[jira] [Commented] (METRON-259) ERROR! ERROR! 'dict object' has no attribute u'ansible_tap0'
[
https://issues.apache.org/jira/browse/METRON-259?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15348597#comment-15348597
]
ASF GitHub Bot commented on METRON-259:
---
GitHub user nickwallen opened a pull request:
https://github.com/apache/incubator-metron/pull/176
METRON-259 Using 'any' for Snort's HOME_NETWORK
In some cases, Ansible is not yet aware of the 'tap0' interface when the
Snort deployment begins. This causes the deployment to fail with this error.
```
ERROR! ERROR! 'dict object' has no attribute u'ansible_tap0
```
It is not really necessary to set the HOME_NETWORK of Snort to the IP
address of the sniff interface. This needs to be customized for Snort on a
case-by-case basis for production deployments based on the target environment.
For demo and development purposes, `any` works just fine and is much simpler.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/nickwallen/incubator-metron METRON-259
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-metron/pull/176.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #176
commit d3faab46476d163503182702be72e3c6fa12d86b
Author: Nick Allen
Date: 2016-06-24T20:38:53Z
METRON-259 Using 'any' for Snort's HOME_NETWORK
> ERROR! ERROR! 'dict object' has no attribute u'ansible_tap0'
>
>
> Key: METRON-259
> URL: https://issues.apache.org/jira/browse/METRON-259
> Project: Metron
> Issue Type: Bug
>Reporter: Nick Allen
> Attachments: ansible (2).log
>
>
> 2016-06-24 11:10:53,994 p=66991 u=xxx | TASK [snort : Configure home
> network] **
> 2016-06-24 11:10:54,277 p=66991 u=xxx | ^[[0;31mfatal:
> [ec2-xxx-xxx-xxx-xxx.us-west-2.compute.amazonaws.com]: FAILED! => {"failed":
> true, "msg": "ERROR! ERROR! 'dict object' has no attribute
> u'ansible_tap0'"}^[[0m
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Created] (METRON-260) Metron Example needs additional cleanup and a README
David M. Lyle created METRON-260: Summary: Metron Example needs additional cleanup and a README Key: METRON-260 URL: https://issues.apache.org/jira/browse/METRON-260 Project: Metron Issue Type: Bug Reporter: David M. Lyle metron_hbase_tables and metron_kafka_topics should be node8. enrichment should be node4. Add a README to describe, in broad strokes how to modify this example for use in one's own environment. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Assigned] (METRON-260) Metron Example needs additional cleanup and a README
[ https://issues.apache.org/jira/browse/METRON-260?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David M. Lyle reassigned METRON-260: Assignee: David M. Lyle > Metron Example needs additional cleanup and a README > > > Key: METRON-260 > URL: https://issues.apache.org/jira/browse/METRON-260 > Project: Metron > Issue Type: Bug >Reporter: David M. Lyle >Assignee: David M. Lyle > > metron_hbase_tables and metron_kafka_topics should be node8. > enrichment should be node4. > Add a README to describe, in broad strokes how to modify this example for use > in one's own environment. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (METRON-256) Make the PCap values returned ordered by timestamp
[ https://issues.apache.org/jira/browse/METRON-256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15348530#comment-15348530 ] ASF GitHub Bot commented on METRON-256: --- Github user asfgit closed the pull request at: https://github.com/apache/incubator-metron/pull/173 > Make the PCap values returned ordered by timestamp > -- > > Key: METRON-256 > URL: https://issues.apache.org/jira/browse/METRON-256 > Project: Metron > Issue Type: Bug >Reporter: Casey Stella >Assignee: Casey Stella > > Right now we are not specifying the partitioner for the MR job to filter > PCaps as part of PCap retrieval, so we are getting back packets in the wrong > order. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (METRON-256) Make the PCap values returned ordered by timestamp
[ https://issues.apache.org/jira/browse/METRON-256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15348466#comment-15348466 ] ASF GitHub Bot commented on METRON-256: --- GitHub user cestella reopened a pull request: https://github.com/apache/incubator-metron/pull/173 METRON-256: Make the PCap values returned ordered by timestamp Right now we are not specifying the partitioner for the MR job to filter PCaps as part of PCap retrieval, so we are getting back packets in the wrong order. You can merge this pull request into a Git repository by running: $ git pull https://github.com/cestella/incubator-metron pcap_single_reducer Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-metron/pull/173.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #173 commit 808f303e9cdb3145ed8b267b7046f6647c7fd5c4 Author: cstella Date: 2016-06-23T19:38:43Z Make the PCap values returned ordered by timestamp commit f403cdb5d0cfc4f755072b976bea48949b079929 Author: cstella Date: 2016-06-24T15:37:06Z Added better integration test. > Make the PCap values returned ordered by timestamp > -- > > Key: METRON-256 > URL: https://issues.apache.org/jira/browse/METRON-256 > Project: Metron > Issue Type: Bug >Reporter: Casey Stella >Assignee: Casey Stella > > Right now we are not specifying the partitioner for the MR job to filter > PCaps as part of PCap retrieval, so we are getting back packets in the wrong > order. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (METRON-256) Make the PCap values returned ordered by timestamp
