Please consider including
https://github.com/apache/incubator-metron/pull/345
METRON-532 Define Profile Period When Calling PROFILE_GET
if it passes review in the next few days.
This builds on top of Nick’s work in METRON-529.
Thanks,
--Matt
On 11/3/16, 10:53 AM, "[email protected]" <[email protected]> wrote:
I'll sit on METRON-447 until early next week and if nobody has any
additional feedback I'll move forward with a PR.
Regarding the IPv6 filter, I have not. I must have missed that IS_IP
allows a type of IPv6 in the past - can wipe that one off the list.
Jon
On Thu, Nov 3, 2016 at 11:05 AM Casey Stella <[email protected]> wrote:
> Ok, filling in the rest of my thoughts:
>
> - Regarding METRON-447, if you're willing to do it, then great!
> - Regarding avoiding sending IPv6 traffic, have you tried setting a
> global validation that will mark invalid the messages that are not
IPv4?
> It does make its way into the parser, but will be redirected to the
> invalid
> queue rather than on to enrichment.
>
>
> On Wed, Nov 2, 2016 at 4:53 PM, [email protected] <[email protected]> wrote:
>
> > *Proposing and justifying a JIRA from the list of unresolved JIRAs*
> > - Doesn't METRON-463 finish off METRON-460 as well? 460 doesn't appear
> to
> > be slated for the next release.
> > - I think METRON-447 should be in the next release, as it provides
> > continuity for upgrades. I'd call it critical and I'm willing to do it
-
> > I'm looking for feedback per the description. This is an easy fix.
> > - I would like to see METRON-446 in the next release, but I'll call it
> nice
> > to have. This causes an error if you follow the older (but "current")
> bare
> > metal install instructions
> > <https://cwiki.apache.org/confluence/display/METRON/
> > Metron+Installation+on+an+Ambari-Managed+Cluster>
> > using master (Step 5 #3).
> > - If ansible upgrades are supported/recommended I'd say that METRON-448
> is
> > critical. If ansible upgrades aren't considered supported/recommended,
> I'd
> > downgrade to nice to have.
> >
> > *Other comments*
> > - METRON-276 had an interesting comment - "George Vetticaden added a
> > comment - 15/Jul/16 12:22 This needs to be prioritized higher and be
> > completed byt he 0.2.2 release".
> > - I think there either needs to be guidance on how to avoid sending IPv6
> > bro traffic into Metron (METRON-348, METRON-293, METRON-285, and
> > METRON-286) or the ability to parse IPv6 traffic. This could be as
> simple
> > as using the logs-to-kafka2.bro that I have in METRON-348 and updating
> some
> > comments/documentation.
> >
> > Jon
> >
> > On Wed, Nov 2, 2016 at 4:11 PM Casey Stella <[email protected]> wrote:
> >
> > > Hello Everyone,
> > >
> > > It's me, your friendly Metron Release Manager and it's time to start
> > > thinking about the next release.
> > >
> > > *JIRA Housekeeping*
> > >
> > > For those who get email alerts via JIRA on changes, it should be no
> > > surprise that I went through did some JIRA housekeeping in
anticipation
> > of
> > > the next release:
> > >
> > > - Ensured that everything committed since the last release was
> closed
> > > and marked 0.2.2BETA
> > > - Ensured that everything in active work (with a PR that was active
> in
> > > the last month on github) had a release version of 0.2.2BETA and
"In
> > > Progress"
> > > - With the exception of METRON-533
> > > <https://issues.apache.org/jira/browse/METRON-533>, which is
> release
> > > housekeeping, everything with a release version of 0.2.2BETA is
> actual
> > > work
> > > that is in progress, rather than aspirational.
> > > - Went through the list of JIRAs that are not done and have no
> version
> > > associated with them and ensured that they weren't duplicates (to
> the
> > > best
> > > of my abilities).
> > >
> > > This may mean that I moved your favorite JIRA around or changed the
> > > release. I did not do this because it was unimportant or I considered
> it
> > > unfit for the next release, but because I want to begin the exercise
of
> > > choosing what makes the release with the community with an accurate
> > picture
> > > of the current state in JIRA.
