subject:"Getting Syslogs to Metron"

Re: Getting Syslogs to Metron

2018-01-21 Thread Farrukh Naveed Anjum

Hi Guys,

Its seems like we are able to make NIFI connection and data indeed is going
through KAFKA Topic yet using CEF Parser (SysLogs) we are unable to create
the elastic search index.




On Mon, Jan 22, 2018 at 12:32 PM, Farrukh Naveed Anjum <
anjum.farr...@gmail.com> wrote:

> Hi, Gaurav,
>
> Did you solved it ? I am also following same usecase for SysLog using UDP
> (Rsyslogs)
>
> It seems like data is coming to KAFKA Topic. As you can see its showing up.
>
> But Elasticsearch index is not created.
>
>
>
> On Tue, Jan 16, 2018 at 12:37 PM, Gaurav Bapat 
> wrote:
>
>> But I cant find how to configure it
>>
>> On 16 January 2018 at 11:38, Farrukh Naveed Anjum <
>> anjum.farr...@gmail.com> wrote:
>>
>>> yes, do configure it as per metron reference usecase
>>>
>>> On Tue, Jan 16, 2018 at 8:35 AM, Gaurav Bapat 
>>> wrote:
>>>
 Hi Kyle,

 I saw that I can ping from my OS to VM and from VM to OS. Looks like
 this is some Kafka or Zookeeper environment variables setup issue, do I
 need to configure that in vagrant ssh?

 On 16 January 2018 at 08:59, Gaurav Bapat 
 wrote:

> Hey Kyle,
>
> I am running NiFi not on Ambari but on localhost:8089, I can ping from
> my OS terminal to node1 but can't ping from node1 to my OS terminal, I 
> have
> attached few screenshots and the contents of /etc/hosts
>
> Thank You!
>
> On 15 January 2018 at 20:04, Kyle Richardson <
> kylerichards...@gmail.com> wrote:
>
>> It looks like your Nifi instance is running on your laptop/desktop
>> (e.g. the VM host). My guess would be that name resolution or networking 
>> is
>> not properly configured between the host and the guest preventing the 
>> data
>> from getting from Nifi to Kafka. What's the contents of /etc/hosts on the
>> VM host? Can you ping node1 from the VM host by name and by IP address?
>>
>> -Kyle
>>
>> On Mon, Jan 15, 2018 at 6:55 AM, Gaurav Bapat 
>> wrote:
>>
>>> Failed while waiting for acks from Kafka is what I am getting in
>>> Kafka, am I missing some configuration with Kafka?
>>>
>>> On 15 January 2018 at 16:50, Gaurav Bapat 
>>> wrote:
>>>
 Hi Farrukh,

 I cant find any folder by my topic

 On 15 January 2018 at 16:33, Farrukh Naveed Anjum <
 anjum.farr...@gmail.com> wrote:

> Can you check /kafaka-logs on your VM box (It should have a folder
> named your topic). Can you check if it is there ?
>
> On Mon, Jan 15, 2018 at 3:49 PM, Gaurav Bapat <
> gauravb3...@gmail.com> wrote:
>
>> I am not getting data into my Kafka topic
>>
>> I have used i5 4 Core Processor with 16 GB RAM and I have
>> allocated 12 GB RAM to my vagrant VM.
>>
>> I dont understand how to configure Kafka broker because it is
>> giving me failed while waiting for acks to Kafka
>>
>>
>>
>> On 15 January 2018 at 16:10, Farrukh Naveed Anjum <
>> anjum.farr...@gmail.com> wrote:
>>
>>> Can you tell me is your KAFKA Topic getting data ? What are you
>>> machine specifications ?
>>>
>>>
>>> On Mon, Jan 15, 2018 at 2:56 PM, Gaurav Bapat <
>>> gauravb3...@gmail.com> wrote:
>>>
 Thanks Farrukh,

 I am not getting data in my kafka topic even after creating
 one, the issue seems to be with broker config, how to configure 
 Kafka and
 Zookeeper port?

 On 15 January 2018 at 13:23, Farrukh Naveed Anjum <
 anjum.farr...@gmail.com> wrote:

> Hi,
>
> I had similar issue it turned out to be the issue in STROM
>
> No worker is assigned to togolgoy all you need is to add
> additional port in
>
>  Ambari -> Storm -> Configs -> supervisor.slot.ports by
> assigning an additional port to the list
>
>
> https://community.hortonworks.com/questions/32499/no-workers
> -in-storm-for-squid-topology.html
>
>
> I had similar issue and finally got it fixed
>
> On Mon, Jan 15, 2018 at 8:45 AM, Gaurav Bapat <
> gauravb3...@gmail.com> wrote:
>
>> Storm UI
>>
>> On 15 January 2018 at 08:59, Gaurav Bapat <
>> gauravb3...@gmail.com> wrote:
>>
>>> Hey Jon,
>>>
>>> I have Storm UI and the logs are coming from firewalls,
>>> servers, etc from other machines(HP ArcSight Logger).
>>>

Re: Getting Syslogs to Metron

2018-01-21 Thread Farrukh Naveed Anjum

Hi, Gaurav,

Did you solved it ? I am also following same usecase for SysLog using UDP
(Rsyslogs)

It seems like data is coming to KAFKA Topic. As you can see its showing up.

But Elasticsearch index is not created.



On Tue, Jan 16, 2018 at 12:37 PM, Gaurav Bapat 
wrote:

> But I cant find how to configure it
>
> On 16 January 2018 at 11:38, Farrukh Naveed Anjum  > wrote:
>
>> yes, do configure it as per metron reference usecase
>>
>> On Tue, Jan 16, 2018 at 8:35 AM, Gaurav Bapat 
>> wrote:
>>
>>> Hi Kyle,
>>>
>>> I saw that I can ping from my OS to VM and from VM to OS. Looks like
>>> this is some Kafka or Zookeeper environment variables setup issue, do I
>>> need to configure that in vagrant ssh?
>>>
>>> On 16 January 2018 at 08:59, Gaurav Bapat  wrote:
>>>
 Hey Kyle,

 I am running NiFi not on Ambari but on localhost:8089, I can ping from
 my OS terminal to node1 but can't ping from node1 to my OS terminal, I have
 attached few screenshots and the contents of /etc/hosts

 Thank You!