[ https://issues.apache.org/jira/browse/METRON-256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15348472#comment-15348472 ] ASF GitHub Bot commented on METRON-256: --- Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/173 +1 pending once the transient issues in the CI build is resolved > Make the PCap values returned ordered by timestamp > -- > > Key: METRON-256 > URL: https://issues.apache.org/jira/browse/METRON-256 > Project: Metron > Issue Type: Bug >Reporter: Casey Stella >Assignee: Casey Stella > > Right now we are not specifying the partitioner for the MR job to filter > PCaps as part of PCap retrieval, so we are getting back packets in the wrong > order. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (METRON-256) Make the PCap values returned ordered by timestamp
[ https://issues.apache.org/jira/browse/METRON-256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15348465#comment-15348465 ] ASF GitHub Bot commented on METRON-256: --- Github user cestella closed the pull request at: https://github.com/apache/incubator-metron/pull/173 > Make the PCap values returned ordered by timestamp > -- > > Key: METRON-256 > URL: https://issues.apache.org/jira/browse/METRON-256 > Project: Metron > Issue Type: Bug >Reporter: Casey Stella >Assignee: Casey Stella > > Right now we are not specifying the partitioner for the MR job to filter > PCaps as part of PCap retrieval, so we are getting back packets in the wrong > order. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (METRON-259) ERROR! ERROR! 'dict object' has no attribute u'ansible_tap0'
[
https://issues.apache.org/jira/browse/METRON-259?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nick Allen updated METRON-259:
--
Attachment: ansible (2).log
> ERROR! ERROR! 'dict object' has no attribute u'ansible_tap0'
>
>
> Key: METRON-259
> URL: https://issues.apache.org/jira/browse/METRON-259
> Project: Metron
> Issue Type: Bug
>Reporter: Nick Allen
> Attachments: ansible (2).log
>
>
> 2016-06-24 11:10:53,994 p=66991 u=xxx | TASK [snort : Configure home
> network] **
> 2016-06-24 11:10:54,277 p=66991 u=xxx | ^[[0;31mfatal:
> [ec2-52-41-117-201.us-west-2.compute.amazonaws.com]: FAILED! => {"failed":
> true, "msg": "ERROR! ERROR! 'dict object' has no attribute
> u'ansible_tap0'"}^[[0m
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (METRON-259) ERROR! ERROR! 'dict object' has no attribute u'ansible_tap0'
[
https://issues.apache.org/jira/browse/METRON-259?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nick Allen updated METRON-259:
--
Description:
2016-06-24 11:10:53,994 p=66991 u=xxx | TASK [snort : Configure home network]
**
2016-06-24 11:10:54,277 p=66991 u=xxx | ^[[0;31mfatal:
[ec2-xxx-xxx-xxx-xxx.us-west-2.compute.amazonaws.com]: FAILED! => {"failed":
true, "msg": "ERROR! ERROR! 'dict object' has no attribute
u'ansible_tap0'"}^[[0m
was:
2016-06-24 11:10:53,994 p=66991 u=xxx | TASK [snort : Configure home network]
**
2016-06-24 11:10:54,277 p=66991 u=xxx | ^[[0;31mfatal:
[ec2-52-41-117-201.us-west-2.compute.amazonaws.com]: FAILED! => {"failed":
true, "msg": "ERROR! ERROR! 'dict object' has no attribute
u'ansible_tap0'"}^[[0m
> ERROR! ERROR! 'dict object' has no attribute u'ansible_tap0'
>
>
> Key: METRON-259
> URL: https://issues.apache.org/jira/browse/METRON-259
> Project: Metron
> Issue Type: Bug
>Reporter: Nick Allen
> Attachments: ansible (2).log
>
>
> 2016-06-24 11:10:53,994 p=66991 u=xxx | TASK [snort : Configure home
> network] **
> 2016-06-24 11:10:54,277 p=66991 u=xxx | ^[[0;31mfatal:
> [ec2-xxx-xxx-xxx-xxx.us-west-2.compute.amazonaws.com]: FAILED! => {"failed":
> true, "msg": "ERROR! ERROR! 'dict object' has no attribute
> u'ansible_tap0'"}^[[0m
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (METRON-259) ERROR! ERROR! 'dict object' has no attribute u'ansible_tap0'
[
https://issues.apache.org/jira/browse/METRON-259?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15348418#comment-15348418
]
Nick Allen commented on METRON-259:
---
The problem does not seem to re-occur if you re-run deployment again. It's as
if Ansible doesn't yet know about the 'tap0' interface that is actually created
during the Ansible deployment.