> > >
> > > *What's made it so far into the next release*
> > >
> > > - METRON-410 mysql_server's MySQL install causes mutually
> assured
> > > destruction when installed on the same machine as the Ambari Hive
> > MySQL
> > > closes apache/incubator-metron#317
> > > - METRON-148 Compress logs with logrotate (ottobackwards) closes
> > > apache/incubator-metron#329
> > > - METRON-536 Fix apache id for Otto Fowler (ottobackwards) closes
> > > apache/incubator-metron#331
> > > - METRON-249: Field Transformation functions fail to handle invalid
> > user
> > > inputs closes apache/incubator-metron#333
> > > - METRON-521: Stellar function documentation needs grammar/clarity
> > fixes
> > > closes apache/incubator-metron#327
> > > - METRON-484 Opentaxi service does not show count for subscribed
> > > services (nickwallen) closes apache/incubator-metron#306
> > > - METRON-495: Upgrade Storm to 1.0.x (justinleet via mmiklavc)
> closes
> > > apache/incubator-metron#318
> > > - METRON-506 Add Otto Fowler to commiters (ottobackwards) closes
> > > apache/incubator-metron#330
> > > - METRON-515: Stellar IS_EMPTY() function does not work as expected
> > > (merrimanr via mmiklavc) closes apache/incubator-metron#324
> > > - METRON-512: Migrate Metron's default global junit version from
4.4
> > to
> > > 4.12 (ottobackwards via mmiklavc) closes
apache/incubator-metron#325
> > > - METRON-464 Force co-location of all Metron components closes
> > > apache/incubator-metron#315
> > > - METRON-513 Ambari Management Pack Metainfo should not advertise
> > > version closes apache/incubator-metron#322
> > > - METRON-465 Automatically set storm-site topology.classpath closes
> > > apache/incubator-metron#314
> > > - METRON-500: fix assembly id (2xyo via mmiklavc) closes
> > > apache/incubator-metron#313
> > > - METRON-509: Add pcap query filter REST API documentation to
README
> > > (mmiklavc) closes apache/incubator-metron#319
> > > - METRON-505: Add environment variable and system property
functions
> > to
> > > the Stellar language (mmiklavc) closes apache/incubator-metron#312
> > > - METRON-502: Make the ParserIntegrationTest more clear on errors
> > > (ottobackwards via mmiklavc) closes apache/incubator-metron#311
> > > - METRON-441: Aggregator function "MIN" does not work for threat
> > triage
> > > (cestella via mmiklavc) closes apache/incubator-metron#309
> > > - METRON-403: Bro elasticsearch bulk index item fails when DNS
> > response
> > > includes CNAME (nickwallen via mmiklavc) closes
> > > apache/incubator-metron#305
> > > - METRON-424 ability to validate ip addresses against both IPV4 and
> > IPV6
> > > closes apache/incubator-metron#303
> > > - METRON-496: Field transformations are applied after parser
> > validation
> > > closes apache/incubator-metron#304
> > > - METRON-489: RemoveSubdomains Stellar Function behaves incorrectly
> > for
> > > some domains closes apache/incubator-metron#300
> > > - METRON-499 Check for Metron Jar Fails During Quick-Dev Deployment
> > > (nickwallen via dlyle65535) closes apache/incubator-metron#307
> > > - METRON-488: Snort should use a proper CSV implementation
(cestella
> > via
> > > mmiklavc) closes apache/incubator-metron#297
> > > - METRON-482 Add logging to GrokParser to indicate supplied
TimeZone
> > > (justinleet via mmiklavc) closes apache/incubator-metron#291
> > > - METRON-326 Error Handling in ElasticsearchWriter (justinleet via
> > > mmiklavc) closes apache/incubator-metron#286
> > > - METRON-439: Stellar : IS_EMPTY(host) throws exception (mmiklavc)
> > > closes apache/incubator-metron#296
> > > - METRON-473 Add LENGTH() To Stellar closes
> > apache/incubator-metron#293
> > > - METRON-371: Changing logging level to INFO when there's not a
> > config.
> > > closes apache/incubator-metron#295
> > > - METRON-432: Fix pcap field resolver to return object instead of
> > string
> > > value (mmiklavc) closes apache/incubator-metron#298
> > > - METRON-421 Make Stellar Profiler Client API Accessible in Parser
> and
> > > Enrichment Topologies (nickwallen) closes
> apache/incubator-metron#290
> > > - METRON-492 Run metron_common build check as local_action
> > > (kylerichardson via dlyle65535) closes apache/incubator-metron#302
> > > - METRON-461 Install Metron Data Management tools (dlyle65535 via
> > > justinleet) closes apache/incubator-metron#289
> > > - METRON-487 Correct the license in the StixExtractorTest (cestella
> > via
> > > nickwallen) closes apache/incubator-metron#294
> > > - METRON-171 Add .class files to gitignore (ottobackwards via
> > > nickwallen) closes apache/incubator-metron#292
> > > - METRON-425 Stellar transformation fails to handle special
> characters
> > > (ottobackwards via justinleet) closes apache/incubator-metron#299
> > > - METRON-459 Bad file location for
> > > org.apache.metron.spout.pcap.Endianness.java (danieljue via
> > nickwallen)
> > > closes apache/incubator-metron#275
> > > - METRON-474 Fix Vagrant Ansible Defaults for Quick & Full Dev
> > > (ottobackwards via nickwallen) closes apache/incubator-metron#284
> > > - METRON-478: Add Michael Miklavcic, Justin Leet, Nick Allen, and
> > David
> > > Lyle to Metron website community page (mmiklavc) closes
> > > apache/incubator-metron#287
> > >
> > > *What else will make it?*
> > >
> > > Ok, so now that we know what's in there already, I need to ask your
> help
> > in
> > > determining what you want in the next release that is not currently
> being
> > > worked on. In order to do that, please help me by responding to this
> > email
> > > and
> > >
> > > - proposing and justifying a JIRA from the list of unresolved JIRAs
> > > <
> > > https://issues.apache.org/jira/browse/METRON-469?jql=
> > project%20%3D%20METRON%20AND%20resolution%20%3D%20Unresolved%20AND%
> > 20fixVersion%20is%20EMPTY%20ORDER%20BY%20priority%20DESC
> > > >
> > > that are not currently scheduled and let me know which ones should
> be
> > > included. Please include whether the JIRA is "Nice to Have" or
> > > "Critical
> > > to Have" and if you volunteer to do it.
> > > - proposing and justifying that one of the in-progress tasks
> > > <
> > > https://issues.apache.org/jira/browse/METRON-510?jql=
> > project%20%3D%20METRON%20AND%20resolution%20%3D%20Unresolved%20AND%
> > 20fixVersion%20%3D%200.2.2BETA%20ORDER%20BY%20priority%20DESC
> > > >
> > > should *not* be included for release
> > >
> > > I'd like to aim to get release candidates out in the next two weeks,
so
> > > let's look forward a vigorous discussion and a great release.
> > >
> > > Thanks for the contributions and for your continued engagement in the
> > > Metron community. If you see something that you don't like in this
> > > process, please let me know. Feedback is very welcome.
> > >
> > > Best,
> > >
> > > Casey
> > >
> > > -
> > >
> > --
> >
> > Jon
> >
>
--
Jon
