[ https://issues.apache.org/jira/browse/METRON-2065?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nick Allen reassigned METRON-2065: ---------------------------------- Assignee: Ryan Merriman > Setting Parser Output Topic in Sensor Config is broken > ------------------------------------------------------ > > Key: METRON-2065 > URL: https://issues.apache.org/jira/browse/METRON-2065 > Project: Metron > Issue Type: Bug > Reporter: Mohan > Assignee: Ryan Merriman > Priority: Major > Attachments: Screen Shot 2019-04-05 at 7.45.36 PM.png > > Time Spent: 40m > Remaining Estimate: 0h > > Login to management console > Edit the parser config Advanced > Raw JSON !Screen Shot 2019-04-05 at > 7.45.36 PM.png! > Change the output topic for the 'snort' sensor. > Verify that the changes taken effect using stellar shell > {code:java} > [Stellar]>>> conf := CONFIG_GET("PARSER","snort") { "parserClassName" : > "org.apache.metron.parsers.snort.BasicSnortParser", "sensorTopic" : "snort", > "outputTopic" : "new-topic", "readMetadata" : false, "mergeMetadata" : false, > "spoutParallelism" : 1, "spoutNumTasks" : 1, "parserParallelism" : 1, > "parserNumTasks" : 1, "errorWriterParallelism" : 1, "errorWriterNumTasks" : > 1, "spoutConfig" : { }, "stormConfig" : { }, "parserConfig" : { }, > "fieldTransformations" : [ ], "cacheConfig" : { }, "rawMessageStrategy" : > "DEFAULT", "rawMessageStrategyConfig" : { } } > {code} > publish the message to 'snort' topic > I use the console consumer to validate output is being piped into "new_topic" > and verified that no messages were sent to the topic > {code:java} > [metron@nat-r7-udos-metron-1 bin]$ ./kafka-console-consumer.sh --zookeeper > $ZOOKEEPER --security-protocol PLAINTEXTSASL --topic new-topic > Using the ConsoleConsumer with old consumer is deprecated and will be removed > in a future major release. Consider using the new consumer by passing > [bootstrap-server] instead of [zookeeper]. [2019-04-05 14:08:08,796] WARN > SASL configuration failed: javax.security.auth.login.LoginException: No JAAS > configuration section named 'Client' was found in specified JAAS > configuration file: > '/usr/hdp/current/kafka-broker/config/kafka_client_jaas.conf'. Will continue > connection to Zookeeper server without SASL authentication, if Zookeeper > server allows it. (org.apache.zookeeper.ClientCnxn) [2019-04-05 14:08:09,005] > WARN SASL configuration failed: javax.security.auth.login.LoginException: No > JAAS configuration section named 'Client' was found in specified JAAS > configuration file: > '/usr/hdp/current/kafka-broker/config/kafka_client_jaas.conf'. Will continue > connection to Zookeeper server without SASL authentication, if Zookeeper > server allows it. (org.apache.zookeeper.ClientCnxn) > {code} > where as I see that the messages were sent to "enrichments" topic > {code:java} > [metron@nat-r7-udos-metron-1 bin]$ ./kafka-console-consumer.sh --zookeeper > $ZOOKEEPER --security-protocol PLAINTEXTSASL --topic enrichments > Using the ConsoleConsumer with old consumer is deprecated and will be removed > in a future major release. Consider using the new consumer by passing > [bootstrap-server] instead of [zookeeper]. > [2019-04-05 14:10:18,930] WARN SASL configuration failed: > javax.security.auth.login.LoginException: No JAAS configuration section named > 'Client' was found in specified JAAS configuration file: > '/usr/hdp/current/kafka-broker/config/kafka_client_jaas.conf'. Will continue > connection to Zookeeper server without SASL authentication, if Zookeeper > server allows it. (org.apache.zookeeper.ClientCnxn) > [2019-04-05 14:10:19,095] WARN SASL configuration failed: > javax.security.auth.login.LoginException: No