/indexing/asa.json +%{metron_extensions_etc_parsers}/asa/patterns/asa +%{metron_extensions_etc_parsers}/asa/patterns/common +%attr(0644,root,root) %{metron_extensions_lib}/metron-parser-asa-bundle-%{full_version}.bundle + +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +%package parser-extension-bro +Summary: Metron BRO Parser Extension Files +Group: Applications/Internet +Provides: parser-extension-bro = %{version} + +%description parser-extension-bro +This package installs the Metron BRO Parser Extension files + +%files parser-extension-bro +%defattr(-,root,root,755) +%dir %{metron_root} +%dir %{metron_home} +%dir %{metron_extensions_etc} +%dir %{metron_extensions_etc_parsers} +%dir %{metron_extensions_etc_parsers}/bro +%dir %{metron_extensions_etc_parsers}/bro/config +%dir %{metron_extensions_etc_parsers}/bro/config/elasticsearch +%dir %{metron_extensions_etc_parsers}/bro/config/zookeeper +%dir %{metron_extensions_etc_parsers}/bro/config/zookeeper/parsers +%dir %{metron_extensions_etc_parsers}/bro/config/zookeeper/enrichments +%dir %{metron_extensions_etc_parsers}/bro/config/zookeeper/indexing +%dir %{metron_extensions_lib} +%{metron_extensions_etc_parsers}/bro/config/zookeeper/parsers/bro.json +%{metron_extensions_etc_parsers}/bro/config/zookeeper/enrichments/bro.json +%{metron_extensions_etc_parsers}/bro/config/zookeeper/indexing/bro.json +%{metron_extensions_etc_parsers}/bro/config/elasticsearch/bro_index.template +%attr(0644,root,root) %{metron_extensions_lib}/metron-parser-bro-bundle-%{full_version}.bundle + +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + +%package parser-extension-cef +Summary: Metron CEF Parser Extension Files +Group: Applications/Internet +Provides: parser-extension-cef = %{version} + +%description parser-extension-cef +This package installs the Metron CEF Parser Extension files + +%files parser-extension-cef +%defattr(-,root,root,755) +%dir %{metron_root} +%dir %{metron_home} +%dir %{metron_extensions_etc} +%dir %{metron_extensions_etc_parsers} +%dir %{metron_extensions_etc_parsers}/cef +%dir %{metron_extensions_etc_parsers}/cef/config +%dir %{metron_extensions_etc_parsers}/cef/config/zookeeper +%dir %{metron_extensions_etc_parsers}/cef/config/zookeeper/parsers +%dir %{metron_extensions_etc_parsers}/cef/config/zookeeper/enrichments +%dir %{metron_extensions_etc_parsers}/cef/config/zookeeper/indexing +%dir %{metron_extensions_lib} +%{metron_extensions_etc_parsers}/cef/config/zookeeper/parsers/cef.json +%{metron_extensions_etc_parsers}/cef/config/zookeeper/enrichments/cef.json +%{metron_extensions_etc_parsers}/cef/config/zookeeper/indexing/cef.json +%attr(0644,root,root) %{metron_extensions_lib}/metron-parser-cef-bundle-%{full_version}.bundle + +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + +%package parser-extension-fireeye +Summary: Metron Fireeye Parser Extension Files +Group: Applications/Internet +Provides: parser-extension-fireeye = %{version} + +%description parser-extension-fireeye +This package installs the Metron Fireeye Parser Extension files + +%files parser-extension-fireeye +%defattr(-,root,root,755) +%dir %{metron_root} +%dir %{metron_home} +%dir %{metron_extensions_etc} +%dir %{metron_extensions_etc_parsers} +%dir %{metron_extensions_etc_parsers}/fireeye +%dir %{metron_extensions_etc_parsers}/fireeye/config +%dir %{metron_extensions_etc_parsers}/fireeye/config/zookeeper +%dir %{metron_extensions_etc_parsers}/fireeye/config/zookeeper/parsers +%dir %{metron_extensions_etc_parsers}/fireeye/config/zookeeper/enrichments +%dir %{metron_extensions_etc_parsers}/fireeye/config/zookeeper/indexing +%dir %{metron_extensions_etc_parsers}/fireeye/patterns +%dir %{metron_extensions_lib} +%{metron_extensions_etc_parsers}/fireeye/config/zookeeper/parsers/fireeye.json +%{metron_extensions_etc_parsers}/fireeye/config/zookeeper/enrichments/fireeye.json +%{metron_extensions_etc_parsers}/fireeye/config/zookeeper/indexing/fireeye.json +%{metron_extensions_etc_parsers}/fireeye/patterns/fireeye +%{metron_extensions_etc_parsers}/fireeye/patterns/common +%attr(0644,root,root) %{metron_extensions_lib}/metron-parser-fireeye-bundle-%{full_version}.bundle + +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + +%package parser-extension-ise +Summary: Metron ISE Parser Extension Files +Group: Applications/Internet +Provides: parser-extension-ise = %{version} + +%description parser-extension-ise +This package installs the Metron ISE Parser Extension files + +%files parser-extension-ise +%defattr(-,root,root,755) +%dir %{metron_root} +%dir %{metron_home} +%dir %{metron_extensions_etc} +%dir %{metron_extensions_etc_parsers} +%dir %{metron_extensions_etc_parsers}/ise +%dir %{metron_extensions_etc_parsers}/ise/config +%dir %{metron_extensions_etc_parsers}/ise/config/zookeeper +%dir %{metron_extensions_etc_parsers}/ise/config/zookeeper/parsers +%dir %{metron_extensions_etc_parsers}/ise/config/zookeeper/enrichments +%dir %{metron_extensions_etc_parsers}/ise/config/zookeeper/indexing +%dir %{metron_extensions_lib} +%{metron_extensions_etc_parsers}/ise/config/zookeeper/parsers/ise.json +%{metron_extensions_etc_parsers}/ise/config/zookeeper/enrichments/ise.json +%{metron_extensions_etc_parsers}/ise/config/zookeeper/indexing/ise.json +%attr(0644,root,root) %{metron_extensions_lib}/metron-parser-ise-bundle-%{full_version}.bundle + +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + +%package parser-extension-lancope +Summary: Metron Lancope Parser Extension Files +Group: Applications/Internet +Provides: parser-extension-lancope = %{version} + +%description parser-extension-lancope +This package installs the Metron Lancope Parser Extension files + +%files parser-extension-lancope +%defattr(-,root,root,755) +%dir %{metron_root} +%dir %{metron_home} +%dir %{metron_extensions_etc} +%dir %{metron_extensions_etc_parsers} +%dir %{metron_extensions_etc_parsers}/lancope +%dir %{metron_extensions_etc_parsers}/lancope/config +%dir %{metron_extensions_etc_parsers}/lancope/config/zookeeper +%dir %{metron_extensions_etc_parsers}/lancope/config/zookeeper/parsers +%dir %{metron_extensions_etc_parsers}/lancope/config/zookeeper/enrichments +%dir %{metron_extensions_etc_parsers}/lancope/config/zookeeper/indexing +%dir %{metron_extensions_lib} +%{metron_extensions_etc_parsers}/lancope/config/zookeeper/parsers/lancope.json +%{metron_extensions_etc_parsers}/lancope/config/zookeeper/enrichments/lancope.json +%{metron_extensions_etc_parsers}/lancope/config/zookeeper/indexing/lancope.json +%attr(0644,root,root) %{metron_extensions_lib}/metron-parser-lancope-bundle-%{full_version}.bundle + +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + +%package parser-extension-logstash +Summary: Metron Logstash Parser Extension Files +Group: Applications/Internet +Provides: parser-extension-logstash = %{version} + +%description parser-extension-logstash +This package installs the Metron Logstash Parser Extension files + +%files parser-extension-logstash +%defattr(-,root,root,755) +%dir %{metron_root} +%dir %{metron_home} +%dir %{metron_extensions_etc} +%dir %{metron_extensions_etc_parsers} +%dir %{metron_extensions_etc_parsers}/logstash +%dir %{metron_extensions_etc_parsers}/logstash/config +%dir %{metron_extensions_etc_parsers}/logstash/config/zookeeper +%dir %{metron_extensions_etc_parsers}/logstash/config/zookeeper/parsers +%dir %{metron_extensions_etc_parsers}/logstash/config/zookeeper/enrichments +%dir %{metron_extensions_etc_parsers}/logstash/config/zookeeper/indexing +%dir %{metron_extensions_lib} +%{metron_extensions_etc_parsers}/logstash/config/zookeeper/parsers/logstash.json +%{metron_extensions_etc_parsers}/logstash/config/zookeeper/enrichments/logstash.json +%{metron_extensions_etc_parsers}/logstash/config/zookeeper/indexing/logstash.json +%attr(0644,root,root) %{metron_extensions_lib}/metron-parser-logstash-bundle-%{full_version}.bundle + +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + +%package parser-extension-paloalto +Summary: Metron PaloAlto Parser Extension Files +Group: Applications/Internet +Provides: parser-extension-paloalto = %{version} + +%description parser-extension-paloalto +This package installs the Metron PaloAlto Parser Extension files + +%files parser-extension-paloalto +%defattr(-,root,root,755) +%dir %{metron_root} +%dir %{metron_home} +%dir %{metron_extensions_etc} +%dir %{metron_extensions_etc_parsers} +%dir %{metron_extensions_etc_parsers}/paloalto +%dir %{metron_extensions_etc_parsers}/paloalto/config +%dir %{metron_extensions_etc_parsers}/paloalto/config/zookeeper +%dir %{metron_extensions_etc_parsers}/paloalto/config/zookeeper/parsers +%dir %{metron_extensions_etc_parsers}/paloalto/config/zookeeper/enrichments +%dir %{metron_extensions_etc_parsers}/paloalto/config/zookeeper/indexing +%dir %{metron_extensions_lib} +%{metron_extensions_etc_parsers}/paloalto/config/zookeeper/parsers/paloalto.json +%{metron_extensions_etc_parsers}/paloalto/config/zookeeper/enrichments/paloalto.json +%{metron_extensions_etc_parsers}/paloalto/config/zookeeper/indexing/paloalto.json +%attr(0644,root,root) %{metron_extensions_lib}/metron-parser-paloalto-bundle-%{full_version}.bundle + +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + +%package parser-extension-snort +Summary: Metron Snort Parser Extension Files +Group: Applications/Internet +Provides: parser-extension-snort = %{version} + +%description parser-extension-snort +This package installs the Metron Snort Parser Extension files + +%files parser-extension-snort +%defattr(-,root,root,755) +%dir %{metron_root} +%dir %{metron_home} +%dir %{metron_extensions_etc} +%dir %{metron_extensions_etc_parsers} +%dir %{metron_extensions_etc_parsers}/snort +%dir %{metron_extensions_etc_parsers}/snort/config +%dir %{metron_extensions_etc_parsers}/snort/config/elasticsearch +%dir %{metron_extensions_etc_parsers}/snort/config/zookeeper +%dir %{metron_extensions_etc_parsers}/snort/config/zookeeper/parsers +%dir %{metron_extensions_etc_parsers}/snort/config/zookeeper/enrichments +%dir %{metron_extensions_etc_parsers}/snort/config/zookeeper/indexing +%dir %{metron_extensions_lib} +%{metron_extensions_etc_parsers}/snort/config/zookeeper/parsers/snort.json +%{metron_extensions_etc_parsers}/snort/config/zookeeper/enrichments/snort.json +%{metron_extensions_etc_parsers}/snort/config/zookeeper/indexing/snort.json +%{metron_extensions_etc_parsers}/snort/config/elasticsearch/snort_index.template +%attr(0644,root,root) %{metron_extensions_lib}/metron-parser-snort-bundle-%{full_version}.bundle + +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +%package parser-extension-sourcefire +Summary: Metron Sourcefire Parser Extension Files +Group: Applications/Internet +Provides: parser-extension-sourcefire = %{version} + +%description parser-extension-sourcefire +This package installs the Metron Sourcefire Parser Extension files + +%files parser-extension-sourcefire +%defattr(-,root,root,755) +%dir %{metron_root} +%dir %{metron_home} +%dir %{metron_extensions_etc} +%dir %{metron_extensions_etc_parsers} +%dir %{metron_extensions_etc_parsers}/sourcefire +%dir %{metron_extensions_etc_parsers}/sourcefire/config +%dir %{metron_extensions_etc_parsers}/sourcefire/config/zookeeper +%dir %{metron_extensions_etc_parsers}/sourcefire/config/zookeeper/parsers +%dir %{metron_extensions_etc_parsers}/sourcefire/config/zookeeper/enrichments +%dir %{metron_extensions_etc_parsers}/sourcefire/config/zookeeper/indexing +%dir %{metron_extensions_etc_parsers}/sourcefire/patterns +%dir %{metron_extensions_lib} +%{metron_extensions_etc_parsers}/sourcefire/config/zookeeper/parsers/sourcefire.json +%{metron_extensions_etc_parsers}/sourcefire/config/zookeeper/enrichments/sourcefire.json +%{metron_extensions_etc_parsers}/sourcefire/config/zookeeper/indexing/sourcefire.json +%{metron_extensions_etc_parsers}/sourcefire/patterns/sourcefire +%{metron_extensions_etc_parsers}/sourcefire/patterns/common +%attr(0644,root,root) %{metron_extensions_lib}/metron-parser-sourcefire-bundle-%{full_version}.bundle + +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + +%package parser-extension-squid +Summary: Metron Squid Parser Extension Files +Group: Applications/Internet +Provides: parser-extension-squid = %{version} + +%description parser-extension-squid +This package installs the Metron Squid Parser Extension files + +%files parser-extension-squid +%defattr(-,root,root,755) +%dir %{metron_root} +%dir %{metron_home} +%dir %{metron_extensions_etc} +%dir %{metron_extensions_etc_parsers} +%dir %{metron_extensions_etc_parsers}/squid +%dir %{metron_extensions_etc_parsers}/squid/config +%dir %{metron_extensions_etc_parsers}/squid/config/zookeeper +%dir %{metron_extensions_etc_parsers}/squid/config/zookeeper/parsers +%dir %{metron_extensions_etc_parsers}/squid/config/zookeeper/enrichments +%dir %{metron_extensions_etc_parsers}/squid/config/zookeeper/indexing +%dir %{metron_extensions_etc_parsers}/squid/patterns +%{metron_extensions_etc_parsers}/squid/config/zookeeper/parsers/squid.json +%{metron_extensions_etc_parsers}/squid/config/zookeeper/enrichments/squid.json +%{metron_extensions_etc_parsers}/squid/config/zookeeper/indexing/squid.json +%{metron_extensions_etc_parsers}/squid/patterns/squid +%{metron_extensions_etc_parsers}/squid/patterns/common + +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + +%package parser-extension-websphere +Summary: Metron Parser Websphere Extension Files +Group: Applications/Internet +Provides: parser-extension-websphere = %{version} + +%description parser-extension-websphere +This package installs the Metron Websphere Parser Extension files + +%files parser-extension-websphere +%defattr(-,root,root,755) +%dir %{metron_root} +%dir %{metron_home} +%dir %{metron_extensions_etc} +%dir %{metron_extensions_etc_parsers} +%dir %{metron_extensions_etc_parsers}/websphere +%dir %{metron_extensions_etc_parsers}/websphere/config +%dir %{metron_extensions_etc_parsers}/websphere/config/zookeeper +%dir %{metron_extensions_etc_parsers}/websphere/config/zookeeper/parsers +%dir %{metron_extensions_etc_parsers}/websphere/config/zookeeper/enrichments +%dir %{metron_extensions_etc_parsers}/websphere/config/zookeeper/indexing +%dir %{metron_extensions_etc_parsers}/websphere/patterns +%dir %{metron_extensions_lib} +%{metron_extensions_etc_parsers}/websphere/config/zookeeper/parsers/websphere.json +%{metron_extensions_etc_parsers}/websphere/config/zookeeper/enrichments/websphere.json +%{metron_extensions_etc_parsers}/websphere/config/zookeeper/indexing/websphere.json +%{metron_extensions_etc_parsers}/websphere/patterns/websphere +%{metron_extensions_etc_parsers}/websphere/patterns/common +%attr(0644,root,root) %{metron_extensions_lib}/metron-parser-websphere-bundle-%{full_version}.bundle + +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + +%package parser-extension-yaf +Summary: Metron Yaf Parser Extension Files +Group: Applications/Internet +Provides: parser-extension-yaf = %{version} + +%description parser-extension-yaf +This package installs the Metron Yaf Parser Extension files + +%files parser-extension-yaf +%defattr(-,root,root,755) +%dir %{metron_root} +%dir %{metron_home} +%dir %{metron_extensions_etc} +%dir %{metron_extensions_etc_parsers} +%dir %{metron_extensions_etc_parsers}/yaf +%dir %{metron_extensions_etc_parsers}/yaf/config +%dir %{metron_extensions_etc_parsers}/yaf/config/elasticsearch +%dir %{metron_extensions_etc_parsers}/yaf/config/zookeeper +%dir %{metron_extensions_etc_parsers}/yaf/config/zookeeper/parsers +%dir %{metron_extensions_etc_parsers}/yaf/config/zookeeper/enrichments +%dir %{metron_extensions_etc_parsers}/yaf/config/zookeeper/indexing +%dir %{metron_extensions_etc_parsers}/yaf/patterns +%{metron_extensions_etc_parsers}/yaf/config/zookeeper/parsers/yaf.json +%{metron_extensions_etc_parsers}/yaf/config/zookeeper/enrichments/yaf.json +%{metron_extensions_etc_parsers}/yaf/config/zookeeper/indexing/yaf.json +%{metron_extensions_etc_parsers}/yaf/config/elasticsearch/yaf_index.template +%{metron_extensions_etc_parsers}/yaf/patterns/yaf +%{metron_extensions_etc_parsers}/yaf/patterns/common + +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + %package elasticsearch Summary: Metron Elasticsearch Files Group: Applications/Internet @@ -232,18 +686,11 @@ This package installs the Metron Enrichment files %dir %{metron_home} %dir %{metron_home}/bin %dir %{metron_home}/config -%dir %{metron_home}/config/zookeeper -%dir %{metron_home}/config/zookeeper/enrichments %dir %{metron_home}/flux %dir %{metron_home}/flux/enrichment %{metron_home}/bin/latency_summarizer.sh %{metron_home}/bin/start_enrichment_topology.sh %{metron_home}/config/enrichment.properties -%{metron_home}/config/zookeeper/enrichments/bro.json -%{metron_home}/config/zookeeper/enrichments/snort.json -%{metron_home}/config/zookeeper/enrichments/websphere.json -%{metron_home}/config/zookeeper/enrichments/yaf.json -%{metron_home}/config/zookeeper/enrichments/asa.json %{metron_home}/flux/enrichment/remote.yaml %attr(0644,root,root) %{metron_home}/lib/metron-enrichment-%{full_version}-uber.jar @@ -264,11 +711,6 @@ This package installs the Metron Indexing files %dir %{metron_home}/flux %dir %{metron_home}/flux/indexing %{metron_home}/flux/indexing/remote.yaml -%{metron_home}/config/zookeeper/indexing/bro.json -%{metron_home}/config/zookeeper/indexing/snort.json -%{metron_home}/config/zookeeper/indexing/websphere.json -%{metron_home}/config/zookeeper/indexing/yaf.json -%{metron_home}/config/zookeeper/indexing/asa.json %{metron_home}/config/zookeeper/indexing/error.json %{metron_home}/config/zeppelin/metron/metron-yaf-telemetry.json %{metron_home}/config/zeppelin/metron/metron-connection-report.json @@ -428,7 +870,7 @@ chkconfig --del metron-management-ui %changelog * Thu Jun 29 2017 Apache Metron <d...