Thanks a lot Michael for your help. Will explore further.
On Wed, Apr 10, 2019, 3:37 AM Michael Miklavcic
wrote:
> That table should have been created by default as part of the Ambari
> installation of Metron via our MPack -
>
That table should have been created by default as part of the Ambari
installation of Metron via our MPack -
https://github.com/apache/metron/tree/master/metron-deployment#how-do-i-deploy-metron-with-ambari.
You shouldn't have to worry about this at all as an end user, but here is
where it happens
rom:* Hema malini [mailto:nhemamalin...@gmail.com]
> *Sent:* Tuesday, April 09, 2019 09:42
> *To:* user@metron.apache.org
> *Subject:* Re: Snort logs flow issue
>
>
>
> Hi Michael,
>
>
>
> Sorry just noticed the error in metron rest logs - Table 'user settings'
&
Hello Hema,
Unless I’m wrong, this must be setup in MySQL, the database you use for Metron
REST.
From: Hema malini [mailto:nhemamalin...@gmail.com]
Sent: Tuesday, April 09, 2019 09:42
To: user@metron.apache.org
Subject: Re: Snort logs flow issue
Hi Michael,
Sorry just noticed the error
Hi Michael,
Sorry just noticed the error in metron rest logs - Table 'user settings'
was not found. Do we have to create that hbase table . Where to find the
hbase tables created. I could see only two namespace in hbase - default and
hbase. No tables created in that. Do I have to run metron rest
Hi Michael,
Thanks for your reply. I couldn't find any errors in metron alerts UI log .
I clicked the search and changed the date range too. Still no records. Do
we have to run metron rest in dev profile?
On Mon, Apr 8, 2019, 7:50 PM Michael Miklavcic
wrote:
> If you see them in the dashboard
If you see them in the dashboard you should be able to see them in the
alerts UI. Any errors in either the alerts UI or REST logs? Also, the new
default behavior is that the UI doesn't initiate a search at login, it's up
to the user to click search.
On Mon, Apr 8, 2019, 6:38 AM Hema malini
After recreating the index, now we are able to visualize the data in kibana
metron dashboard. How we can pass alerts to metron alerts UI. Currently
there is no data in alerts UI. How.to configure the logs as alerts
On Sat, Apr 6, 2019, 9:21 PM Hema malini wrote:
> Sorry for the typo. Can you
Sorry for the typo. Can you please help with the required configuration.
On Sat, Apr 6, 2019, 5:39 PM Hema malini wrote:
> Are we missing any configuration? Initially elastic search was down. We
> figured out the issue and fixed it .Now elastic search is up . We restarted
> metron indexing but
Are we missing any configuration? Initially elastic search was down. We
figured out the issue and fixed it .Now elastic search is up . We restarted
metron indexing but still those indices not created. So we created it
manually.Do we have to change any parser configuration . How logs will flow
into
Sample messages flown in indexing topic
{"msg":"'snort test alert'","parallelenricher.splitter.end.ts":"
1554384505264","sig_rev":"0","ip_dst_port":"50183","ethsrc":
"08:00:27:E8:B0:7A","threat.triage.rules.0.comment":null,"
tcpseq":"0x8DF34F4B","threat.triage.score":10.0,"dgmlen":"52","adapter.
Yes I am getting messages
On Fri, Apr 5, 2019, 11:17 PM Michael Miklavcic
wrote:
> Do you get 10 records output to the CLI when you run the following?
>
> /usr/hdp/current/kafka-broker/bin/kafka-console-consumer.sh --zookeeper
> $ZOOKEEPER --topic indexing --from-beginning --max-messages 10
>
>
Do you get 10 records output to the CLI when you run the following?
/usr/hdp/current/kafka-broker/bin/kafka-console-consumer.sh --zookeeper
$ZOOKEEPER --topic indexing --from-beginning --max-messages 10
On Fri, Apr 5, 2019 at 11:38 AM Hema malini wrote:
> We verified it in Storm ui and in
We verified it in Storm ui and in Storm topology logs
On Fri, Apr 5, 2019, 10:53 PM Michael Miklavcic
wrote:
> How did you validate the logs are making it to the indexing topology?
>
> On Fri, Apr 5, 2019 at 8:12 AM Hema malini
> wrote:
>
>>
>> Hi,
>>
>>
>>
>> We have installed Metron 0.7.1 in
How did you validate the logs are making it to the indexing topology?
On Fri, Apr 5, 2019 at 8:12 AM Hema malini wrote:
>
> Hi,
>
>
>
> We have installed Metron 0.7.1 in centos 7 using Amabari.Using Nifi we
> sent the sample snort logs copied from metron git repo to snort kafka
> topic.We did
Hi,
We have installed Metron 0.7.1 in centos 7 using Amabari.Using Nifi we sent
the sample snort logs copied from metron git repo to snort kafka topic.We
did the same for bro topic.Logs are getting parsed and reached indexing
topology . Elastic search indices are not getting created though we
16 matches
Mail list logo