> ERROR! ERROR! 'dict object' has no attribute u'ansible_tap0'
>
>
> Key: METRON-259
> URL: https://issues.apache.org/jira/browse/METRON-259
> Project: Metron
> Issue Type: Bug
>Reporter: Nick Allen
>
> 2016-06-24 11:10:53,994 p=66991 u=xxx | TASK [snort : Configure home
> network] **
> 2016-06-24 11:10:54,277 p=66991 u=xxx | ^[[0;31mfatal:
> [ec2-52-41-117-201.us-west-2.compute.amazonaws.com]: FAILED! => {"failed":
> true, "msg": "ERROR! ERROR! 'dict object' has no attribute
> u'ansible_tap0'"}^[[0m
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Created] (METRON-259) ERROR! ERROR! 'dict object' has no attribute u'ansible_tap0'
Nick Allen created METRON-259:
-
Summary: ERROR! ERROR! 'dict object' has no attribute
u'ansible_tap0'
Key: METRON-259
URL: https://issues.apache.org/jira/browse/METRON-259
Project: Metron
Issue Type: Bug
Reporter: Nick Allen
2016-06-24 11:10:53,994 p=66991 u=xxx | TASK [snort : Configure home network]
**
2016-06-24 11:10:54,277 p=66991 u=xxx | ^[[0;31mfatal:
[ec2-52-41-117-201.us-west-2.compute.amazonaws.com]: FAILED! => {"failed":
true, "msg": "ERROR! ERROR! 'dict object' has no attribute
u'ansible_tap0'"}^[[0m
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Assigned] (METRON-243) Kibana Error - [unsupported_operation_exception] custom format isn't supported
[ https://issues.apache.org/jira/browse/METRON-243?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen reassigned METRON-243: - Assignee: Nick Allen > Kibana Error - [unsupported_operation_exception] custom format isn't supported > -- > > Key: METRON-243 > URL: https://issues.apache.org/jira/browse/METRON-243 > Project: Metron > Issue Type: Bug >Reporter: Nick Allen >Assignee: Nick Allen > > When using Metron's default dashboard in Kibana 4, the following error > message is sometimes shown at the top of the page. > Error: [unsupported_operation_exception] custom format isn't supported -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (METRON-171) Add .class files to gitignore
[ https://issues.apache.org/jira/browse/METRON-171?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15348328#comment-15348328 ] Phil Austin commented on METRON-171: I'm waiting on Capital One legal to approve this. As soon as it is approved I will push it up. > Add .class files to gitignore > - > > Key: METRON-171 > URL: https://issues.apache.org/jira/browse/METRON-171 > Project: Metron > Issue Type: Improvement >Reporter: Phil Austin >Priority: Trivial > Labels: 0.2.1BETA > > Currently .class files are not ignored. They should be. Simply adding *.class > to gitignore -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (METRON-243) Kibana Error - [unsupported_operation_exception] custom format isn't supported
[ https://issues.apache.org/jira/browse/METRON-243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15348303#comment-15348303 ] ASF GitHub Bot commented on METRON-243: --- Github user asfgit closed the pull request at: https://github.com/apache/incubator-metron/pull/175 > Kibana Error - [unsupported_operation_exception] custom format isn't supported > -- > > Key: METRON-243 > URL: https://issues.apache.org/jira/browse/METRON-243 > Project: Metron > Issue Type: Bug >Reporter: Nick Allen > > When using Metron's default dashboard in Kibana 4, the following error > message is sometimes shown at the top of the page. > Error: [unsupported_operation_exception] custom format isn't supported -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (METRON-255) Expose the IPProtocolTransformer as a function in the Stellar transformation language
[ https://issues.apache.org/jira/browse/METRON-255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15348302#comment-15348302 ] ASF GitHub Bot commented on METRON-255: --- Github user asfgit closed the pull request at: https://github.com/apache/incubator-metron/pull/172 > Expose the IPProtocolTransformer as a function in the Stellar transformation > language > - > > Key: METRON-255 > URL: https://issues.apache.org/jira/browse/METRON-255 > Project: Metron > Issue Type: Improvement >Reporter: Casey Stella > > We have a TransformationFunction to map IANA protocol numbers to normalized > strings. This should be exposed in the query language. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (METRON-243) Kibana Error - [unsupported_operation_exception] custom format isn't supported