@metron.apache.org> - 0.4.1 -- Add Metron Management jar +- Add Metron Management jar * Thu May 15 2017 Apache Metron <d...@metron.apache.org> - 0.4.0 - Added Management UI * Tue May 9 2017 Apache Metron <d...@metron.apache.org> - 0.4.0 @@ -439,6 +881,8 @@ chkconfig --del metron-management-ui - Add Metron IP Report * Fri Apr 28 2017 Apache Metron <d...@metron.apache.org> - 0.4.0 - Add Zeppelin Connection Report Dashboard +* Tue Apr 04 2017 Otto Fowler <ottobackwa...@gmail.com> - 0.3.1 +- support for parsers as extensions * Thu Jan 19 2017 Justin Leet <justinjl...@gmail.com> - 0.3.1 - Replace GeoIP files with new implementation * Thu Nov 03 2016 David Lyle <dlyle65...@gmail.com> - 0.2.1 http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-deployment/packaging/docker/rpm-docker/pom.xml ---------------------------------------------------------------------- diff --git a/metron-deployment/packaging/docker/rpm-docker/pom.xml b/metron-deployment/packaging/docker/rpm-docker/pom.xml index 749acd2..6991e7e 100644 --- a/metron-deployment/packaging/docker/rpm-docker/pom.xml +++ b/metron-deployment/packaging/docker/rpm-docker/pom.xml @@ -173,6 +173,85 @@ <include>*.tar.gz</include> </includes> </resource> + <!-- extensions --> + <resource> + <directory>${metron_dir}/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-asa-extension/metron-parser-asa-assembly/target/</directory> + <includes> + <include>*.tar.gz</include> + </includes> + </resource> + <resource> + <directory>${metron_dir}/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-bro-extension/metron-parser-bro-assembly/target/</directory> + <includes> + <include>*.tar.gz</include> + </includes> + </resource> + <resource> + <directory>${metron_dir}/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-cef-extension/metron-parser-cef-assembly/target/</directory> + <includes> + <include>*.tar.gz</include> + </includes> + </resource> + <resource> + <directory>${metron_dir}/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-fireeye-extension/metron-parser-fireeye-assembly/target/</directory> + <includes> + <include>*.tar.gz</include> + </includes> + </resource> + <resource> + <directory>${metron_dir}/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-ise-extension/metron-parser-ise-assembly/target/</directory> + <includes> + <include>*.tar.gz</include> + </includes> + </resource> + <resource> + <directory>${metron_dir}/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-lancope-extension/metron-parser-lancope-assembly/target/</directory> + <includes> + <include>*.tar.gz</include> + </includes> + </resource> + <resource> + <directory>${metron_dir}/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-logstash-extension/metron-parser-logstash-assembly/target/</directory> + <includes> + <include>*.tar.gz</include> + </includes> + </resource> + <resource> + <directory>${metron_dir}/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-paloalto-extension/metron-parser-paloalto-assembly/target/</directory> + <includes> + <include>*.tar.gz</include> + </includes> + </resource> + <resource> + <directory>${metron_dir}/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-snort-extension/metron-parser-snort-assembly/target/</directory> + <includes> + <include>*.tar