 On 15 January 2018 at 20:04, Kyle Richardson  wrote:

> It looks like your Nifi instance is running on your laptop/desktop
> (e.g. the VM host). My guess would be that name resolution or networking 
> is
> not properly configured between the host and the guest preventing the data
> from getting from Nifi to Kafka. What's the contents of /etc/hosts on the
> VM host? Can you ping node1 from the VM host by name and by IP address?
>
> -Kyle
>
> On Mon, Jan 15, 2018 at 6:55 AM, Gaurav Bapat 
> wrote:
>
>> Failed while waiting for acks from Kafka is what I am getting in
>> Kafka, am I missing some configuration with Kafka?
>>
>> On 15 January 2018 at 16:50, Gaurav Bapat 
>> wrote:
>>
>>> Hi Farrukh,
>>>
>>> I cant find any folder by my topic
>>>
>>> On 15 January 2018 at 16:33, Farrukh Naveed Anjum <
>>> anjum.farr...@gmail.com> wrote:
>>>
 Can you check /kafaka-logs on your VM box (It should have a folder
 named your topic). Can you check if it is there ?

 On Mon, Jan 15, 2018 at 3:49 PM, Gaurav Bapat <
 gauravb3...@gmail.com> wrote:

> I am not getting data into my Kafka topic
>
> I have used i5 4 Core Processor with 16 GB RAM and I have
> allocated 12 GB RAM to my vagrant VM.
>
> I dont understand how to configure Kafka broker because it is
> giving me failed while waiting for acks to Kafka
>
>
>
> On 15 January 2018 at 16:10, Farrukh Naveed Anjum <
> anjum.farr...@gmail.com> wrote:
>
>> Can you tell me is your KAFKA Topic getting data ? What are you
>> machine specifications ?
>>
>>
>> On Mon, Jan 15, 2018 at 2:56 PM, Gaurav Bapat <
>> gauravb3...@gmail.com> wrote:
>>
>>> Thanks Farrukh,
>>>
>>> I am not getting data in my kafka topic even after creating one,
>>> the issue seems to be with broker config, how to configure Kafka and
>>> Zookeeper port?
>>>
>>> On 15 January 2018 at 13:23, Farrukh Naveed Anjum <
>>> anjum.farr...@gmail.com> wrote:
>>>
 Hi,

 I had similar issue it turned out to be the issue in STROM

 No worker is assigned to togolgoy all you need is to add
 additional port in

  Ambari -> Storm -> Configs -> supervisor.slot.ports by
 assigning an additional port to the list


 https://community.hortonworks.com/questions/32499/no-workers
 -in-storm-for-squid-topology.html


 I had similar issue and finally got it fixed

 On Mon, Jan 15, 2018 at 8:45 AM, Gaurav Bapat <
 gauravb3...@gmail.com> wrote:

> Storm UI
>
> On 15 January 2018 at 08:59, Gaurav Bapat <
> gauravb3...@gmail.com> wrote:
>
>> Hey Jon,
>>
>> I have Storm UI and the logs are coming from firewalls,
>> servers, etc from other machines(HP ArcSight Logger).
>>
>> I have attached the NiFi screenshots, my logs are coming but
>> there is some error with Kafka and I am having issues with 
>> configuring
>> Kafka broker
>>
>>
>>
>> On 12 January 2018 at 18:14, zeo...@gmail.com <
>> zeo...@gmail.com> wrote:
>>
>>> In Ambari under storm you can find the UI under quick links

Re: Getting Syslogs to Metron

2018-01-15 Thread Gaurav Bapat

But I cant find how to configure it

On 16 January 2018 at 11:38, Farrukh Naveed Anjum 
wrote:

> yes, do configure it as per metron reference usecase
>
> On Tue, Jan 16, 2018 at 8:35 AM, Gaurav Bapat 
> wrote:
>
>> Hi Kyle,
>>
>> I saw that I can ping from my OS to VM and from VM to OS. Looks like this
>> is some Kafka or Zookeeper environment variables setup issue, do I need to
>> configure that in vagrant ssh?
>>
>> On 16 January 2018 at 08:59, Gaurav Bapat  wrote:
>>
>>> Hey Kyle,
>>>
>>> I am running NiFi not on Ambari but on localhost:8089, I can ping from
>>> my OS terminal to node1 but can't ping from node1 to my OS terminal, I have
>>> attached few screenshots and the contents of /etc/hosts
>>>
>>> Thank You!
>>>
>>> On 15 January 2018 at 20:04, Kyle Richardson 
>>> wrote:
>>>
 It looks like your Nifi instance is running on your laptop/desktop
 (e.g. the VM host). My guess would be that name resolution or networking is
 not properly configured between the host and the guest preventing the data
 from getting from Nifi to Kafka. What's the contents of /etc/hosts on the
 VM host? Can you ping node1 from the VM host by name and by IP address?

 -Kyle

 On Mon, Jan 15, 2018 at 6:55 AM, Gaurav Bapat 
 wrote:

> Failed while waiting for acks from Kafka is what I am getting in
> Kafka, am I missing some configuration with Kafka?
>
> On 15 January 2018 at 16:50, Gaurav Bapat 
> wrote:
>
>> Hi Farrukh,
>>
>> I cant find any folder by my topic
>>
>> On 15 January 2018 at 16:33, Farrukh Naveed Anjum <
>> anjum.farr...@gmail.com> wrote:
>>
>>> Can you check /kafaka-logs on your VM box (It should have a folder
>>> named your topic). Can you check if it is there ?
>>>
>>> On Mon, Jan 15, 2018 at 3:49 PM, Gaurav Bapat >> > wrote:
>>>
 I am not getting data into my Kafka topic

 I have used i5 4 Core Processor with 16 GB RAM and I have allocated
 12 GB RAM to my vagrant VM.

 I dont understand how to configure Kafka broker because it is
 giving me failed while waiting for acks to Kafka



 On 15 January 2018 at 16:10, Farrukh Naveed Anjum <
 anjum.farr...@gmail.com> wrote:

> Can you tell me is your KAFKA Topic getting data ? What are you
> machine specifications ?
>
>
> On Mon, Jan 15, 2018 at 2:56 PM, Gaurav Bapat <
> gauravb3...@gmail.com> wrote:
>
>> Thanks Farrukh,
>>
>> I am not getting data in my kafka topic even after creating one,
>> the issue seems to be with broker config, how to configure Kafka and
>> Zookeeper port?
>>
>> On 15 January 2018 at 13:23, Farrukh Naveed Anjum <
>> anjum.farr...@gmail.com> wrote:
>>
>>> Hi,
>>>
>>> I had similar issue it turned out to be the issue in STROM
>>>
>>> No worker is assigned to togolgoy all you need is to add
>>> additional port in
>>>
>>>  Ambari -> Storm -> Configs -> supervisor.slot.ports by
>>> assigning an additional port to the list
>>>
>>>
>>> https://community.hortonworks.com/questions/32499/no-workers
>>> -in-storm-for-squid-topology.html
>>>
>>>
>>> I had similar issue and finally got it fixed
>>>
>>> On Mon, Jan 15, 2018 at 8:45 AM, Gaurav Bapat <
>>> gauravb3...@gmail.com> wrote:
>>>
 Storm UI

