Github user JonZeolla commented on the issue:
https://github.com/apache/incubator-metron/pull/539
Am I missing something? I thought we were approved for graduation as of
last night.
---
If your project is set up for it, you can reply to this email and have your
reply appear
Github user JonZeolla commented on the issue:
https://github.com/apache/incubator-metron/pull/510
Validated this with @mmiklavc today, an issue I found was confirmed as
unrelated and I will open a separate JIRA for it soon, if nobody else beats me
to it.
---
If your project is set
Github user JonZeolla commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/543#discussion_r112808520
--- Diff: metron-deployment/packaging/docker/ansible-docker/Dockerfile ---
@@ -21,10 +21,10 @@ RUN yum install -y tar
RUN yum install -y
Github user JonZeolla commented on a diff in the pull request:
https://github.com/apache/metron/pull/666#discussion_r131249214
--- Diff:
metron-platform/metron-elasticsearch/src/test/java/org/apache/metron/elasticsearch/integration/components/ElasticSearchComponent.java
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/692
Also, I did notice a couple of things when poking around that probably fit
best into some new JIRAs that I at least wanted to mention here:
* It's somewhat unintuitive that we count [starting
Github user JonZeolla commented on a diff in the pull request:
https://github.com/apache/metron/pull/692#discussion_r132855920
--- Diff:
metron-stellar/stellar-common/src/main/java/org/apache/metron/stellar/common/utils/EpochUtils.java
---
@@ -0,0 +1,44
Github user JonZeolla commented on a diff in the pull request:
https://github.com/apache/metron/pull/692#discussion_r132855925
--- Diff:
metron-stellar/stellar-common/src/main/java/org/apache/metron/stellar/common/utils/EpochUtils.java
---
@@ -0,0 +1,44
Github user JonZeolla commented on a diff in the pull request:
https://github.com/apache/metron/pull/692#discussion_r132855961
--- Diff:
metron-stellar/stellar-common/src/main/java/org/apache/metron/stellar/common/utils/EpochUtils.java
---
@@ -0,0 +1,44
Github user JonZeolla commented on a diff in the pull request:
https://github.com/apache/metron/pull/692#discussion_r132980465
--- Diff:
metron-stellar/stellar-common/src/main/java/org/apache/metron/stellar/common/utils/EpochUtils.java
---
@@ -0,0 +1,44
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/692
> can I ask why?
Because that is 9x `9`s in epoch (`9`, assuming seconds).
> for < 10, we don't know if it is millis or timestamps, at least that is
my thinkin
Github user JonZeolla commented on a diff in the pull request:
https://github.com/apache/metron/pull/638#discussion_r126739325
--- Diff:
metron-stellar/stellar-common/src/main/java/org/apache/metron/stellar/dsl/functions/RegExFunctions.java
---
@@ -0,0 +1,103
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/638
+1 via inspection
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so
Github user JonZeolla commented on a diff in the pull request:
https://github.com/apache/metron/pull/638#discussion_r126778701
--- Diff:
metron-stellar/stellar-common/src/test/java/org/apache/metron/stellar/dsl/functions/RegExFunctionsTest.java
---
@@ -0,0 +1,70
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/640
+1
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so
Github user JonZeolla commented on a diff in the pull request:
https://github.com/apache/metron/pull/656#discussion_r128136238
--- Diff: metron-analytics/metron-profiler/README.md ---
@@ -277,25 +282,103 @@ The values can be changed on disk and then the
Profiler topology must
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/659
I took a high level look when it first came out - no concerns. I'm mobile
only until Thursday so don't hold this up based on me.