.gz</include> + </includes> + </resource> + <resource> + <directory>${metron_dir}/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-sourcefire-extension/metron-parser-sourcefire-assembly/target/</directory> + <includes> + <include>*.tar.gz</include> + </includes> + </resource> + <resource> + <directory>${metron_dir}/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-squid-extension/metron-parser-squid-assembly/target/</directory> + <includes> + <include>*.tar.gz</include> + </includes> + </resource> + <resource> + <directory>${metron_dir}/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-websphere-extension/metron-parser-websphere-assembly/target/</directory> + <includes> + <include>*.tar.gz</include> + </includes> + </resource> + <resource> + <directory>${metron_dir}/metron-platform/metron-extensions/metron-parser-extensions/metron-parser-yaf-extension/metron-parser-yaf-assembly/target/</directory> + <includes> + <include>*.tar.gz</include> + </includes> + </resource> </resources> </configuration> </execution> http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-interface/metron-config/e2e/use-cases/sensor-config-single-parser.e2e-spec.ts ---------------------------------------------------------------------- diff --git a/metron-interface/metron-config/e2e/use-cases/sensor-config-single-parser.e2e-spec.ts b/metron-interface/metron-config/e2e/use-cases/sensor-config-single-parser.e2e-spec.ts index dd1d71f..cefa84e 100644 --- a/metron-interface/metron-config/e2e/use-cases/sensor-config-single-parser.e2e-spec.ts +++ b/metron-interface/metron-config/e2e/use-cases/sensor-config-single-parser.e2e-spec.ts @@ -93,7 +93,7 @@ describe('Sensor Config for parser e2e1', function() { let expectedFormData = { title: 'e2e1', parserName: 'e2e1', - parserType: 'org.apache.metron.parsers.GrokParser', + parserType: 'org.apache.metron.parsers.grok.GrokParser', grokStatement: grokStatement, fieldSchemaSummary: [ 'TRANSFORMATIONS 1', 'ENRICHMENTS 3', 'THREAT INTEL 2' ], threatTriageSummary: [ 'RULES 1' ], http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-interface/metron-config/src/app/sensors/sensor-field-schema/sensor-field-schema.component.spec.ts ---------------------------------------------------------------------- diff --git a/metron-interface/metron-config/src/app/sensors/sensor-field-schema/sensor-field-schema.component.spec.ts b/metron-interface/metron-config/src/app/sensors/sensor-field-schema/sensor-field-schema.component.spec.ts index d2066ea..fa5f211 100644 --- a/metron-interface/metron-config/src/app/sensors/sensor-field-schema/sensor-field-schema.component.spec.ts +++ b/metron-interface/metron-config/src/app/sensors/sensor-field-schema/sensor-field-schema.component.spec.ts @@ -93,7 +93,7 @@ describe('Component: SensorFieldSchema', () => { let transformationValidationService: StellarService; let squidSensorConfigJson = { - 'parserClassName': 'org.apache.metron.parsers.GrokParser', + 'parserClassName': 'org.apache.metron.parsers.grok.GrokParser', 'sensorTopic': 'squid', 'parserConfig': { 'grokPath': 'target/patterns/squid', @@ -468,7 +468,7 @@ describe('Component: SensorFieldSchema', () => { component.savedFieldSchemaRows = [methodFieldSchemaRow, elapsedFieldSchemaRow, ipDstAddrFieldSchemaRow, codeFieldSchemaRow]; component.sensorParserConfig = new SensorParserConfig(); - component.sensorParserConfig.parserClassName = 'org.apache.metron.parsers.GrokParser'; + component.sensorParserConfig.parserClassName = 