 On 15 January 2018 at 08:59, Gaurav Bapat <
 gauravb3...@gmail.com> wrote:

> Hey Jon,
>
> I have Storm UI and the logs are coming from firewalls,
> servers, etc from other machines(HP ArcSight Logger).
>
> I have attached the NiFi screenshots, my logs are coming but
> there is some error with Kafka and I am having issues with 
> configuring
> Kafka broker
>
>
>
> On 12 January 2018 at 18:14, zeo...@gmail.com <
> zeo...@gmail.com> wrote:
>
>> In Ambari under storm you can find the UI under quick links
>> at the top.  That said, the issue seems to be upstream of 
>> Metron, in NiFi.
>> That is something I can't help with as much, but if you can 
>> share the
>> listensyslog processor config that would be a start.  Also, 
>> share the
>> config of the thing that is sending syslog as well (are these 
>> local syslog,
>> is that machine

Re: Getting Syslogs to Metron

2018-01-15 Thread Farrukh Naveed Anjum

yes, do configure it as per metron reference usecase

On Tue, Jan 16, 2018 at 8:35 AM, Gaurav Bapat  wrote:

> Hi Kyle,
>
> I saw that I can ping from my OS to VM and from VM to OS. Looks like this
> is some Kafka or Zookeeper environment variables setup issue, do I need to
> configure that in vagrant ssh?
>
> On 16 January 2018 at 08:59, Gaurav Bapat  wrote:
>
>> Hey Kyle,
>>
>> I am running NiFi not on Ambari but on localhost:8089, I can ping from my
>> OS terminal to node1 but can't ping from node1 to my OS terminal, I have
>> attached few screenshots and the contents of /etc/hosts
>>
>> Thank You!
>>
>> On 15 January 2018 at 20:04, Kyle Richardson 
>> wrote:
>>
>>> It looks like your Nifi instance is running on your laptop/desktop (e.g.
>>> the VM host). My guess would be that name resolution or networking is not
>>> properly configured between the host and the guest preventing the data from
>>> getting from Nifi to Kafka. What's the contents of /etc/hosts on the VM
>>> host? Can you ping node1 from the VM host by name and by IP address?
>>>
>>> -Kyle
>>>
>>> On Mon, Jan 15, 2018 at 6:55 AM, Gaurav Bapat 
>>> wrote:
>>>
 Failed while waiting for acks from Kafka is what I am getting in Kafka,
 am I missing some configuration with Kafka?

 On 15 January 2018 at 16:50, Gaurav Bapat 
 wrote:

> Hi Farrukh,
>
> I cant find any folder by my topic
>
> On 15 January 2018 at 16:33, Farrukh Naveed Anjum <
> anjum.farr...@gmail.com> wrote:
>
>> Can you check /kafaka-logs on your VM box (It should have a folder
>> named your topic). Can you check if it is there ?
>>
>> On Mon, Jan 15, 2018 at 3:49 PM, Gaurav Bapat 
>> wrote:
>>
>>> I am not getting data into my Kafka topic
>>>
>>> I have used i5 4 Core Processor with 16 GB RAM and I have allocated
>>> 12 GB RAM to my vagrant VM.
>>>
>>> I dont understand how to configure Kafka broker because it is giving
>>> me failed while waiting for acks to Kafka
>>>
>>>
>>>
>>> On 15 January 2018 at 16:10, Farrukh Naveed Anjum <
>>> anjum.farr...@gmail.com> wrote:
>>>
 Can you tell me is your KAFKA Topic getting data ? What are you
 machine specifications ?


 On Mon, Jan 15, 2018 at 2:56 PM, Gaurav Bapat <
 gauravb3...@gmail.com> wrote:

> Thanks Farrukh,
>
> I am not getting data in my kafka topic even after creating one,
> the issue seems to be with broker config, how to configure Kafka and
> Zookeeper port?
>
> On 15 January 2018 at 13:23, Farrukh Naveed Anjum <
> anjum.farr...@gmail.com> wrote:
>
>> Hi,
>>
>> I had similar issue it turned out to be the issue in STROM
>>
>> No worker is assigned to togolgoy all you need is to add
>> additional port in
>>
>>  Ambari -> Storm -> Configs -> supervisor.slot.ports by assigning
>> an additional port to the list
>>
>>
>> https://community.hortonworks.com/questions/32499/no-workers
>> -in-storm-for-squid-topology.html
>>
>>
>> I had similar issue and finally got it fixed
>>
>> On Mon, Jan 15, 2018 at 8:45 AM, Gaurav Bapat <
>> gauravb3...@gmail.com> wrote:
>>
>>> Storm UI
>>>
>>> On 15 January 2018 at 08:59, Gaurav Bapat >> > wrote:
>>>
 Hey Jon,

 I have Storm UI and the logs are coming from firewalls,
 servers, etc from other machines(HP ArcSight Logger).

 I have attached the NiFi screenshots, my logs are coming but
 there is some error with Kafka and I am having issues with 
 configuring
 Kafka broker



 On 12 January 2018 at 18:14, zeo...@gmail.com  wrote:

> In Ambari under storm you can find the UI under quick links at
> the top.  That said, the issue seems to be upstream of Metron, in 
> NiFi.
> That is something I can't help with as much, but if you can share 
> the
> listensyslog processor config that would be a start.  Also, share 
> the
> config of the thing that is sending syslog as well (are these 
> local syslog,
> is that machine aggregating syslog from other machines, etc.).  
> Thanks,
>
> Jon
>
> On Fri, Jan 12, 2018, 01:00 Gaurav Bapat <
> gauravb3...@gmail.com> wrote:
>
>> I have created a

Re: Getting Syslogs to Metron

2018-01-15 Thread Gaurav Bapat

Hi Kyle,

I saw that I can ping from my OS to VM and from VM to OS. Looks like this
is some Kafka or Zookeeper environment variables setup issue, do I need to
configure that in vagrant ssh?