---
If your project is set up for it, you can reply to this email
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/671
Thanks @spencer-hanson ! +1 by inspection
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have
Github user JonZeolla commented on a diff in the pull request:
https://github.com/apache/metron/pull/620#discussion_r128300557
--- Diff: metron-interface/metron-alerts/scripts/start-dev.sh ---
@@ -0,0 +1,19 @@
+#!/bin/bash
+#
+# Licensed to the Apache Software
Github user JonZeolla commented on a diff in the pull request:
https://github.com/apache/metron/pull/627#discussion_r124873582
--- Diff: metron-deployment/packaging/docker/rpm-docker/SPECS/metron.spec
---
@@ -409,6 +428,7 @@ chkconfig --del metron-management-ui
GitHub user JonZeolla reopened a pull request:
https://github.com/apache/metron/pull/586
METRON-508 Expand Elasticsearch templates to support the standard bro logs
## Contributor Comments
This PR makes it easier for someone with an existing bro install to send
some of their log
Github user JonZeolla closed the pull request at:
https://github.com/apache/metron/pull/586
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/586
Last try before I merge in #624 and make it a dependancy.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does
GitHub user JonZeolla reopened a pull request:
https://github.com/apache/metron/pull/586
METRON-508 Expand Elasticsearch templates to support the standard bro logs
## Contributor Comments
This PR makes it easier for someone with an existing bro install to send
some of their log
Github user JonZeolla closed the pull request at:
https://github.com/apache/metron/pull/586
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature
GitHub user JonZeolla reopened a pull request:
https://github.com/apache/metron/pull/586
METRON-508 Expand Elasticsearch templates to support the standard bro logs
## Contributor Comments
This PR makes it easier for someone with an existing bro install to send
some of their log
GitHub user JonZeolla reopened a pull request:
https://github.com/apache/metron/pull/586
METRON-508 Expand Elasticsearch templates to support the standard bro logs
## Contributor Comments
This PR makes it easier for someone with an existing bro install to send
some of their log
Github user JonZeolla closed the pull request at:
https://github.com/apache/metron/pull/586
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/586
Should be good to go now, pending Travis.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
GitHub user JonZeolla reopened a pull request:
https://github.com/apache/metron/pull/586
METRON-508 Expand Elasticsearch templates to support the standard bro logs
## Contributor Comments
This PR makes it easier for someone with an existing bro install to send
some of their log
Github user JonZeolla closed the pull request at:
https://github.com/apache/metron/pull/586
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/586
@nickwallen @justinleet Can I get a quick review of my recent changes
before I merge? Mostly focused on how I approached documenting the template,
but feel free to comment on anything.
I
Github user JonZeolla commented on a diff in the pull request:
https://github.com/apache/metron/pull/627#discussion_r125172441
--- Diff: metron-deployment/packaging/docker/rpm-docker/SPECS/metron.spec
---
@@ -274,6 +276,23 @@ This package installs the Metron Indexing files
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/586
I spotted a duplicate in taking a scan of the template, so I ran `grep '":
{'
metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/
Github user JonZeolla commented on a diff in the pull request:
https://github.com/apache/metron/pull/627#discussion_r125166333
--- Diff: metron-platform/metron-management/README.md ---
@@ -244,10 +244,12 @@ The functions are split roughly into a few sections:
* Returns
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/627
+1 via inspection, pending my final outstanding comment.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/629
@mattf-horton Okay great, sounds good to me. I did a quick search before
opening a new JIRA and it looks like you've already addressed this in
[METRON-718](https://issues.apache.org/jira/browse
Github user JonZeolla closed the pull request at:
https://github.com/apache/metron/pull/586
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature
Github user JonZeolla closed the pull request at:
https://github.com/apache/metron/pull/586
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature
Github user JonZeolla closed the pull request at:
https://github.com/apache/metron/pull/586
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature
GitHub user JonZeolla reopened a pull request:
https://github.com/apache/metron/pull/586
METRON-508 Expand Elasticsearch templates to support the standard bro logs
## Contributor Comments
This PR makes it easier for someone with an existing bro install to send
some of their log
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/619
@wardbekker Can you please merge master and deconflict?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/629
I didn't review it, but I have no reason to hold it back.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/632
One brief note - I spoke to a friend on the travis infrastructure team and
she recommended that if our build takes > 5m we should run on the VM (sudo:
true).
