Re: Install Metron 0.4.0 on CentOS 7 with MySQL (MariaDB) for Metron REST.

Hi Laurens, Some related material is posted under https://cwiki.apache.org/confluence/display/METRON/Installation We’d be happy to have another experience recorded, since you found the existing docs inadequate. If you need help committing to the wiki, you can ping me. Thanks, --Matt On 5/8/17,

Re: Metron HBase conditional enrichment

Hi Ali, When writing Stellar statements, it is convenient to test them out in the REPL, which can be invoked via some variant of the commands in https://github.com/apache/metron/blob/master/metron-platform/metron-common/src/main/scripts/stellar , depending on the particular environment you’re wo

Re: Metron HBase conditional enrichment

NG, PROTOCOL_TO_NAME, REDUCE, REGEXP_MATCH, SPLIT, STARTS_WITH, STRING_ENTROPY, SYSTEM_ENV_GET, SYSTEM_PROPERTY_GET, TO_DOUBLE, TO_EPOCH_TIMESTAMP, TO_FLOAT, TO_INTEGER, TO_LONG, TO_LOWER, TO_STRING, TO_UPPER, TRIM, URL_TO_HOST, URL_TO_PATH, URL_TO_PORT, URL_TO_PROTOCOL, WEEK_OF_MONTH, WEEK_OF_YEAR,

Re: Metron HBase conditional enrichment

DOUBLE, TO_EPOCH_TIMESTAMP, TO_FLOAT, TO_INTEGER, TO_LONG, TO_LOWER, TO_STRING, TO_UPPER, TRIM, URL_TO_HOST, URL_TO_PATH, URL_TO_PORT, URL_TO_PROTOCOL, WEEK_OF_MONTH, WEEK_OF_YEAR, YEAR [Stellar]>>> On Thu, May 25, 2017 at 1:31 PM, Matt Foley mailto:mfo...@hortonworks.com>> wrote: Hi Ali, W

Re: Metron HBase conditional enrichment

pulls in all of the jars deployed to /usr/metron/(version)/lib. On May 25, 2017 3:29 PM, "Matt Foley" mailto:mfo...@hortonworks.com>> wrote: Nick is correct that in any given environment, only Stellar functions defined in jars on the current classpath will be available. Whe

Re: Metron components connectivity

➢ It is a shame there isn’t a reporting tool for ambari, that can query all the configurations in the database and report out ports and hosts……. There is. If you configure a “happy” cluster with Ambari, then tell Ambari to generate a blueprint, that will tell you the actual as-built values for

Re: Metron current version and Docker

Hi Simone, If I recall your previous email, you said you want to use an Ubuntu VM.  Can you use Centos 6 or 7 instead? The reason I ask is that for Centos there is an “Ambari manual install” procedure, which does not require Docker, Vagrant, or Ansible on the server.  In this scenario you j

Re: Metron current version and Docker

your Mac to the server. Did you read the article, and do you have any problems following it? For your other questions, please see in-line below. From: Otto Fowler Date: Thursday, June 8, 2017 at 1:25 PM To: "sml...@libero.it" , Matt Foley , "user@metron.apache.org"

Re: Metron current version and Docker

though it came from one of Metron’s sensors. From: Matt Foley on behalf of Matt Foley Reply-To: "user@metron.apache.org" Date: Thursday, June 8, 2017 at 3:46 PM To: "sml...@libero.it" , "user@metron.apache.org" Cc: Otto Fowler Subject: Re: Metron current version an

Re: Metron current version and Docker

list of questions/issues. I knwo that it is not so elegant into a mailing list but I'm a step from give up Metron. Even if I know that it would be a mistake. Thanks again if you could give some indications. Simone Il 8 giugno 2017 alle 20.40 Matt Foley mailto:ma...@apache.org>

[ANNOUNCE] Apache Metron 0.4.0 release

Friends and Colleagues, I’m happy to announce the completion and release of Apache Metron 0.4.0. Besides a bunch of great new features, this is also our first release as a TLP. The public website at http://metron.apache.org/ has been updated and has correct links to the new downloads and docs. F

