[
https://issues.apache.org/jira/browse/METRON-514?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15615401#comment-15615401
]
David M. Lyle commented on METRON-514:
--------------------------------------
That's an interesting observation, I haven't seen that one, but it makes sense.
I've also seen 2 situations with Flume other that what you're reporting.
1) Because we're installing it out of Ambari, it loses java when Ambari updates
JAVA_HOME.
2) The service starts and runs, but after a long soak stops running.
For those reasons, [~rmerriman] put up his PR that takes Flume out of the
equation for the purposes of our demo sensors. I suspect it'll fix all three.
It is still expected that production environments will use a more robust data
transfer method (NiFi/Flume/Other?) than simply tailing the log, but this
should get us going again.
> Snort kafka topic fails to get any data on a setup running for several days
> ---------------------------------------------------------------------------
>
> Key: METRON-514
> URL: https://issues.apache.org/jira/browse/METRON-514
> Project: Metron
> Issue Type: Bug
> Reporter: Ryan Merriman
> Assignee: Ryan Merriman
>
> After a cluster has been running for a while, data will suddenly stop being
> written to the snort Kafka topic. Other topics like yaf and bro continue to
> work. The difference between those sensors and snort is that snort logs are
> fed into Kafka with Flume.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
