[GitHub] incubator-metron issue #153: Fixed error when start up the system.

Github user AdrianP- commented on the issue: https://github.com/apache/incubator-metron/pull/153 Yes, with pip works correctly. Thanks! --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this fe

[GitHub] incubator-metron issue #153: Fixed error when start up the system.

Github user james-sirota commented on the issue: https://github.com/apache/incubator-metron/pull/153 Here are instructions on downgrading ansible. https://cwiki.apache.org/confluence/display/METRON/Downgrade+Ansible Can this pull request be closed? --- If your project is set up for

[GitHub] incubator-metron issue #156: METRON-235 Expose filtering capability for PCAP...

Github user james-sirota commented on the issue: https://github.com/apache/incubator-metron/pull/156 I agree with Casey. We need more docs on the CLI. What can I query for? Which commands should I run to validate this? --- If your project is set up for it, you can reply to this em

[GitHub] incubator-metron issue #157: METRON-224 Metron should build from top-level d...

Github user james-sirota commented on the issue: https://github.com/apache/incubator-metron/pull/157 + 1 was able to build from the top level pom. passing tests. thanks for your contribution, dave --- If your project is set up for it, you can reply to this email and have your repl

[GitHub] incubator-metron issue #157: METRON-224 Metron should build from top-level d...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/157 +1 I was able to package from the top-level and see that Travis still runs the integration tests. --- If your project is set up for it, you can reply to this email and have your reply a

Re: Removing historical data

I don't think we have the functionality that you are looking for yet. Feel free to open a JIRA to help define exactly what that might look like. I think providing some means of automatically managing data as it ages would be interesting. One approach I've been thinking about is trading some fide

Re: how to copy the kinana3 dashboard in metron ui to kibanba4

You might be interested in this PR. https://github.com/apache/incubator-metron/pull/158 On Thu, Jun 16, 2016 at 2:54 AM, lizhenm...@163.com wrote: > > hi all: > When i use the latest master branch, there is no dashboard in the > kibana4. How to config the kibana4 to view the data like the o

[GitHub] incubator-metron pull request #158: METRON-219 Create Default Metron Dashboa...

GitHub user nickwallen opened a pull request: https://github.com/apache/incubator-metron/pull/158 METRON-219 Create Default Metron Dashboard for Kibana 4 [METRON-219](https://issues.apache.org/jira/browse/METRON-219) There is no sensible default dashboard that is created for

[GitHub] incubator-metron pull request #157: METRON-224 Metron should build from top-...

GitHub user dlyle65535 opened a pull request: https://github.com/apache/incubator-metron/pull/157 METRON-224 Metron should build from top-level directory NOTE - During testing of this PR, I found an issue with Apache Rat on Master. The pom in metron-platform is not currently being c

[GitHub] incubator-metron pull request #156: METRON-235 Expose filtering capability f...

Github user mmiklavc commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/156#discussion_r67431086 --- Diff: metron-platform/metron-pcap-backend/src/main/java/org/apache/metron/pcap/query/PcapCli.java --- @@ -0,0 +1,168 @@ +/** + * Licen

[GitHub] incubator-metron pull request #156: METRON-235 Expose filtering capability f...

Github user cestella commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/156#discussion_r67424320 --- Diff: metron-platform/metron-pcap-backend/src/main/java/org/apache/metron/pcap/query/FixedCliParser.java --- @@ -0,0 +1,66 @@ +/** + *

[GitHub] incubator-metron issue #156: METRON-235 Expose filtering capability for PCAP...

Github user cestella commented on the issue: https://github.com/apache/incubator-metron/pull/156 Overall outside of the things I mentioned, this looks really great. Solid contribution @mmiklavc. The only other thing that I would add is to please document this as part of the README.m

[GitHub] incubator-metron pull request #156: METRON-235 Expose filtering capability f...

Github user cestella commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/156#discussion_r67422356 --- Diff: metron-platform/metron-pcap-backend/src/main/java/org/apache/metron/pcap/query/PcapCli.java --- @@ -0,0 +1,168 @@ +/** + * Licen

[GitHub] incubator-metron pull request #156: METRON-235 Expose filtering capability f...

Github user mmiklavc commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/156#discussion_r67422278 --- Diff: metron-platform/metron-pcap-backend/src/main/scripts/pcap_query.sh --- @@ -0,0 +1,34 @@ +#!/bin/bash +# +# Licensed to the A

[GitHub] incubator-metron pull request #156: METRON-235 Expose filtering capability f...

Github user mmiklavc commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/156#discussion_r67422111 --- Diff: metron-platform/metron-pcap-backend/src/main/java/org/apache/metron/pcap/query/PcapCli.java --- @@ -0,0 +1,168 @@ +/** + * Licen

[GitHub] incubator-metron pull request #156: METRON-235 Expose filtering capability f...

