[
https://issues.apache.org/jira/browse/METRON-242?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David M. Lyle updated METRON-242:
---------------------------------
Labels: newbie platform (was: 0.2.1BETA)
> remove Squid pattern
> --------------------
>
> Key: METRON-242
> URL: https://issues.apache.org/jira/browse/METRON-242
> Project: Metron
> Issue Type: Improvement
> Reporter: George Vetticaden
> Priority: Minor
> Labels: newbie, platform
> Fix For: 0.2.1BETA
>
>
> when deploying metron on AWS, I noticed the following patterns created by
> default..
> -rw-r--r-- 3 hdfs hadoop 13427 2016-06-20 01:52
> /apps/metron/patterns/asa
> -rw-r--r-- 3 hdfs hadoop 5203 2016-06-20 01:52
> /apps/metron/patterns/common
> -rw-r--r-- 3 hdfs hadoop 524 2016-06-20 01:52
> /apps/metron/patterns/fireeye
> -rw-r--r-- 3 hdfs hadoop 2552 2016-06-20 01:52
> /apps/metron/patterns/sourcefire
> -rw-r--r-- 3 hdfs hadoop 242 2016-06-20 21:04
> /apps/metron/patterns/squid
> -rw-r--r-- 3 hdfs hadoop 2221 2016-06-20 01:52
> /apps/metron/patterns/websphere
> -rw-r--r-- 3 hdfs hadoop 879 2016-06-20 01:52
> /apps/metron/patterns/yaf
> We need to remove the Squid patterns since that is only for code exercnise.
> If we are going to keep it, then it needs to be updated to the be the
> following:
> SQUID_DELIMITED %{NUMBER:timestamp} %{SPACE:UNWANTED} %{INT:elapsed}
> %{IPV4:ip_src_addr} %{WORD:action}/%{NUMBER:code} %{NUMBER:bytes}
> %{WORD:method} %{NOTSPACE:url} - %{WORD:UNWANTED}\/%{IPV4:ip_dst_addr}
> %{WORD:UNWANTED}\/%{WORD:UNWANTED}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
