Find below link which has steps to troubleshoot message flow with squid example. You may apply same logic for other sources .
https://cwiki.apache.org/confluence/display/METRON/2016/04/25/Metron+Tutorial+-+Fundamentals+Part+1%3A+Creating+a+New+Telemetry Hope this helps Srikanth ______________________ Srikanth Nagarajan President Gandiva Networks Inc 732.690.1884 Mobile [email protected] www.gandivanetworks.com > On Feb 28, 2019, at 6:46 PM, Hema malini <[email protected]> wrote: > > > I have installed Metron 0.7 in centos7. After installing the metron i am able > to send some messages to the kafka topic for syslog. I have also checked the > kafka console and verified that the messages are received. After that I am > not able to see those messages in the storm logs or in the console . When i > checked the storm topology we have the kafkaspout and a parser bolt which > writes to errormessagewriter. I am not able to find any connections for > enrichment. Can you please guide me on the steps how to see the end to end > flow in metron. > > I want to see bro, snort yaf and syslog . I followed the readme and installed > snort and yaf but nothing is getting published in /var/log/yaf/alerts.csv. > Can you pls guide me to see snort/yaf logs .