Github user cestella commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/156#discussion_r67422117 --- Diff: metron-platform/metron-pcap-backend/src/main/java/org/apache/metron/pcap/query/CliParser.java --- @@ -0,0 +1,83 @@ +/** + * Lice

[GitHub] incubator-metron pull request #156: METRON-235 Expose filtering capability f...

Github user cestella commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/156#discussion_r67421802 --- Diff: metron-platform/metron-pcap-backend/src/main/java/org/apache/metron/pcap/query/CliParser.java --- @@ -0,0 +1,83 @@ +/** + * Lice

[GitHub] incubator-metron pull request #156: METRON-235 Expose filtering capability f...

Github user cestella commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/156#discussion_r67421199 --- Diff: metron-platform/metron-pcap-backend/src/main/java/org/apache/metron/pcap/query/PcapCli.java --- @@ -0,0 +1,168 @@ +/** + * Licen

[GitHub] incubator-metron pull request #156: METRON-235 Expose filtering capability f...

Github user cestella commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/156#discussion_r67421145 --- Diff: metron-platform/metron-pcap-backend/src/main/java/org/apache/metron/pcap/query/PcapCli.java --- @@ -0,0 +1,168 @@ +/** + * Licen

[GitHub] incubator-metron pull request #156: METRON-235 Expose filtering capability f...

Github user cestella commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/156#discussion_r67420651 --- Diff: metron-platform/metron-pcap-backend/src/main/scripts/pcap_query.sh --- @@ -0,0 +1,34 @@ +#!/bin/bash +# +# Licensed to the A

[GitHub] incubator-metron pull request #156: METRON-235 Expose filtering capability f...

Github user cestella commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/156#discussion_r67420354 --- Diff: metron-platform/metron-pcap-backend/src/main/java/org/apache/metron/pcap/query/QueryCliParser.java --- @@ -0,0 +1,57 @@ +/** + *

[GitHub] incubator-metron pull request #156: METRON-235 Expose filtering capability f...

Github user cestella commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/156#discussion_r67420179 --- Diff: metron-platform/metron-pcap-backend/src/main/java/org/apache/metron/pcap/query/PcapCli.java --- @@ -0,0 +1,168 @@ +/** + * Licen

[GitHub] incubator-metron pull request #156: METRON-235 Expose filtering capability f...

Github user cestella commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/156#discussion_r67420022 --- Diff: metron-platform/metron-pcap-backend/src/main/java/org/apache/metron/pcap/query/PcapCli.java --- @@ -0,0 +1,168 @@ +/** + * Licen

[GitHub] incubator-metron pull request #156: METRON-235 Expose filtering capability f...

Github user cestella commented on a diff in the pull request: https://github.com/apache/incubator-metron/pull/156#discussion_r67419245 --- Diff: metron-platform/metron-pcap-backend/src/main/java/org/apache/metron/pcap/query/CliParser.java --- @@ -0,0 +1,83 @@ +/** + * Lice

[GitHub] incubator-metron pull request #156: METRON-235 Expose filtering capability f...

GitHub user mmiklavc opened a pull request: https://github.com/apache/incubator-metron/pull/156 METRON-235 Expose filtering capability for PCAP via CLI tool In the process of testing with Vagrant, but wanted to get this in front of people for review. Relevant Jira: http

[GitHub] incubator-metron pull request #152: METRON-228: Fixing NPE when enrichment c...

Github user asfgit closed the pull request at: https://github.com/apache/incubator-metron/pull/152 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the featu

[GitHub] incubator-metron pull request #154: METRON-230: Bro parser should throw exce...

Github user asfgit closed the pull request at: https://github.com/apache/incubator-metron/pull/154 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the featu

[GitHub] incubator-metron pull request #155: METRON-231: Snort parser should throw ex...

Github user asfgit closed the pull request at: https://github.com/apache/incubator-metron/pull/155 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the featu

Re: Removing historical data

What Merton thinks is old? (I mean when Merton purges data) About backup data I mean having some space for hdfs and having separate partition (or machine) for historical data. On 14 Jun 2016 22:10, "Nick Allen" wrote: > The standard deployment does setup some cleanup tasks that purges 'old' > dat

[GitHub] incubator-metron issue #155: METRON-231: Snort parser should throw exception

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/155 +1 Looks good --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishe

[GitHub] incubator-metron issue #154: METRON-230: Bro parser should throw exception

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/154 👍 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or

[GitHub] incubator-metron issue #155: METRON-231: Snort parser should throw exception

Github user dlyle65535 commented on the issue: https://github.com/apache/incubator-metron/pull/155 +1 - ran on quick-dev-vagrant, worked like a champ. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does n

[GitHub] incubator-metron issue #154: METRON-230: Bro parser should throw exception

Github user dlyle65535 commented on the issue: https://github.com/apache/incubator-metron/pull/154 +1 works great in quick-dev-vagrant. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this fe

[GitHub] incubator-metron issue #152: METRON-228: Fixing NPE when enrichment config d...