On 16 January 2018 at 08:59, Gaurav Bapat  wrote:

> Hey Kyle,
>
> I am running NiFi not on Ambari but on localhost:8089, I can ping from my
> OS terminal to node1 but can't ping from node1 to my OS terminal, I have
> attached few screenshots and the contents of /etc/hosts
>
> Thank You!
>
> On 15 January 2018 at 20:04, Kyle Richardson 
> wrote:
>
>> It looks like your Nifi instance is running on your laptop/desktop (e.g.
>> the VM host). My guess would be that name resolution or networking is not
>> properly configured between the host and the guest preventing the data from
>> getting from Nifi to Kafka. What's the contents of /etc/hosts on the VM
>> host? Can you ping node1 from the VM host by name and by IP address?
>>
>> -Kyle
>>
>> On Mon, Jan 15, 2018 at 6:55 AM, Gaurav Bapat 
>> wrote:
>>
>>> Failed while waiting for acks from Kafka is what I am getting in Kafka,
>>> am I missing some configuration with Kafka?
>>>
>>> On 15 January 2018 at 16:50, Gaurav Bapat  wrote:
>>>
 Hi Farrukh,

 I cant find any folder by my topic

 On 15 January 2018 at 16:33, Farrukh Naveed Anjum <
 anjum.farr...@gmail.com> wrote:

> Can you check /kafaka-logs on your VM box (It should have a folder
> named your topic). Can you check if it is there ?
>
> On Mon, Jan 15, 2018 at 3:49 PM, Gaurav Bapat 
> wrote:
>
>> I am not getting data into my Kafka topic
>>
>> I have used i5 4 Core Processor with 16 GB RAM and I have allocated
>> 12 GB RAM to my vagrant VM.
>>
>> I dont understand how to configure Kafka broker because it is giving
>> me failed while waiting for acks to Kafka
>>
>>
>>
>> On 15 January 2018 at 16:10, Farrukh Naveed Anjum <
>> anjum.farr...@gmail.com> wrote:
>>
>>> Can you tell me is your KAFKA Topic getting data ? What are you
>>> machine specifications ?
>>>
>>>
>>> On Mon, Jan 15, 2018 at 2:56 PM, Gaurav Bapat >> > wrote:
>>>
 Thanks Farrukh,

 I am not getting data in my kafka topic even after creating one,
 the issue seems to be with broker config, how to configure Kafka and
 Zookeeper port?

 On 15 January 2018 at 13:23, Farrukh Naveed Anjum <
 anjum.farr...@gmail.com> wrote:

> Hi,
>
> I had similar issue it turned out to be the issue in STROM
>
> No worker is assigned to togolgoy all you need is to add
> additional port in
>
>  Ambari -> Storm -> Configs -> supervisor.slot.ports by assigning
> an additional port to the list
>
>
> https://community.hortonworks.com/questions/32499/no-workers
> -in-storm-for-squid-topology.html
>
>
> I had similar issue and finally got it fixed
>
> On Mon, Jan 15, 2018 at 8:45 AM, Gaurav Bapat <
> gauravb3...@gmail.com> wrote:
>
>> Storm UI
>>
>> On 15 January 2018 at 08:59, Gaurav Bapat 
>> wrote:
>>
>>> Hey Jon,
>>>
>>> I have Storm UI and the logs are coming from firewalls, servers,
>>> etc from other machines(HP ArcSight Logger).
>>>
>>> I have attached the NiFi screenshots, my logs are coming but
>>> there is some error with Kafka and I am having issues with 
>>> configuring
>>> Kafka broker
>>>
>>>
>>>
>>> On 12 January 2018 at 18:14, zeo...@gmail.com 
>>> wrote:
>>>
 In Ambari under storm you can find the UI under quick links at
 the top.  That said, the issue seems to be upstream of Metron, in 
 NiFi.
 That is something I can't help with as much, but if you can share 
 the
 listensyslog processor config that would be a start.  Also, share 
 the
 config of the thing that is sending syslog as well (are these 
 local syslog,
 is that machine aggregating syslog from other machines, etc.).  
 Thanks,

 Jon

 On Fri, Jan 12, 2018, 01:00 Gaurav Bapat 
 wrote:

> I have created a Kafka topic "cef" but my Listen Syslogs is
> not getting logs in the processor.
>
> Also I checked using tcpdump -i and it is getting logs in my
> machine but ListenSyslogs is not getting the logs
>
> On 12

Re: Getting Syslogs to Metron

2018-01-15 Thread Gaurav Bapat

Hey Laurens,

My kafka processor says "Failed while waiting for acks from Kafka"

On 15 January 2018 at 21:00, Laurens Vets  wrote:

> Hi Gaurav,
>
> If you click on the red squares in the upper right corners of your
> processors, what error messages do you see?
>
> On 2018-01-14 19:29, Gaurav Bapat wrote:
>
> Hey Jon,
>
> I have Storm UI and the logs are coming from firewalls, servers, etc from
> other machines(HP ArcSight Logger).
>
> I have attached the NiFi screenshots, my logs are coming but there is some
> error with Kafka and I am having issues with configuring Kafka broker
>
>
>
> On 12 January 2018 at 18:14, zeo...@gmail.com  wrote:
>
>> In Ambari under storm you can find the UI under quick links at the top.
>> That said, the issue seems to be upstream of Metron, in NiFi.  That is
>> something I can't help with as much, but if you can share the listensyslog
>> processor config that would be a start.  Also, share the config of the
>> thing that is sending syslog as well (are these local syslog, is that
>> machine aggregating syslog from other machines, etc.).  Thanks,
>>
>> Jon
>>
>> On Fri, Jan 12, 2018, 01:00 Gaurav Bapat  wrote:
>>
>>> I have created a Kafka topic "cef" but my Listen Syslogs is not getting
>>> logs in the processor.
>>>
>>> Also I checked using tcpdump -i and it is getting logs in my machine but
>>> ListenSyslogs is not getting the logs
>>>
>>> On 12 January 2018 at 11:13, Gaurav Bapat  wrote:
>>>
 [root@metron incubator-metron]# ./metron-deployment/scripts/pl
 atform-info.sh
 Metron 0.4.3
 --
 * master
 --
 commit c559ed7e1838ec71344eae3d9e37771db2641635
 Author: cstella 
 Date:   Tue Jan 9 15:28:47 2018 -0500

 METRON-1379: Add an OBJECT_GET stellar function closes
 apache/incubator-metron#880
 --
  metron-deployment/vagrant/full-dev-platform/Vagrantfile | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 --
 ansible 2.0.0.2
   config file =
   configured module search path = Default w/o overrides
 --
 Vagrant 1.9.6
 --
 Python 2.7.5
 --
 Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5;
 2015-11-10T22:11:47+05:30)
 Maven home: /opt/maven/current
 Java version: 1.8.0_151, vendor: Oracle Corporation
 Java home: /opt/jdk1.8.0_151/jre
 Default locale: en_US, platform encoding: UTF-8
 OS name: "linux", version: "3.10.0-693.11.6.el7.x86_64", arch: "amd64",
 family: "unix"
 --
 Docker version 1.12.6, build ec8512b/1.12.6
 --
 node
 v8.9.3
 --
 npm
 5.5.1
 --
 g++ (GCC) 4.8.5 20150623 (Red Hat 4.8.5-16)
 Copyright (C) 2015 Free Software Foundation, Inc.
 This is free software; see the source for copying conditions.  There is
 NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
 PURPOSE.