JAAS configuration section named > 'Client' was found in specified JAAS configuration file: > '/usr/hdp/current/kafka-broker/config/kafka_client_jaas.conf'. Will continue > connection to Zookeeper server without SASL authentication, if Zookeeper > server allows it. (org.apache.zookeeper.ClientCnxn) > {"msg":"snort test > alert","sig_rev":"0","ip_dst_port":"80","ethsrc":"00:00:00:00:00:00","tcpseq":"0xF017C4DA","dgmlen":"40","icmpid":"","tcplen":"","tcpwindow":"0xF6C9","icmpseq":"","tcpack":"0xABDB8426","protocol":"TCP","ip_dst_addr":"62.75.195.236","original_string":"09\/09\/16-09:09:09.844676 > ,1,999158,0,\"snort test > alert\",TCP,192.168.138.160,49188,62.75.195.236,80,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xF017C4DA,0xABDB8426,,0xF6C9,128,0,2319,40,40960,,,,","icmpcode":"","tos":"0","id":"2319","ip_src_addr":"192.168.138.160","timestamp":1473412149844,"ethdst":"00:00:00:00:00:00","is_alert":"true","ttl":"128","source.type":"snort","ethlen":"0x3C","iplen":"40960","icmptype":"","ip_src_port":"49188","tcpflags":"***A****","guid":"11fb0141-9c45-4787-a9a4-ad725ed0318f","sig_id":"999158","sig_generator":"1"} > {"msg":"snort test > alert","sig_rev":"0","ip_dst_port":"80","ethsrc":"00:00:00:00:00:00","tcpseq":"0xF017C4DA","dgmlen":"40","icmpid":"","tcplen":"","tcpwindow":"0xF6C9","icmpseq":"","tcpack":"0xABDB8426","protocol":"TCP","ip_dst_addr":"62.75.195.236","original_string":"09\/09\/16-09:09:09.844676 > ,1,999158,0,\"snort test > alert\",TCP,192.168.138.160,49188,62.75.195.236,80,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xF017C4DA,0xABDB8426,,0xF6C9,128,0,2319,40,40960,,,,","icmpcode":"","tos":"0","id":"2319","ip_src_addr":"192.168.138.160","timestamp":1473412149844,"ethdst":"00:00:00:00:00:00","is_alert":"true","ttl":"128","source.type":"snort","ethlen":"0x3C","iplen":"40960","icmptype":"","ip_src_port":"49188","tcpflags":"***A****","guid":"5cd4082f-06aa-4c92-8c72-a5d9c775b5d4","sig_id":"999158","sig_generator":"1"} > {"msg":"snort test > alert","sig_rev":"0","ip_dst_port":"80","ethsrc":"00:00:00:00:00:00","tcpseq":"0xF017C4DA","dgmlen":"40","icmpid":"","tcplen":"","tcpwindow":"0xF6C9","icmpseq":"","tcpack":"0xABDB8426","protocol":"TCP","ip_dst_addr":"62.75.195.236","original_string":"09\/09\/16-09:09:09.844676 > ,1,999158,0,\"snort test > alert\",TCP,192.168.138.160,49188,62.75.195.236,80,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xF017C4DA,0xABDB8426,,0xF6C9,128,0,2319,40,40960,,,,","icmpcode":"","tos":"0","id":"2319","ip_src_addr":"192.168.138.160","timestamp":1473412149844,"ethdst":"00:00:00:00:00:00","is_alert":"true","ttl":"128","source.type":"snort","ethlen":"0x3C","iplen":"40960","icmptype":"","ip_src_port":"49188","tcpflags":"***A****","guid":"b0e60bcd-261a-41e6-924f-de8c903f4f57","sig_id":"999158","sig_generator":"1"} > {"msg":"snort test > alert","sig_rev":"0","ip_dst_port":"80","ethsrc":"00:00:00:00:00:00","tcpseq":"0xF017C4DA","dgmlen":"40","icmpid":"","tcplen":"","tcpwindow":"0xF6C9","icmpseq":"","tcpack":"0xABDB8426","protocol":"TCP","ip_dst_addr":"62.75.195.236","original_string":"09\/09\/16-09:09:09.844676 > ,1,999158,0,\"snort test > alert\",TCP,192.168.138.160,49188,62.75.195.236,80,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xF017C4DA,0xABDB8426,,0xF6C9,128,0,2319,40,40960,,,,","icmpcode":"","tos":"0","id":"2319","ip_src_addr":"192.168.138.160","timestamp":1473412149844,"ethdst":"00:00:00:00:00:00","is_alert":"true","ttl":"128","source.type":"snort","ethlen":"0x3C","iplen":"40960","icmptype":"","ip_src_port":"49188","tcpflags":"***A****","guid":"b29029b6-9b9d-4c5f-810c-2bd816126ffa","sig_id":"999158","sig_generator":"1"} > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)