'org.apache.metron.parsers.grok.GrokParser'; component.sensorParserConfig.sensorTopic = 'squid'; component.sensorParserConfig.fieldTransformations = [new FieldTransformer()]; http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-interface/metron-config/src/app/sensors/sensor-parser-config-readonly/sensor-parser-config-readonly.component.html ---------------------------------------------------------------------- diff --git a/metron-interface/metron-config/src/app/sensors/sensor-parser-config-readonly/sensor-parser-config-readonly.component.html b/metron-interface/metron-config/src/app/sensors/sensor-parser-config-readonly/sensor-parser-config-readonly.component.html index d988dd1..81473de 100644 --- a/metron-interface/metron-config/src/app/sensors/sensor-parser-config-readonly/sensor-parser-config-readonly.component.html +++ b/metron-interface/metron-config/src/app/sensors/sensor-parser-config-readonly/sensor-parser-config-readonly.component.html @@ -43,7 +43,7 @@ <div *ngIf="item.model == 'kafkaTopic'" class="col-xs-6 px-0 pull-left form-value">{{ kafkaTopic[item.value] ? kafkaTopic[item.value] : "-" }}</div> <div *ngIf="item.model == 'topologyStatus'" class="col-xs-6 px-0 pull-left form-value">{{ getTopologyStatus(item.value) }}</div> - <div *ngIf="item.model == 'grokStatement' && sensorParserConfigHistory.config.parserClassName === 'org.apache.metron.parsers.GrokParser'" style="border: none"> + <div *ngIf="item.model == 'grokStatement' && sensorParserConfigHistory.config.parserClassName === 'org.apache.metron.parsers.grok.GrokParser'" style="border: none"> <div class="col-xs-12 form-sub-title">Grok Statement</div> <div id="collapseGrok" class="col-xs-12 pull-left form-value panel-collapse collapse"></div> <div class="col-xs-12 pull-left form-value grok" [innerHtml]="grokStatement"></div> http://git-wip-us.apache.org/repos/asf/metron/blob/5f7454e4/metron-interface/metron-config/src/app/sensors/sensor-parser-config-readonly/sensor-parser-config-readonly.component.spec.ts ---------------------------------------------------------------------- diff --git a/metron-interface/metron-config/src/app/sensors/sensor-parser-config-readonly/sensor-parser-config-readonly.component.spec.ts b/metron-interface/metron-config/src/app/sensors/sensor-parser-config-readonly/sensor-parser-config-readonly.component.spec.ts index dbbec12..3f00b89 100644 --- a/metron-interface/metron-config/src/app/sensors/sensor-parser-config-readonly/sensor-parser-config-readonly.component.spec.ts +++ b/metron-interface/metron-config/src/app/sensors/sensor-parser-config-readonly/sensor-parser-config-readonly.component.spec.ts @@ -311,7 +311,7 @@ describe('Component: SensorParserConfigReadonly', () => { let topologyStatus = new TopologyStatus(); sensorParserConfig.sensorTopic = 'bro'; - sensorParserConfig.parserClassName = 'org.apache.metron.parsers.GrokParser'; + sensorParserConfig.parserClassName = 'org.apache.metron.parsers.grok.GrokParser'; sensorParserConfig.parserConfig = {grokPattern: 'SQUID_DELIMITED squid grok statement'}; sensorParserInfo.config = sensorParserConfig; @@ -496,7 +496,7 @@ describe('Component: SensorParserConfigReadonly', () => { let topologyStatus = new TopologyStatus(); sensorParserConfig.sensorTopic = 'bro'; - sensorParserConfig.parserClassName = 'org.apache.metron.parsers.GrokParser'; + sensorParserConfig.parserClassName = 'org.apache.metron.parsers.grok.GrokParser'; sensorParserConfig.parserConfig = {grokPattern: 'SQUID_DELIMITED squid grok statement'}; sensorParserInfo.config = sensorParserConfig;