 --
 Compiler is C++11 compliant
 --
 Linux metron.com 3.10.0-693.11.6.el7.x86_64 #1 SMP Thu Jan 4 01:06:37
 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
 --
 Total System Memory = 15773.3 MB
 Processor Model: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
 Processor Speed: 3320.875 MHz
 Processor Speed: 3307.191 MHz
 Processor Speed: 3376.699 MHz
 Processor Speed: 3338.917 MHz
 Total Physical Processors: 4
 Total cores: 16
 Disk information:
 /dev/mapper/centos-root  200G   22G  179G  11% /
 /dev/sda12.0G  224M  1.8G  11% /boot
 /dev/sda2   1022M   12K 1022M   1% /boot/efi
 /dev/mapper/centos-home  247G   10G  237G   5% /home
 This CPU appears to support virtualization

 On 12 January 2018 at 09:25, Gaurav Bapat 
 wrote:

> Hey Jon,
>
> Appreciate your timely reply.
>
> I gone through your answer but still I can't figure out how do I do
> parsing/indexing in Storm UI as I cant find any option for the same.
>
> Is there any other UI to do parsing/indexing?
>
>
>
> On 11 January 2018 at 21:22, zeo...@gmail.com 
> wrote:
>
>> So, you created a new cef topic, and set up the appropriate parser
>> config for it (if not, this
>> 
>> may be helpful)?  If so:
>>
>> Here are some basic troubleshooting steps:
>> 1.  Validate that the logs are getting onto the kafka topic that you
>> are sending to.  If they aren't there, the problem is upstream from 
>> Metron.
>> 2.  If they are getting onto the kafka topic they are being directly
>> sent to, check the indexing kafka topic for an enriched version of those
>> same logs.
>> 3.  Do a binary search of the various components involved with ingest.
>> a. If the logs are *not* on the

Re: Getting Syslogs to Metron

2018-01-15 Thread Kyle Richardson

It looks like your Nifi instance is running on your laptop/desktop (e.g.
the VM host). My guess would be that name resolution or networking is not
properly configured between the host and the guest preventing the data from
getting from Nifi to Kafka. What's the contents of /etc/hosts on the VM
host? Can you ping node1 from the VM host by name and by IP address?

-Kyle

On Mon, Jan 15, 2018 at 6:55 AM, Gaurav Bapat  wrote:

> Failed while waiting for acks from Kafka is what I am getting in Kafka, am
> I missing some configuration with Kafka?
>
> On 15 January 2018 at 16:50, Gaurav Bapat  wrote:
>
>> Hi Farrukh,
>>
>> I cant find any folder by my topic
>>
>> On 15 January 2018 at 16:33, Farrukh Naveed Anjum <
>> anjum.farr...@gmail.com> wrote:
>>
>>> Can you check /kafaka-logs on your VM box (It should have a folder named
>>> your topic). Can you check if it is there ?
>>>
>>> On Mon, Jan 15, 2018 at 3:49 PM, Gaurav Bapat 
>>> wrote:
>>>
 I am not getting data into my Kafka topic

 I have used i5 4 Core Processor with 16 GB RAM and I have allocated 12
 GB RAM to my vagrant VM.

 I dont understand how to configure Kafka broker because it is giving me
 failed while waiting for acks to Kafka



 On 15 January 2018 at 16:10, Farrukh Naveed Anjum <
 anjum.farr...@gmail.com> wrote:

> Can you tell me is your KAFKA Topic getting data ? What are you
> machine specifications ?
>
>
> On Mon, Jan 15, 2018 at 2:56 PM, Gaurav Bapat 
> wrote:
>
>> Thanks Farrukh,
>>
>> I am not getting data in my kafka topic even after creating one, the
>> issue seems to be with broker config, how to configure Kafka and 
>> Zookeeper
>> port?
>>
>> On 15 January 2018 at 13:23, Farrukh Naveed Anjum <
>> anjum.farr...@gmail.com> wrote:
>>
>>> Hi,
>>>
>>> I had similar issue it turned out to be the issue in STROM
>>>
>>> No worker is assigned to togolgoy all you need is to add additional
>>> port in
>>>
>>>  Ambari -> Storm -> Configs -> supervisor.slot.ports by assigning an
>>> additional port to the list
>>>
>>>
>>> https://community.hortonworks.com/questions/32499/no-workers
>>> -in-storm-for-squid-topology.html
>>>
>>>
>>> I had similar issue and finally got it fixed
>>>
>>> On Mon, Jan 15, 2018 at 8:45 AM, Gaurav Bapat >> > wrote:
>>>
 Storm UI

 On 15 January 2018 at 08:59, Gaurav Bapat 
 wrote:

> Hey Jon,
>
> I have Storm UI and the logs are coming from firewalls, servers,
> etc from other machines(HP ArcSight Logger).
>
> I have attached the NiFi screenshots, my logs are coming but there
> is some error with Kafka and I am having issues with configuring Kafka
> broker
>
>
>
> On 12 January 2018 at 18:14, zeo...@gmail.com 
> wrote:
>
>> In Ambari under storm you can find the UI under quick links at
>> the top.  That said, the issue seems to be upstream of Metron, in 
>> NiFi.
>> That is something I can't help with as much, but if you can share the
>> listensyslog processor config that would be a start.  Also, share the
>> config of the thing that is sending syslog as well (are these local 
>> syslog,
>> is that machine aggregating syslog from other machines, etc.).  
>> Thanks,
>>
>> Jon
>>
>> On Fri, Jan 12, 2018, 01:00 Gaurav Bapat 
>> wrote:
>>
>>> I have created a Kafka topic "cef" but my Listen Syslogs is not
>>> getting logs in the processor.
>>>
>>> Also I checked using tcpdump -i and it is getting logs in my
>>> machine but ListenSyslogs is not getting the logs
>>>
>>> On 12 January 2018 at 11:13, Gaurav Bapat >> > wrote:
>>>
 [root@metron incubator-metron]# ./metron-deployment/scripts/pl
 atform-info.sh
 Metron 0.4.3
 --
 * master
 --
 commit c559ed7e1838ec71344eae3d9e37771db2641635
 Author: cstella 
 Date:   Tue Jan 9 15:28:47 2018 -0500

 METRON-1379: Add an OBJECT_GET stellar function closes
 apache/incubator-metron#880
 --
  metron-deployment/vagrant/full-dev-platform/Vagrantfile | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 --
 ansible 2.0.0.2
   config file =
   configured module search path = Default w/o overrides

Re: Getting Syslogs to Metron

2018-01-15 Thread Gaurav Bapat

Hi Farrukh,

I cant find any folder by my topic

On 15 January 2018 at 16:33, Farrukh Naveed Anjum 
wrote:

> Can you check /kafaka-logs on your VM box (It should have a folder named
> your topic). Can you check if it is there ?
>
> On Mon, Jan 15, 2018 at 3:49 PM, Gaurav Bapat 
> wrote:
>
>> I am not getting data into my Kafka topic
>>
>> I have used i5 4 Core Processor with 16 GB RAM and I have allocated 12 GB
>> RAM to my vagrant VM.
>>
>> I dont understand how to configure Kafka broker because it is giving me
>> failed while waiting for acks to Kafka
>>
>>
>>
>> On 15 January 2018 at 16:10, Farrukh Naveed Anjum <
>> anjum.farr...@gmail.com> wrote:
>>
>>> Can you tell me is your KAFKA Topic getting data ? What are you machine
>>> specifications ?
>>>
>>>
>>> On Mon, Jan 15, 2018 at 2:56 PM, Gaurav Bapat 
>>> wrote:
>>>
 Thanks Farrukh,

 I am not getting data in my kafka topic even after creating one, the
 issue seems to be with broker config, how to configure Kafka and Zookeeper
 port?

