OK,
So, I think that this discussion should be taken up again after the demo.
It will be hopefully
easier then.
Sorry for the static.
Also : remember
https://cwiki.apache.org/confluence/display/METRON/Metron+Extension+System+and+Parser+Extensions
On September 20, 2017 at 14:29:51, Ryan Merrima
I will attempt to clarify parsers vs sensors. Parsers refer to concrete
parser classes and sensors refer to configuration + one of the parser
classes (with parser class being defined in the configuration). The
architecture was designed so that a parser class can be made dynamic and
behave differe
Per our prior conversations, I prefer option 2 - treating third party and
built-in the same way. I would love to see signing of extensions in the
future as a potential follow-on so we could verify the Metron built-ins
(and even third parties).
Jon
On Wed, Sep 20, 2017 at 10:22 AM Otto Fowler
wr
Simon, I’m sorry, I may not have answered your question.
I use parser and sensors as the same thing, but from what you say I think I
mean parser.
On September 20, 2017 at 10:08:25, Otto Fowler (ottobackwa...@gmail.com)
wrote:
So,
The distinction between ‘sensor’ and ‘parser’ is not clear to me e
So,
The distinction between ‘sensor’ and ‘parser’ is not clear to me either, if
it is defined somewhere and I have missed it, please point me in the right
direction.
While I don’t want to fork the discussion, the question is where you find
it so to speak, so about bundles and configurations.
With
Otto,
Can you just clarify what you mean by parsers in this instance. To my mind
parsers in metron are be classes, and do not have any configuration settings.
Instances of parsers are referred to in the ui as sensors, and are essentially
concrete instances of parsers and as such do have config.
Note: Grok, CSV and JSONMap would be ‘always there’, as they are still
part of the system and not installed individually.
On September 20, 2017 at 09:39:38, Otto Fowler (ottobackwa...@gmail.com)
wrote:
The question has come up about the metron parsers installation vs. parser
extension installa
The question has come up about the metron parsers installation vs. parser
extension installation differences, and I’d like to get some comments.
Right now ( let’s pretend the UI PR get’s merged to the feature branch for
a minute ) in the original take on this the metron parsers ( bro, yaf,
snort e
