Metron upgrade from 040 to 041

Morning gents, Congratulations on 0.4.1. As you are aware I have a 3 node bare bones Centos 7 install. Metron 0.4.0 with HDP 2.5 bare-metal install on Centos 7 with MariaDB for Metron REST

RE: 192.168.138.158 address in yaf index

data. Simon On 21 Sep 2017, at 00:29, Frank Horsfall mailto:frankhorsf...@cunet.carleton.ca>> wrote: Morning all, I have several logs showing an address of 192.168.138.158 as ip_src_addr and 192.168.138.2 as ip_dst_addr. My internal network does not have the 192.168.0.0/24<http://192

192.168.138.158 address in yaf index

Morning all, I have several logs showing an address of 192.168.138.158 as ip_src_addr and 192.168.138.2 as ip_dst_addr. My internal network does not have the 192.168.0.0/24 range which leads me to believe that somewhere there is a test record with the data. Would anybody know where I might be

RE: [ANNOUNCE] Apache Metron Release 0.4.1

Congrats guys! Frank From: zeo...@gmail.com [mailto:zeo...@gmail.com] Sent: Tuesday, September 19, 2017 4:23 PM To: Matt Foley ; d...@metron.apache.org; user@metron.apache.org Subject: Re: [ANNOUNCE] Apache Metron Release 0.4.1 Great job everybody, this is a really top notch release. Well do

Question regarding telemetry

Hello all. While reviewing the tutorial on enhancing the Metron Dashboard I came across an interesting entry to create the index template for Squid. Is the reference to bro_doc correct? https://cwiki.apache.org/confluence/display/METRON/Enhancing+Metron+Dashboard curl -XPOST $

RE: Grok Parser issues

:35, "Frank Horsfall" mailto:frankhorsf...@cunet.carleton.ca>> wrote: I’ll get back to you once I have it running. Frank From: Girish N [mailto:giri.narasimha.mur...@gmail.com<mailto:giri.narasimha.mur...@gmail.com>] Sent: Wednesday, September 13, 2017 12:26 PM To:

RE: Grok Parser issues

under the advanced settings in Metron [cid:image003.png@01D32CA6.7EF1DE90] Cheers, Frank From: Ryan Merriman [mailto:merrim...@gmail.com] Sent: Wednesday, September 13, 2017 11:17 AM To: user@metron.apache.org Subject: Re: Grok Parser issues Yes On Wed, Sep 13, 2017 at 10:02 AM, Frank Horsfall

RE: Grok Parser issues

I’ll get back to you once I have it running. Frank From: Girish N [mailto:giri.narasimha.mur...@gmail.com] Sent: Wednesday, September 13, 2017 12:26 PM To: user@metron.apache.org Subject: Re: Grok Parser issues Yes I am also facing the same issues. On 13 Sep 2017 20:06, "Frank Hor

RE: Grok Parser issues

Sep 13, 2017 at 9:36 AM, Frank Horsfall mailto:frankhorsf...@cunet.carleton.ca>> wrote: Morning all, Is anyone else seeing this error? After successfully going through the telemetry tutorial with squid (https://cwiki.apache.org/confluence/display/METRON/Adding+a+New+Telemetry+Data+Source

Grok Parser issues

Morning all, Is anyone else seeing this error? After successfully going through the telemetry tutorial with squid (https://cwiki.apache.org/confluence/display/METRON/Adding+a+New+Telemetry+Data+Source ) I started the exercise of creating a new telemetry based on a data set I wish to use. T

RE: Clearing of data to start over

which I suspect is the backlog of events that have been queued for processing. Kindest Frank From: Laurens Vets [mailto:laur...@daemon.be] Sent: Wednesday, September 6, 2017 6:17 PM To: user@metron.apache.org Cc: Frank Horsfall Subject: Re: Clearing of data to start over Hi Frank, If you all

Re: Clearing of data to start over

Frank Sent from my Bell Samsung device over Canada's largest network. Original message From: Frank Horsfall Date: 2017-09-06 11:21 PM (GMT-05:00) To: user@metron.apache.org Subject: Re: Clearing of data to start over Excellent thanks Sent from my Bell Samsung d