---
If your project is set
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/632
Obviously I was not very clear about what I was commenting on either so
sorry about that.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/632
I was addressing "Testing sudo as false." In the body of the message above.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as wel
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/629
Are we still planning to keep the old versions of the book on the website,
like under /0.3.1/ instead of /current-book/ ? We previously discussed this
[here](https://lists.apache.org/thread.html
Github user JonZeolla commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/547#discussion_r113576968
--- Diff: metron-sensors/bro-plugin-kafka/README.md ---
@@ -94,6 +95,52 @@ event bro_init()
}
```
+### Example 3
Github user JonZeolla commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/547#discussion_r113538317
--- Diff: metron-sensors/bro-plugin-kafka/README.md ---
@@ -94,6 +95,52 @@ event bro_init()
}
```
+### Example 3
Github user JonZeolla commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/547#discussion_r113745031
--- Diff: metron-sensors/bro-plugin-kafka/README.md ---
@@ -94,6 +95,60 @@ event bro_init()
}
```
+### Example 3
Github user JonZeolla commented on the issue:
https://github.com/apache/incubator-metron/pull/531
I would love to see Metron have a solution for both approaches - ingesting
DHCP server logs, as well as DHCP observations based on network traffic. Like
@ottobackwards mentioned
GitHub user JonZeolla opened a pull request:
https://github.com/apache/incubator-metron/pull/547
METRON-858 bro-plugin-kafka is throwing segfaults
## Contributor Comments
This PR is a follow-on of #545. Please DO NOT MERGE until the outstanding
items are all completed
Github user JonZeolla commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/547#discussion_r113778897
--- Diff: metron-sensors/bro-plugin-kafka/README.md ---
@@ -94,6 +95,52 @@ event bro_init()
}
```
+### Example 3
Github user JonZeolla commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/547#discussion_r113762122
--- Diff: metron-sensors/bro-plugin-kafka/README.md ---
@@ -94,6 +95,60 @@ event bro_init()
}
```
+### Example 3
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/667
@nickwallen Any additional comments? This looks good to me, happy to do
additional testing if needed but I did spin this up a week back
---
If your project is set up for it, you can reply
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/586
@simonellistonball Right, I'm not attempting to cover any type of log that
can come in, based on the bro documentation, because bro logs are heavily
extensible and therefore it is hard to detect
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/586
I updated the instructions to reflect the repo name change; hopefully it
should work but I won't have a chance to test it out for a couple of days.
---
If your project is set up for it, you can
Github user JonZeolla commented on the issue:
https://github.com/apache/incubator-metron/pull/560
I gave `brew cask install docker` another shot this morning and got it
running no problem. Updated the instructions per discussion with @nickwallen.
---
If your project is set up
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/531
Is there enough interest for me to pursue support of this in #586? I could
probably throw that together today.
---
If your project is set up for it, you can reply to this email and have your
GitHub user JonZeolla opened a pull request:
https://github.com/apache/metron/pull/591
METRON-959 Trivial documentation formatting bugs
## Contributor Comments
I noticed there were some bugs rendering README.md files in GitHub MD, so I
did a quick search by cloning the metron
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/586
Didn't I do that?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so
GitHub user JonZeolla reopened a pull request:
https://github.com/apache/metron/pull/586
METRON-508 Expand Elasticsearch templates to support the standard bro logs
## Contributor Comments
This PR makes it easier for someone with an existing bro install to send
some of their log
Github user JonZeolla closed the pull request at:
https://github.com/apache/metron/pull/586
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/586
@nickwallen So, I'm not entirely done with the documentation but I pushed
it out for a quick, general review. In doing this, I noticed that some new
default-on fields were added with the release
GitHub user JonZeolla reopened a pull request:
https://github.com/apache/metron/pull/586
METRON-508 Expand Elasticsearch templates to support the standard bro logs
## Contributor Comments
This PR makes it easier for someone with an existing bro install to send
some of their log
Github user JonZeolla commented on a diff in the pull request:
https://github.com/apache/metron/pull/586#discussion_r123037274
--- Diff:
metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/files/bro_index.template
Github user JonZeolla commented on a diff in the pull request:
https://github.com/apache/metron/pull/586#discussion_r123040458
--- Diff:
metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/files/bro_index.template
Github user JonZeolla closed the pull request at:
https://github.com/apache/metron/pull/586
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature
GitHub user JonZeolla reopened a pull request:
https://github.com/apache/metron/pull/586
METRON-508 Expand Elasticsearch templates to support the standard bro logs
## Contributor Comments
This PR makes it easier for someone with an existing bro install to send
some of their log
Github user JonZeolla closed the pull request at:
https://github.com/apache/metron/pull/586
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature
Github user JonZeolla commented on a diff in the pull request:
https://github.com/apache/metron/pull/586#discussion_r123059627
--- Diff:
metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/METRON/CURRENT/package/files/bro_index.template
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/547
@nickwallen This should be ready to review now. Sorry about the delay
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/591
Thanks. Just waiting on
[INFRA-14159](https://issues.apache.org/jira/browse/INFRA-14159) so I can
commit it.
---
If your project is set up for it, you can reply to this email and have your
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/591
Planning to use this as a test commit once the permissions are fixed,
unless that doesn't happen until after 0.4.0 (unlikely). In that case I would
want this in the release.
---
If your project
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/591
@cestella (or another PMC member) can you take a look at
[INFRA_14159](https://issues.apache.org/jira/browse/INFRA-14159)? It is
waiting on user right now.
