Github user JonZeolla commented on the issue:
https://github.com/apache/incubator-metron/pull/531
I would love to see Metron have a solution for both approaches - ingesting
DHCP server logs, as well as DHCP observations based on network traffic. Like
@ottobackwards mentioned, not eve
Github user simonellistonball commented on the issue:
https://github.com/apache/incubator-metron/pull/531
The Bro parsers is actually pretty generic, and will take whatever json bro
dumps out. From a quick inspection you should just need to configure the bro
instance to send out dhcp,
Github user ottobackwards commented on the issue:
https://github.com/apache/incubator-metron/pull/531
unless of course someone can't use bro for some reason
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/531
We also have a `JSONMapParser` that was contributed after the original Bro
parser. The data coming out of the Bro plugin can be configured to be JSON.
That's how we typically use
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/531
> As an alternative method for getting DHCP data out of pcap, you might
consider the existing Bro sensor, which essentially does what dhcpdump does...
The current Bro parser only
Github user simonellistonball commented on the issue:
https://github.com/apache/incubator-metron/pull/531
As an alternative method for getting DHCP data out of pcap, you might
consider the existing Bro sensor, which essentially does what dhcpdump does,
but for a wider range of protoco
Github user basvdl commented on the issue:
https://github.com/apache/incubator-metron/pull/531
@nickwallen, these are indeed the options we have discussed...
> I am going to lay out all of the possibilities that I can think of just
so that we don't leave any stone unturned.
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/531
@basvdl I should have first said, thanks for all your hard work!
You probably have already thought through many of these options, so please
educate me on their pros/cons. I am
Github user basvdl commented on the issue:
https://github.com/apache/incubator-metron/pull/531
I agree that using the original format is the preferred. Are we able to
ship and parse the original multi line format and put the separate lines back
together before or during the Metron par
Github user nickwallen commented on the issue:
https://github.com/apache/incubator-metron/pull/531
> Since this is inconvenient to collect, ship and parse we have modified
the DHCPDump to generate single line output. The compatible version of DHCPDump
for this parser, is available thr
Github user basvdl commented on the issue:
https://github.com/apache/incubator-metron/pull/531
Thnx for the heads-up. METRON-777 is a great improvement!
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does
Github user ottobackwards commented on the issue:
https://github.com/apache/incubator-metron/pull/531
Please keep an eye on METRON-777. If that hits first, then I'll help you
re-do your parser as a parser extension
---
If your project is set up for it, you can reply to this email an
Github user ottobackwards commented on the issue:
https://github.com/apache/incubator-metron/pull/531
Can you edit the title to start with METRON-854? If it doesn't the scripts
won't work with jira
---
If your project is set up for it, you can reply to this email and have your
reply
Github user basvdl commented on the issue:
https://github.com/apache/incubator-metron/pull/531
Please note that the original DHCPDump format is multi line
(http://www.mavetju.org/unix/dhcpdump-man.php). Since this is inconvenient to
collect, ship and parse we have modified the DHCPDum
14 matches
Mail list logo