 On 15 January 2018 at 13:23, Farrukh Naveed Anjum <
 anjum.farr...@gmail.com> wrote:

> Hi,
>
> I had similar issue it turned out to be the issue in STROM
>
> No worker is assigned to togolgoy all you need is to add additional
> port in
>
>  Ambari -> Storm -> Configs -> supervisor.slot.ports by assigning an
> additional port to the list
>
>
> https://community.hortonworks.com/questions/32499/no-workers
> -in-storm-for-squid-topology.html
>
>
> I had similar issue and finally got it fixed
>
> On Mon, Jan 15, 2018 at 8:45 AM, Gaurav Bapat 
> wrote:
>
>> Storm UI
>>
>> On 15 January 2018 at 08:59, Gaurav Bapat 
>> wrote:
>>
>>> Hey Jon,
>>>
>>> I have Storm UI and the logs are coming from firewalls, servers, etc
>>> from other machines(HP ArcSight Logger).
>>>
>>> I have attached the NiFi screenshots, my logs are coming but there
>>> is some error with Kafka and I am having issues with configuring Kafka
>>> broker
>>>
>>>
>>>
>>> On 12 January 2018 at 18:14, zeo...@gmail.com 
>>> wrote:
>>>
 In Ambari under storm you can find the UI under quick links at the
 top.  That said, the issue seems to be upstream of Metron, in NiFi.  
 That
 is something I can't help with as much, but if you can share the
 listensyslog processor config that would be a start.  Also, share the
 config of the thing that is sending syslog as well (are these local 
 syslog,
 is that machine aggregating syslog from other machines, etc.).  Thanks,

 Jon

 On Fri, Jan 12, 2018, 01:00 Gaurav Bapat 
 wrote:

> I have created a Kafka topic "cef" but my Listen Syslogs is not
> getting logs in the processor.
>
> Also I checked using tcpdump -i and it is getting logs in my
> machine but ListenSyslogs is not getting the logs
>
> On 12 January 2018 at 11:13, Gaurav Bapat 
> wrote:
>
>> [root@metron incubator-metron]# ./metron-deployment/scripts/pl
>> atform-info.sh
>> Metron 0.4.3
>> --
>> * master
>> --
>> commit c559ed7e1838ec71344eae3d9e37771db2641635
>> Author: cstella 
>> Date:   Tue Jan 9 15:28:47 2018 -0500
>>
>> METRON-1379: Add an OBJECT_GET stellar function closes
>> apache/incubator-metron#880
>> --
>>  metron-deployment/vagrant/full-dev-platform/Vagrantfile | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>> --
>> ansible 2.0.0.2
>>   config file =
>>   configured module search path = Default w/o overrides
>> --
>> Vagrant 1.9.6
>> --
>> Python 2.7.5
>> --
>> Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5;
>> 2015-11-10T22:11:47+05:30)
>> Maven home: /opt/maven/current
>> Java version: 1.8.0_151, vendor: Oracle Corporation
>> Java home: /opt/jdk1.8.0_151/jre
>> Default locale: en_US, platform encoding: UTF-8
>> OS name: "linux", version: "3.10.0-693.11.6.el7.x86_64", arch:
>> "amd64", family: "unix"
>> --
>> Docker version 1.12.6, build ec8512b/1.12.6
>> --
>> node
>> v8.9.3
>> --
>> npm
>> 5.5.1
>> --
>> g++ (GCC) 4.8.5 20150623 (Red Hat 4.8.5-16)
>> Copyright (C) 2015 Free Software Foundation, Inc.
>> This is free software; see the source for copying conditions.
>> There is NO
>> warranty; not

Re: Getting Syslogs to Metron

2018-01-15 Thread Farrukh Naveed Anjum

Can you check /kafaka-logs on your VM box (It should have a folder named
your topic). Can you check if it is there ?

On Mon, Jan 15, 2018 at 3:49 PM, Gaurav Bapat  wrote:

> I am not getting data into my Kafka topic
>
> I have used i5 4 Core Processor with 16 GB RAM and I have allocated 12 GB
> RAM to my vagrant VM.
>
> I dont understand how to configure Kafka broker because it is giving me
> failed while waiting for acks to Kafka
>
>
>
> On 15 January 2018 at 16:10, Farrukh Naveed Anjum  > wrote:
>
>> Can you tell me is your KAFKA Topic getting data ? What are you machine
>> specifications ?
>>
>>
>> On Mon, Jan 15, 2018 at 2:56 PM, Gaurav Bapat 
>> wrote:
>>
>>> Thanks Farrukh,
>>>
>>> I am not getting data in my kafka topic even after creating one, the
>>> issue seems to be with broker config, how to configure Kafka and Zookeeper
>>> port?
>>>
>>> On 15 January 2018 at 13:23, Farrukh Naveed Anjum <
>>> anjum.farr...@gmail.com> wrote:
>>>
 Hi,

 I had similar issue it turned out to be the issue in STROM

 No worker is assigned to togolgoy all you need is to add additional
 port in

  Ambari -> Storm -> Configs -> supervisor.slot.ports by assigning an
 additional port to the list


 https://community.hortonworks.com/questions/32499/no-workers
 -in-storm-for-squid-topology.html


 I had similar issue and finally got it fixed

 On Mon, Jan 15, 2018 at 8:45 AM, Gaurav Bapat 
 wrote:

> Storm UI
>
> On 15 January 2018 at 08:59, Gaurav Bapat 
> wrote:
>
>> Hey Jon,
>>
>> I have Storm UI and the logs are coming from firewalls, servers, etc
>> from other machines(HP ArcSight Logger).
>>
>> I have attached the NiFi screenshots, my logs are coming but there is
>> some error with Kafka and I am having issues with configuring Kafka 
>> broker
>>
>>
>>
>> On 12 January 2018 at 18:14, zeo...@gmail.com 
>> wrote:
>>
>>> In Ambari under storm you can find the UI under quick links at the
>>> top.  That said, the issue seems to be upstream of Metron, in NiFi.  
>>> That
>>> is something I can't help with as much, but if you can share the
>>> listensyslog processor config that would be a start.  Also, share the
>>> config of the thing that is sending syslog as well (are these local 
>>> syslog,
>>> is that machine aggregating syslog from other machines, etc.).  Thanks,
>>>
>>> Jon
>>>
>>> On Fri, Jan 12, 2018, 01:00 Gaurav Bapat 
>>> wrote:
>>>
 I have created a Kafka topic "cef" but my Listen Syslogs is not
 getting logs in the processor.

