George Vetticaden created METRON-242:
----------------------------------------
Summary: remove Squid pattern
Key: METRON-242
URL: https://issues.apache.org/jira/browse/METRON-242
Project: Metron
Issue Type: Improvement
Reporter: George Vetticaden
Priority: Minor
when deploying metron on AWS, I noticed the following patterns created by
default..
-rw-r--r-- 3 hdfs hadoop 13427 2016-06-20 01:52 /apps/metron/patterns/asa
-rw-r--r-- 3 hdfs hadoop 5203 2016-06-20 01:52
/apps/metron/patterns/common
-rw-r--r-- 3 hdfs hadoop 524 2016-06-20 01:52
/apps/metron/patterns/fireeye
-rw-r--r-- 3 hdfs hadoop 2552 2016-06-20 01:52
/apps/metron/patterns/sourcefire
-rw-r--r-- 3 hdfs hadoop 242 2016-06-20 21:04
/apps/metron/patterns/squid
-rw-r--r-- 3 hdfs hadoop 2221 2016-06-20 01:52
/apps/metron/patterns/websphere
-rw-r--r-- 3 hdfs hadoop 879 2016-06-20 01:52 /apps/metron/patterns/yaf
We need to remove the Squid patterns since that is only for code exercnise. If
we are going to keep it, then it needs to be updated to the be the following:
SQUID_DELIMITED %{NUMBER:timestamp} %{SPACE:UNWANTED} %{INT:elapsed}
%{IPV4:ip_src_addr} %{WORD:action}/%{NUMBER:code} %{NUMBER:bytes}
%{WORD:method} %{NOTSPACE:url} - %{WORD:UNWANTED}\/%{IPV4:ip_dst_addr}
%{WORD:UNWANTED}\/%{WORD:UNWANTED}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