Re: Clearing of data to start over

with your metron. That would then just write to kafka. So you can think of NiFi as being a bit like an agent or a forwarder. Good luck! Simon Sent from my iPhone On 7 Sep 2017, at 04:01, Frank Horsfall mailto:frankhorsf...@cunet.carleton.ca>> wrote: I'm on a role with questions. I&

Re: Clearing of data to start over

yslog, etc. Jon On Wed, Sep 6, 2017 at 11:01 PM Frank Horsfall mailto:frankhorsf...@cunet.carleton.ca>> wrote: I'm on a role with questions. I'm curious to see if I can relieve processing pressure by adding a new vm. Would you know how I would go about it? Also I would like to pu

Re: Clearing of data to start over

nt from my Bell Samsung device over Canada's largest network. Original message ---- From: Frank Horsfall Date: 2017-09-06 10:51 PM (GMT-05:00) To: user@metron.apache.org Subject: Re: Clearing of data to start over Also Laurens you recommended to make 3 Kafka brokers but the

Re: Clearing of data to start over

Frank Sent from my Bell Samsung device over Canada's largest network. Original message From: Frank Horsfall Date: 2017-09-06 10:38 PM (GMT-05:00) To: user@metron.apache.org Subject: Re: Clearing of data to start over Thanks Laurens and Nick. I want to let the queue

Re: Clearing of data to start over

27;s largest network. Original message From: Laurens Vets Date: 2017-09-06 6:17 PM (GMT-05:00) To: user@metron.apache.org Cc: Frank Horsfall Subject: Re: Clearing of data to start over Hi Frank, If you all your queues (Kafka/Storm) are empty, the following should work: - Deleting your e

RE: Clearing of data to start over

ly deleted synchronously with your request or if it is deleted asynchronously, (meaning eventually) after your request completes. I would imagine the latter, but that is a guess on my part. On Wed, Sep 6, 2017 at 5:43 PM Frank Horsfall mailto:frankhorsf...@cunet.carleton.ca>> wrote: Th

RE: Clearing of data to start over

u need to reload the rule set after you make a change. You can use "service snortd reload" or send a SIGHUP to the running process. On Wed, Sep 6, 2017 at 5:00 PM Frank Horsfall mailto:frankhorsf...@cunet.carleton.ca>> wrote: Hello all, I have installed a 3 node system using the b

Clearing of data to start over

Hello all, I have installed a 3 node system using the bare metal Centos 7 guideline. https://cwiki.apache.org/confluence/display/METRON/Metron+0.4.0+with+HDP+2.5+bare-metal+install+on+Centos+7+with+MariaDB+for+Metron+REST It has taken me a while to have all components working properly and I left

RE: Java Heap error on Enrichment

configs there is an item supervisor.childopts, this contains the Xmx setting you referenced which sets the maximum heap size for the Storm Supervisors which is most likely the cause of the OOM error. Hope this helps. Regards, Aaron From: Frank Horsfall [mailto:frankhorsf...@cunet.carleton.ca] Sent

Java Heap error on Enrichment

Good morning, I am going through the turtorial on adding a new telemetry and noticed that the enrichment process was generating a series java.lang.OutOfMemoryError: Research into the error suggests that I increase the java Xmx setting. Does anyone know where I can find this config? Kindest

RE: New install question

Ok thanks, I suspected that was the case. Frank From: Laurens Vets [mailto:laur...@daemon.be] Sent: Thursday, August 17, 2017 11:04 AM To: user@metron.apache.org Cc: Frank Horsfall Subject: Re: New install question Hi Frank, No, docker is only needed on the host you're building Metr

New install question

Hello I am going through the install procedure for 3 nodes at https://cwiki.apache.org/confluence/display/METRON/Metron+0.4.0+with+HDP+2.5+bare-metal+install+on+Centos+7+with+MariaDB+for+Metron+REST Just after the step where you verify that Maven is running on the master node there is a sectio

RE: Problem with metron reference App

tty { "nodes" : { "ocKBNPXRS86UNA_XJosInA" : { "settings" : { "bootstrap" : { "mlockall" : "True" } }, "process" : { "mlockall" : true } } }

Problem with metron reference App

Hello, I am currently working through the adding a new telemetry event located at https://cwiki.apache.org/confluence/display/METRON/Metron+0.4.0+with+HDP+2.5+bare-metal+install+on+Centos+7+with+MariaDB+for+Metron+REST Everything seems to be going well until I get to the last step 'Verify Event