Github user merrimanr commented on the issue: https://github.com/apache/incubator-metron/pull/152 +1 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if

[GitHub] incubator-metron pull request #151: METRON-223: Invalid and Erroneous messag...

Github user asfgit closed the pull request at: https://github.com/apache/incubator-metron/pull/151 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the featu

[GitHub] incubator-metron issue #151: METRON-223: Invalid and Erroneous messages shou...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/151 +1 Tested on EC2 successfully --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature e

[GitHub] incubator-metron issue #151: METRON-223: Invalid and Erroneous messages shou...

Github user nickwallen commented on the issue: https://github.com/apache/incubator-metron/pull/151 +1 Tested on EC2 successfully --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature e

[GitHub] incubator-metron issue #152: METRON-228: Fixing NPE when enrichment config d...

Github user dlyle65535 commented on the issue: https://github.com/apache/incubator-metron/pull/152 +1. Tested on EC2. Ran squid parser without enrichment configuration. Data made it to the index and there was no NPE. Nice work. --- If your project is set up for it, you can reply to t

[GitHub] incubator-metron issue #142: METRON-204: Field Transformation Domain Specifi...

Github user merrimanr commented on the issue: https://github.com/apache/incubator-metron/pull/142 Awesome! +1 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes s

[GitHub] incubator-metron pull request #142: METRON-204: Field Transformation Domain ...

Github user asfgit closed the pull request at: https://github.com/apache/incubator-metron/pull/142 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the featu

[GitHub] incubator-metron issue #142: METRON-204: Field Transformation Domain Specifi...

Github user dlyle65535 commented on the issue: https://github.com/apache/incubator-metron/pull/142 +1, really great stuff! --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled

[DISCUSS] Bylaws discussion

I'd like to get the Apache bylaws that we have on the website discussed and possibly voted in. Does anyone have anything to object to in the bylaws as listed here ? Casey

[GitHub] incubator-metron issue #142: METRON-204: Field Transformation Domain Specifi...

Github user cestella commented on the issue: https://github.com/apache/incubator-metron/pull/142 I have modified the squid parser to use the MTL transformer to extract the subdomain-less hostname rather than using grok. So, in order to test this, you should be able to * create t

[GitHub] incubator-metron pull request #155: METRON-231: Snort parser should throw ex...

GitHub user cestella opened a pull request: https://github.com/apache/incubator-metron/pull/155 METRON-231: Snort parser should throw exception Snort parser returns null when we should be throwing an exception in the event of an improperly formatted message. An exception will resul

[GitHub] incubator-metron pull request #154: METRON-230: Bro parser should throw exce...

GitHub user cestella opened a pull request: https://github.com/apache/incubator-metron/pull/154 METRON-230: Bro parser should throw exception Right now, if an invalid message comes to the bro parser, it returns null, which is interpreted as no messages from the parser. INstead, we

[GitHub] incubator-metron issue #153: Fixed error when start up the system.

Github user dlyle65535 commented on the issue: https://github.com/apache/incubator-metron/pull/153 Can you install it using pip? --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature e

[GitHub] incubator-metron issue #153: Fixed error when start up the system.

Github user AdrianP- commented on the issue: https://github.com/apache/incubator-metron/pull/153 Perfect, but we have a problem because that packet doesn't exist in ppa: https://launchpad.net/~ansible/+archive/ubuntu/ansible --- If your project is set up for it, you can reply to this

[GitHub] incubator-metron issue #153: Fixed error when start up the system.

Github user dlyle65535 commented on the issue: https://github.com/apache/incubator-metron/pull/153 That makes sense. Please use the versions outlined here: https://github.com/apache/incubator-metron/blob/master/metron-deployment/vagrant/full-dev-platform/README.md. Ansible 2.1

[GitHub] incubator-metron issue #153: Fixed error when start up the system.

Github user AdrianP- commented on the issue: https://github.com/apache/incubator-metron/pull/153 I have Python 2.7.6 and Ansible 2.1.0.0. However, I have a lot of problems with the start up. Fixed this problem, several steps forward get: ` TASK [metron_elasticsear

[GitHub] incubator-metron issue #153: Fixed error when start up the system.

Github user dlyle65535 commented on the issue: https://github.com/apache/incubator-metron/pull/153 Hi, Thanks for the contribution. Could you tell me what versions of Ansible and Python you're running? I don't actually get this error with Ansible 2.0.0.2 and Python 2.7.11.

Re: ML features for Metron

Hi Yazan, others I've ran through and added some of my ideas. This is my first time with user stories, so please provide any constructive feedback, whatsoever, and forgive me for breaking any conventions, of which I know none :) My input evolves around exploiting that a SOC is generating labels f

[GitHub] incubator-metron pull request #153: Fixed error when start up the system.

GitHub user AdrianP- opened a pull request: https://github.com/apache/incubator-metron/pull/153 Fixed error when start up the system. When start ./run.sh, this error appeard: fatal: [node1]: FAILED! => {"changed": false, "failed": true, "msg": "value of wait_for_complete must be