Github user JonZeolla commented on the issue:
https://github.com/apache/incubator-metron/pull/531
I would love to see Metron have a solution for both approaches - ingesting
DHCP server logs, as well as DHCP observations based on network traffic. Like
@ottobackwards mentioned, not
Github user simonellistonball commented on the issue:
https://github.com/apache/incubator-metron/pull/531
The Bro parsers is actually pretty generic, and will take whatever json bro
dumps out. From a quick inspection you should just need to configure the bro
instance to send out
Github user ottobackwards commented on the issue:
https://github.com/apache/incubator-metron/pull/531
unless of course someone can't use bro for some reason
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/531
We also have a `JSONMapParser` that was contributed after the original Bro
parser. The data coming out of the Bro plugin can be configured to be JSON.
That's how we typically use
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/531
> As an alternative method for getting DHCP data out of pcap, you might
consider the existing Bro sensor, which essentially does what dhcpdump does...
The current Bro parser
Github user simonellistonball commented on the issue:
https://github.com/apache/incubator-metron/pull/531
As an alternative method for getting DHCP data out of pcap, you might
consider the existing Bro sensor, which essentially does what dhcpdump does,
but for a wider range of
Github user basvdl commented on the issue:
https://github.com/apache/incubator-metron/pull/531
@nickwallen, these are indeed the options we have discussed...
> I am going to lay out all of the possibilities that I can think of just
so that we don't leave any stone unturned.