Re: [ANNOUNCE] Apache Metron 0.4.0 release

BTW, if you’ve recently accessed any URIs under http://metron.apache.org/, you may need to hit “refresh” in your browser to see the new updated versions. On 7/5/17, 1:35 PM, "Matt Foley" wrote: Friends and Colleagues, I’m happy to announce the completion and release of Apa

Re: Building Metron_0.4.0 Help

I have the same problem with virtualbox on our Centos7 lab test VMs, which run on OpenStack. The only solutions I have are (a) running full-dev on my Mac, which is fairly awful due to memory constraints, or (b) do a traditional Ambari install on the lab VM – which actually works pretty well, an

Re: Integration of Honeeepi(honeypot sensor) with Metron

Hi Naveen, Does Honeeepi produce a stream of logs and/or alerts, that you would like to process? If not, you’ll need to define a “sensor” of sorts that will tell you when something interesting happens (or is happening) with the honeypot.  Metron does not help with that, although it can help

Re: Integration of Honeeepi(honeypot sensor) with Metron

+Data+Source * https://metron.apache.org/current-book/metron-platform/metron-parsers/index.html From: Matt Foley on behalf of Matt Foley Date: Monday, July 31, 2017 at 2:39 PM To: "user@metron.apache.org" Subject: Re: Integration of Honeeepi(honeypot sensor) with Metron

Re: profiler Syntax error

Hi Dima, Is it possible that the input parser is giving an unreasonable value for “destination_ip”? Or perhaps fails to provide an end quote for that value? Does this profile fail on the first message to be consumed, or does it get a ways into the data stream and then choke? In either case, c

Re: profiler Syntax error

Good eye, Otto! From: Otto Fowler Date: Wednesday, August 2, 2017 at 2:12 PM To: Matt Foley , "d...@metron.apache.org" , "user@metron.apache.org" Subject: Re: profiler Syntax error Can you try the rule without ‘in’ as a key? “in” is a reserved word in Stellar. What that

[ANNOUNCE] Apache Metron Release 0.4.1

Many thanks to all who contributed, and enjoy your new release! Warm regards, --Matt Foley release manager

Re: System Requrements

Agree with Jon you might be able to get away with a single-node, at least it will be functional enough to let you experiment and find out if you need more.  However, even for an experimental system I strongly recommend you expand to 16GB of RAM, minimum.  (Remember, as a test platform, full-dev

[ANNOUNCE] Apache Metron release 0.4.2 and Apache Metron bro plugin for Kafka release 0.1

tarballs. For your reading pleasure, the change list is appended to this message. Best regards, --Matt Foley release manager Metron CHANGES (in reverse chron order): METRON-1373 RAT failure for metron-interface/metron-alerts (mattf-horton) closes apache/metron#875 METRON-1313 Update metron

Re: Metron Rest with Kerberos support

This change will be a little tricky, because the problem is in _indirect_ dependencies.  In case you’re not a maven expert, here are some more detailed instructions on how to do this. If you are correct that only the 4.5.2 version is causing you problems, there are 3 instances, as seen in `m

Re: Intro & Question

Ahmed, please see https://cwiki.apache.org/confluence/display/METRON/Development+Guidelines Feel free to ask the dev community questions. Suggest this discussion (as regards the contribution) be moved to d...@metron.apache.org instead of user@. Cheer

Re: Intro & Question

BTW, any community member can open a jira, but to assign it to yourself, as the instructions say, requires being added to the list of contributors. Just forward this thread to dev@ with a request to Casey Stella, our PMC Chair, to be added as a contributor. From: Matt Foley Reply-To: "

Re: Define a function that can be used in Stellar

Besides the example code Simon mentioned at https://github.com/apache/metron/tree/master/metron-stellar/stellar-3rd-party-example , there is some documentation at http://metron.apache.org/current-book/metron-stellar/stellar-common/3rdPartyStellar.html From: Nick Allen Reply-To: "user@metr