[jira] [Created] (METRON-1559) Create Pcap Service

Mon, 14 May 2018 11:17:25 -0700 

Ryan Merriman created METRON-1559:
-------------------------------------

             Summary: Create Pcap Service
                 Key: METRON-1559
                 URL: https://issues.apache.org/jira/browse/METRON-1559
             Project: Metron
          Issue Type: Sub-task
            Reporter: Ryan Merriman


We need a service that exposes the various Pcap endpoints.  These include:
 * GET /api/v1/pcap/metadata?basePath - This endpoint will return metadata of 
pcap data stored in HDFS.  This would include pcap size, date ranges (how far 
back can I go), etc.  It would accept an optional HDFS basePath parameter for 
cases where pcap data is stored in multiple places and/or different from the 
default location.
 * POST /api/v1/pcap/fixed - This endpoint would accept a fixed pcap request, 
submit a pcap job, and return a job id.  The request would be an object 
containing the options documented here for the fixed filter:  
[https://github.com/apache/metron/tree/master/metron-platform/metron-pcap-backend#query-filter-utility].
  A job will be associated with a user that submits it.  An exception will be 
returned for violating constraints like too many queries submitted, query 
parameters out of limits, etc.  A record of the user and job id will be 
persisted to a data store so a list of a user's jobs can later be retrieved.
 * POST /api/v1/pcap/query - This endpoint would accept a query pcap request, 
submit a pcap job, and return a job id.  The request would be an object 
containing the options documented here for the query filter:  
[https://github.com/apache/metron/tree/master/metron-platform/metron-pcap-backend#query-filter-utility].
  A job will be associated with a user that submits it.  An exception will be 
returned for violating constraints like too many queries submitted, query 
parameters out of limits, etc.  A record of the user and job id will be 
persisted to a data store so a list of a user's jobs can later be retrieved.
 * GET /api/v1/pcap/status/<jobId> - This endpoint will return the YARN status 
of a running/completed job.
 * GET /api/v1/pcap/stop/<jobId> - This endpoint would kill a running pcap job. 
 If the job has already completed this is a noop.
 * GET /api/v1/pcap/list - This endpoint will list a user's submitted pcap 
queries.  Items in the list would contain job id, status (is it finished?), 
start/end time, and number of pages.
 * GET /api/v1/pcap/pdml/<jobId>/<pageNumber> - This endpoint will return pcap 
results for the given page in pdml format ([https://wiki.wireshark.org/PDML]).  
Are there other formats we want to support?
 * GET /api/v1/pcap/raw/<jobId>/<pageNumber> - This endpoint will allow a user 
to download raw pcap results for the given page.
 * DELETE /api/v1/pcap/<jobId> - This endpoint will delete pcap query results.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to