 Also I checked using tcpdump -i and it is getting logs in my
 machine but ListenSyslogs is not getting the logs

 On 12 January 2018 at 11:13, Gaurav Bapat 
 wrote:

> [root@metron incubator-metron]# ./metron-deployment/scripts/pl
> atform-info.sh
> Metron 0.4.3
> --
> * master
> --
> commit c559ed7e1838ec71344eae3d9e37771db2641635
> Author: cstella 
> Date:   Tue Jan 9 15:28:47 2018 -0500
>
> METRON-1379: Add an OBJECT_GET stellar function closes
> apache/incubator-metron#880
> --
>  metron-deployment/vagrant/full-dev-platform/Vagrantfile | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> --
> ansible 2.0.0.2
>   config file =
>   configured module search path = Default w/o overrides
> --
> Vagrant 1.9.6
> --
> Python 2.7.5
> --
> Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5;
> 2015-11-10T22:11:47+05:30)
> Maven home: /opt/maven/current
> Java version: 1.8.0_151, vendor: Oracle Corporation
> Java home: /opt/jdk1.8.0_151/jre
> Default locale: en_US, platform encoding: UTF-8
> OS name: "linux", version: "3.10.0-693.11.6.el7.x86_64", arch:
> "amd64", family: "unix"
> --
> Docker version 1.12.6, build ec8512b/1.12.6
> --
> node
> v8.9.3
> --
> npm
> 5.5.1
> --
> g++ (GCC) 4.8.5 20150623 (Red Hat 4.8.5-16)
> Copyright (C) 2015 Free Software Foundation, Inc.
> This is free software; see the source for copying conditions.
> There is NO
> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
> PURPOSE.
>
> --
> Compiler is C++11 compliant
> --
> Linux metron.com 3.10.0-693.11.6.el7.x86_64 #1 SMP Thu Jan 4
> 01:06:37 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

Re: Getting Syslogs to Metron

2018-01-15 Thread Farrukh Naveed Anjum

Can you tell me is your KAFKA Topic getting data ? What are you machine
specifications ?


On Mon, Jan 15, 2018 at 2:56 PM, Gaurav Bapat  wrote:

> Thanks Farrukh,
>
> I am not getting data in my kafka topic even after creating one, the issue
> seems to be with broker config, how to configure Kafka and Zookeeper port?
>
> On 15 January 2018 at 13:23, Farrukh Naveed Anjum  > wrote:
>
>> Hi,
>>
>> I had similar issue it turned out to be the issue in STROM
>>
>> No worker is assigned to togolgoy all you need is to add additional port
>> in
>>
>>  Ambari -> Storm -> Configs -> supervisor.slot.ports by assigning an
>> additional port to the list
>>
>>
>> https://community.hortonworks.com/questions/32499/no-workers
>> -in-storm-for-squid-topology.html
>>
>>
>> I had similar issue and finally got it fixed
>>
>> On Mon, Jan 15, 2018 at 8:45 AM, Gaurav Bapat 
>> wrote:
>>
>>> Storm UI
>>>
>>> On 15 January 2018 at 08:59, Gaurav Bapat  wrote:
>>>
 Hey Jon,

 I have Storm UI and the logs are coming from firewalls, servers, etc
 from other machines(HP ArcSight Logger).

 I have attached the NiFi screenshots, my logs are coming but there is
 some error with Kafka and I am having issues with configuring Kafka broker



 On 12 January 2018 at 18:14, zeo...@gmail.com  wrote:

> In Ambari under storm you can find the UI under quick links at the
> top.  That said, the issue seems to be upstream of Metron, in NiFi.  That
> is something I can't help with as much, but if you can share the
> listensyslog processor config that would be a start.  Also, share the
> config of the thing that is sending syslog as well (are these local 
> syslog,
> is that machine aggregating syslog from other machines, etc.).  Thanks,
>
> Jon
>
> On Fri, Jan 12, 2018, 01:00 Gaurav Bapat 
> wrote:
>
>> I have created a Kafka topic "cef" but my Listen Syslogs is not
>> getting logs in the processor.
>>
>> Also I checked using tcpdump -i and it is getting logs in my machine
>> but ListenSyslogs is not getting the logs
>>
>> On 12 January 2018 at 11:13, Gaurav Bapat 
>> wrote:
>>
>>> [root@metron incubator-metron]# ./metron-deployment/scripts/pl
>>> atform-info.sh
>>> Metron 0.4.3
>>> --
>>> * master
>>> --
>>> commit c559ed7e1838ec71344eae3d9e37771db2641635
>>> Author: cstella 
>>> Date:   Tue Jan 9 15:28:47 2018 -0500
>>>
>>> METRON-1379: Add an OBJECT_GET stellar function closes
>>> apache/incubator-metron#880
>>> --
>>>  metron-deployment/vagrant/full-dev-platform/Vagrantfile | 2 +-
>>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>> --
>>> ansible 2.0.0.2
>>>   config file =
>>>   configured module search path = Default w/o overrides
>>> --
>>> Vagrant 1.9.6
>>> --
>>> Python 2.7.5
>>> --
>>> Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5;
>>> 2015-11-10T22:11:47+05:30)
>>> Maven home: /opt/maven/current
>>> Java version: 1.8.0_151, vendor: Oracle Corporation
>>> Java home: /opt/jdk1.8.0_151/jre
>>> Default locale: en_US, platform encoding: UTF-8
>>> OS name: "linux", version: "3.10.0-693.11.6.el7.x86_64", arch:
>>> "amd64", family: "unix"
>>> --
>>> Docker version 1.12.6, build ec8512b/1.12.6
>>> --
>>> node
>>> v8.9.3
>>> --
>>> npm
>>> 5.5.1
>>> --
>>> g++ (GCC) 4.8.5 20150623 (Red Hat 4.8.5-16)
>>> Copyright (C) 2015 Free Software Foundation, Inc.
>>> This is free software; see the source for copying conditions.  There
>>> is NO
>>> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
>>> PURPOSE.
>>>
>>> --
>>> Compiler is C++11 compliant
>>> --
>>> Linux metron.com 3.10.0-693.11.6.el7.x86_64 #1 SMP Thu Jan 4
>>> 01:06:37 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
>>> --
>>> Total System Memory = 15773.3 MB
>>> Processor Model: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
>>> Processor Speed: 3320.875 MHz
>>> Processor Speed: 3307.191 MHz
>>> Processor Speed: 3376.699 MHz
>>> Processor Speed: 3338.917 MHz
>>> Total Physical Processors: 4
>>> Total cores: 16
>>> Disk information:
>>> /dev/mapper/centos-root  200G   22G  179G  11% /
>>> /dev/sda12.0G  224M  1.8G  11% /boot
>>> /dev/sda2   1022M   12K 1022M   1% /boot/efi
>>> /dev/mapper/centos-home  247G   10G  237G   5% /home
>>> This CPU appears to support virtualization
>>>
>>> On 12 January 2018 at 09:25, Gaurav Bapat 
>>> wrote:
>>>
 Hey Jon,

 Appreciate your timely reply.