[ https://issues.apache.org/jira/browse/METRON-243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15348299#comment-15348299 ] ASF GitHub Bot commented on METRON-243: --- Github user dlyle65535 commented on the issue: https://github.com/apache/incubator-metron/pull/175 +1 as well. Looks good, solid diagnosis work. > Kibana Error - [unsupported_operation_exception] custom format isn't supported > -- > > Key: METRON-243 > URL: https://issues.apache.org/jira/browse/METRON-243 > Project: Metron > Issue Type: Bug >Reporter: Nick Allen > > When using Metron's default dashboard in Kibana 4, the following error > message is sometimes shown at the top of the page. > Error: [unsupported_operation_exception] custom format isn't supported -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (METRON-243) Kibana Error - [unsupported_operation_exception] custom format isn't supported
[ https://issues.apache.org/jira/browse/METRON-243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15348297#comment-15348297 ] ASF GitHub Bot commented on METRON-243: --- Github user cestella commented on the issue: https://github.com/apache/incubator-metron/pull/175 +1 > Kibana Error - [unsupported_operation_exception] custom format isn't supported > -- > > Key: METRON-243 > URL: https://issues.apache.org/jira/browse/METRON-243 > Project: Metron > Issue Type: Bug >Reporter: Nick Allen > > When using Metron's default dashboard in Kibana 4, the following error > message is sometimes shown at the top of the page. > Error: [unsupported_operation_exception] custom format isn't supported -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (METRON-243) Kibana Error - [unsupported_operation_exception] custom format isn't supported
[ https://issues.apache.org/jira/browse/METRON-243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15348272#comment-15348272 ] ASF GitHub Bot commented on METRON-243: --- Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/175 I'm happy with the change. It has been working for me. > Kibana Error - [unsupported_operation_exception] custom format isn't supported > -- > > Key: METRON-243 > URL: https://issues.apache.org/jira/browse/METRON-243 > Project: Metron > Issue Type: Bug >Reporter: Nick Allen > > When using Metron's default dashboard in Kibana 4, the following error > message is sometimes shown at the top of the page. > Error: [unsupported_operation_exception] custom format isn't supported -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (METRON-249) Field Transformation functions fail to handle invalid user inputs
[
https://issues.apache.org/jira/browse/METRON-249?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15348260#comment-15348260
]
ASF GitHub Bot commented on METRON-249:
---
Github user cestella closed the pull request at:
https://github.com/apache/incubator-metron/pull/174
> Field Transformation functions fail to handle invalid user inputs
> --
>
> Key: METRON-249
> URL: https://issues.apache.org/jira/browse/METRON-249
> Project: Metron
> Issue Type: Bug
>Reporter: Neha Sinha
>Assignee: Casey Stella
> Labels: 0.2.1BETA
> Attachments: LogException.rtf
>
>
> Hi,
> The field transformation functions fail to handle invalid user input .On
> providing invalid inputs the parser throws exceptions and fails to create the
> required indices in elasticsearch.
> ==
> Steps to Reproduce
> ==
> Edit the squid.json file and provide the following definition to it:-(Note-we
> are giving an invalid input :-123 to the URL_TO_HOST function)
> ---
> {
> "parserClassName": "org.apache.metron.parsers.GrokParser",
> "sensorTopic": "squid",
> "parserConfig": {
> "grokPath": "/patterns/squid",
> "patternLabel": "SQUID_DELIMITED",
> "timestampField": "timestamp"
> },
> "fieldTransformations" : [
> {
> "transformation" : "MTL"
> ,"output" : [ "full_hostname", "domain_without_subdomains" ]
> ,"config" : {
> "full_hostname" : “URL_TO_HOST(123)"
> ,"domain_without_subdomains" : "DOMAIN_REMOVE_SUBDOMAINS(full_hostname)"
> }
> }
>]
> }
>
> Replay Squid events/logs and monitor the logs in storm for squid topology.
> Attached exception log would be seen and no indexes would be created
> respective to the logs.
> Expected Behaviour :-
> 1.The error should be more clean.
> 2.Since we cannot validate the inputs the invalid inputs should be ignored
> and the indices should get created anyway based on the Grok parser output
> Regards,
> Neha
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
