[
https://issues.apache.org/jira/browse/METRON-659?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15824645#comment-15824645
]
ASF GitHub Bot commented on METRON-659:
---------------------------------------
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/417
I ran the sensors against the example pcap file that gets deployed with
Metron. I captured and 'canned' the textual output that gets pushed to Kafka.
I did it this way so that the data produced by the sensor stubs is similar to
what you will see when running with the sensors/pcap replay.
No licensing issues.
> Emulate Sensors in Development Environments
> -------------------------------------------
>
> Key: METRON-659
> URL: https://issues.apache.org/jira/browse/METRON-659
> Project: Metron
> Issue Type: Improvement
> Affects Versions: 0.3.0
> Reporter: Nick Allen
> Assignee: Nick Allen
> Fix For: Next + 1
>
>
> Replace the Snort, Bro, and YAF sensors on the "Quick Dev" and "Full Dev"
> environments with a mechanism that consumes less resources.
> These environments are notoriously difficult to work with because the
> installed services consume nearly all available memory. The Bro, YAF, and
> Snort sensors, along with the PCAP Replay service, consume a considerable
> amount of these limited resources.
> Replacing these sensors with a lightweight mechanism should free-up
> additional resources, make the environment easier to work with, and result in
> faster deployments.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