---
If your project is set up
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/531
With bro there's also an option to [do a
lookup](https://github.com/bro/bro/blob/master/src/bro.bif#L3431-L3458) and
[add
it](https://www.bro.org/sphinx-git/frameworks/logging.html#add-fields
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/586
Per @simonellistonball 's comments in #531 I added initial support for the
native way that Bro handles tracking DHCP's Client ID field and updated the
above instructions appropriately
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/605
Opened a PR against your branch. Generated the documentation and did a
fair amount of manual review and couldn't find any broken code blocks, links,
etc.
---
If your project is set up
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/605
Go for it. Just trying to make sure it got in under a documentation
related Jira without a ton of overhead.
Jon
On Fri, Jun 2, 2017, 6:23 PM Matt Foley <notific
Github user JonZeolla commented on the pull request:
https://github.com/apache/metron/commit/d5abcf429dad3c284a5f2469c0fb99713844be02#commitcomment-22423223
In metron-deployment/Kerberos-manual-setup.md:
In metron-deployment/Kerberos-manual-setup.md on line 388:
I don't think
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/530
I'm just poking my head in to say I'm also in favor of a feature branch for
this work, as it will make my functional test much more straightforward.
---
If your project is set up for it, you can
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/611
+1 by inspection
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so
Github user JonZeolla closed the pull request at:
https://github.com/apache/incubator-metron/pull/560
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so
Github user JonZeolla commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/564#discussion_r115301858
--- Diff:
metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/ELASTICSEARCH/2.3.3/configuration/elastic-site.xml
Github user JonZeolla commented on the issue:
https://github.com/apache/incubator-metron/pull/555
bump
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so
Github user JonZeolla commented on the issue:
https://github.com/apache/incubator-metron/pull/560
Ok, sounds good. The biggest part of this is that I have not been able to
find anybody who got Metron working on vagrant after only installing docker via
`brew cask install docker`. I
Github user JonZeolla commented on the issue:
https://github.com/apache/incubator-metron/pull/555
Ok, this is ready for review. It essentially re-implements METRON-403,
METRON-510, and METRON-517.
---
If your project is set up for it, you can reply to this email and have your
reply
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/547
Just ran through the instructions from scratch and it works for me, can you
give it another shot from the beginning?
---
If your project is set up for it, you can reply to this email and have
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/760
Spun up fine now
---
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/760
This is failing to spin up for me. As a part of Metron Enrichment Start,
during:
```
2017-09-19 18:05:54,844 - Execute['/usr/metron/0.4.1/bin/zk_load_configs.sh
--zk_quorum node1
GitHub user JonZeolla opened a pull request:
https://github.com/apache/metron/pull/800
METRON-1251: Typo and formatting fixes for metron-rest README
## Contributor Comments
This fix properly format the github md in addition to the site-book docs
(previously the github
GitHub user JonZeolla opened a pull request:
https://github.com/apache/metron/pull/746
METRON-1173: Fix pointers to old stellar code
## Contributor Comments
Stellar was moved out from metron-common, but some READMEs still point to
the old location. This fixes any related
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/690
Right, I think the disconnect is that I would envision a stellar shell with
metron stellar functions added as libs, as you suggested. That's why I was
thinking we would doc in stellar-common, I
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/712
@nickwallen do you need any additional testing on this? I would love to
see it get into our upcoming release. From what I can tell, the only thing
outstanding is the suppression, correct
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/712
+1, spun up full dev and combed through the changes; all appears to be
good. Similarly did some `rpmlint`ing:
```
# rpmlint metron-config-0.4.1-201709020023.noarch.rpm | grep -v
script
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/712
I'll be unable to test until tonight but I will spin things up asap.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project
Github user JonZeolla closed the pull request at:
https://github.com/apache/metron/pull/800
---
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/805
# Testing
1. Create a working directory and pull in this PR
```
mkdir ~/metron-1261
git clone https://github.com/apache/metron ~/metron-1261/metron
cd ~/metron
GitHub user JonZeolla opened a pull request:
https://github.com/apache/metron/pull/805
METRON-1261: Apply bro security patch
## Contributor Comments
This should update the version of bro that is auto-installed by
full-dev/quick-dev, and update some manual instructions
Github user JonZeolla commented on the issue:
https://github.com/apache/metron/pull/805
Right @justinleet I've done that in the past as well, this is me just being
lazy and not wanting to look up the PR # when drafting my instructions =)
That said, those instructions don't
Github user JonZeolla commented on a diff in the pull request:
https://github.com/apache/metron/pull/800#discussion_r145415334
--- Diff: metron-interface/metron-rest/README.md ---
@@ -112,42 +112,42 @@ The following configures the application for MySQL:
1. Install MySQL
1 - 100 of 217 matches
Mail list logo