 I gone

Re: Getting Syslogs to Metron

2018-01-15 Thread Gaurav Bapat

Thanks Farrukh,

I am not getting data in my kafka topic even after creating one, the issue
seems to be with broker config, how to configure Kafka and Zookeeper port?

On 15 January 2018 at 13:23, Farrukh Naveed Anjum 
wrote:

> Hi,
>
> I had similar issue it turned out to be the issue in STROM
>
> No worker is assigned to togolgoy all you need is to add additional port in
>
>  Ambari -> Storm -> Configs -> supervisor.slot.ports by assigning an
> additional port to the list
>
>
> https://community.hortonworks.com/questions/32499/no-
> workers-in-storm-for-squid-topology.html
>
>
> I had similar issue and finally got it fixed
>
> On Mon, Jan 15, 2018 at 8:45 AM, Gaurav Bapat 
> wrote:
>
>> Storm UI
>>
>> On 15 January 2018 at 08:59, Gaurav Bapat  wrote:
>>
>>> Hey Jon,
>>>
>>> I have Storm UI and the logs are coming from firewalls, servers, etc
>>> from other machines(HP ArcSight Logger).
>>>
>>> I have attached the NiFi screenshots, my logs are coming but there is
>>> some error with Kafka and I am having issues with configuring Kafka broker
>>>
>>>
>>>
>>> On 12 January 2018 at 18:14, zeo...@gmail.com  wrote:
>>>
 In Ambari under storm you can find the UI under quick links at the
 top.  That said, the issue seems to be upstream of Metron, in NiFi.  That
 is something I can't help with as much, but if you can share the
 listensyslog processor config that would be a start.  Also, share the
 config of the thing that is sending syslog as well (are these local syslog,
 is that machine aggregating syslog from other machines, etc.).  Thanks,

 Jon

 On Fri, Jan 12, 2018, 01:00 Gaurav Bapat  wrote:

> I have created a Kafka topic "cef" but my Listen Syslogs is not
> getting logs in the processor.
>
> Also I checked using tcpdump -i and it is getting logs in my machine
> but ListenSyslogs is not getting the logs
>
> On 12 January 2018 at 11:13, Gaurav Bapat 
> wrote:
>
>> [root@metron incubator-metron]# ./metron-deployment/scripts/pl
>> atform-info.sh
>> Metron 0.4.3
>> --
>> * master
>> --
>> commit c559ed7e1838ec71344eae3d9e37771db2641635
>> Author: cstella 
>> Date:   Tue Jan 9 15:28:47 2018 -0500
>>
>> METRON-1379: Add an OBJECT_GET stellar function closes
>> apache/incubator-metron#880
>> --
>>  metron-deployment/vagrant/full-dev-platform/Vagrantfile | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>> --
>> ansible 2.0.0.2
>>   config file =
>>   configured module search path = Default w/o overrides
>> --
>> Vagrant 1.9.6
>> --
>> Python 2.7.5
>> --
>> Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5;
>> 2015-11-10T22:11:47+05:30)
>> Maven home: /opt/maven/current
>> Java version: 1.8.0_151, vendor: Oracle Corporation
>> Java home: /opt/jdk1.8.0_151/jre
>> Default locale: en_US, platform encoding: UTF-8
>> OS name: "linux", version: "3.10.0-693.11.6.el7.x86_64", arch:
>> "amd64", family: "unix"
>> --
>> Docker version 1.12.6, build ec8512b/1.12.6
>> --
>> node
>> v8.9.3
>> --
>> npm
>> 5.5.1
>> --
>> g++ (GCC) 4.8.5 20150623 (Red Hat 4.8.5-16)
>> Copyright (C) 2015 Free Software Foundation, Inc.
>> This is free software; see the source for copying conditions.  There
>> is NO
>> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
>> PURPOSE.
>>
>> --
>> Compiler is C++11 compliant
>> --
>> Linux metron.com 3.10.0-693.11.6.el7.x86_64 #1 SMP Thu Jan 4
>> 01:06:37 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
>> --
>> Total System Memory = 15773.3 MB
>> Processor Model: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
>> Processor Speed: 3320.875 MHz
>> Processor Speed: 3307.191 MHz
>> Processor Speed: 3376.699 MHz
>> Processor Speed: 3338.917 MHz
>> Total Physical Processors: 4
>> Total cores: 16
>> Disk information:
>> /dev/mapper/centos-root  200G   22G  179G  11% /
>> /dev/sda12.0G  224M  1.8G  11% /boot
>> /dev/sda2   1022M   12K 1022M   1% /boot/efi
>> /dev/mapper/centos-home  247G   10G  237G   5% /home
>> This CPU appears to support virtualization
>>
>> On 12 January 2018 at 09:25, Gaurav Bapat 
>> wrote:
>>
>>> Hey Jon,
>>>
>>> Appreciate your timely reply.
>>>
>>> I gone through your answer but still I can't figure out how do I do
>>> parsing/indexing in Storm UI as I cant find any option for the same.
>>>
>>> Is there any other UI to do parsing/indexing?
>>>
>>>
>>>
>>> On 11 January 2018 at 21:22, zeo...@gmail.com 
>>> wrote:
>>>

Getting Syslogs to Metron

2018-01-10 Thread Gaurav Bapat

Hello everyone, I have deployed Metron on a single node machine and I would
like to know how do I get Syslogs from NiFi into Kibana dashboard?

I have created a Kafka topic by the name "cef" and I can see that the topic
exists in
Metron Configuration but I am unable to connect it with Kibana

Need Help!!

Re: Getting Syslogs to Metron

Re: Getting Syslogs to Metron

Re: Getting Syslogs to Metron

Re: Getting Syslogs to Metron

Re: Getting Syslogs to Metron

Re: Getting Syslogs to Metron

Re: Getting Syslogs to Metron

Re: Getting Syslogs to Metron

Re: Getting Syslogs to Metron

Re: Getting Syslogs to Metron

Re: Getting Syslogs to Metron

Getting Syslogs to Metron

12 matches

Site Navigation

Mail list logo

Footer information