Re: Reducing Warnings in Build

2017-04-21 Thread Nick Allen
Per (2), I think it makes sense to make the charset configurable, but with the proposal of 3 separate settings, wouldn't things blow up horribly if the Parsers are producing UTF-8, but Enrichment is expecting UTF-16? They are not even speaking the same language, no? This makes me think that we

Quick Dev - Atlas Images

2017-04-24 Thread Nick Allen
Right now, we have the images that get pushed to Atlas for Quick Dev versioned independently from the rest of Metron. We currently have versions 0.1.0 and 0.2.0. What happens when a user downloads an official release of Metron, like 0.3.1, and

Re: Metron Alerts bombing in Travis?

2017-08-11 Thread Nick Allen
And I suggest that as a short-term (or medium-term) fix, separate from moving wholesale to another dependency mechanism. On Fri, Aug 11, 2017 at 10:36 AM Nick Allen <n...@nickallen.org> wrote: > Would it make sense to just 'fix' at a specific version all NPM > dependencies, instead

Re: Metron Alerts bombing in Travis?

2017-08-11 Thread Nick Allen
more like a > "how we use it issue", rather than an issue with the tech itself. Do we > have a more compelling reason, or set of reasons, beyond just fixing to > specific version of our dependencies? > > On Fri, Aug 11, 2017 at 10:37 AM, Nick Allen <n...@nick

Re: [DISCUSS] METRON-994 -> Rest v. Stellar ( api of record )?

2017-07-07 Thread Nick Allen
.com> > wrote: > > > > Anyone else have feelings? > > > > > > On July 7, 2017 at 11:06:32, Nick Allen (n...@nickallen.org) wrote: > > > > Like you mentioned, Otto, I think it makes more sense to have a REST API > > that is backed by Stellar funct

Re: [DISCUSS] METRON-994 -> Rest v. Stellar ( api of record )?

2017-07-07 Thread Nick Allen
; a Config API that is simple to call from the REST layer. It is correct that > the REST layer shouldn’t have to “fix” that, but neither should it hack the > solution by invoking Stellar. The correct architectural place for a simple > Config API is Configuration. > > Thanks, > --Ma

[DISCUSS] Relocate Docker

2017-07-13 Thread Nick Allen
Having metron-docker at the top-level of the project seems to catch the attention of new users. Some then start using metron-docker to explore/try-out/demo Metron. The metron-docker code that we have is not well-suited for this purpose. It is only really useful for development. It is not

Re: [DISCUSS] Relocate Docker

2017-07-13 Thread Nick Allen
of area? > > -Kyle > > On Thu, Jul 13, 2017 at 12:30 PM Laurens Vets <laur...@daemon.be> wrote: > > > On 2017-07-13 09:04, Nick Allen wrote: > > > Having metron-docker at the top-level of the project seems to catch the > > > attention of new users. So

Re: [REQUEST] Contributor rights in Jira

2017-07-14 Thread Nick Allen
Hi Laurens - It seems that I do not have the access that I should in JIRA. I soon as I get my access worked out, I can take care of this for you. On Wed, Jul 12, 2017 at 5:21 PM, Laurens Vets wrote: > Hello, > > Could a PMC member please grant my Jira account contributor

Re: Metron REST - Logging Config

2017-07-14 Thread Nick Allen
, Jul 14, 2017 at 9:52 AM, Ryan Merriman <merrim...@gmail.com> wrote: > The only way I know of is to change log4j.properites. Did you every figure > out a better way? > > On Tue, Jul 11, 2017 at 2:10 PM, Nick Allen <n...@nickallen.org> wrote: > > > How do I

Re: Metron REST - Logging Config

2017-07-14 Thread Nick Allen
Actually per step 3, this is what the property should look-like. Note that "file:" has to precede the path. -Dlog4j.configuration=file:/path/to/log4j.properties On Fri, Jul 14, 2017 at 10:02 AM, Nick Allen <n...@nickallen.org> wrote: > Yes, this is what I did. Pulling thi

Metron REST - Logging Config

2017-07-11 Thread Nick Allen
How do I configure logging for Metron REST on a deployed host? Right now a log4j.properties file gets packaged into the metron-rest JAR itself. Is there is an easy way that I am missing?

Re: [VOTE][PROPOSAL] minor changes to release process

2017-07-06 Thread Nick Allen
+1 I think that makes a lot of sense. On Wed, Jul 5, 2017 at 5:47 PM, Matt Foley wrote: > (The below proposal is also stated in https://issues.apache.org/ > jira/browse/METRON-1020 ) > > The following proposed changes are small, but not just editorial in > nature, hence will

Re: Post-parsing and Enrichment test framework

2017-07-07 Thread Nick Allen
For experimenting or validating specific Stellar expressions, the Stellar Shell is perfect. To do this, you just have to remember than when your Stellar expressions execute all of the fields of the message are in-scope. For example, here is a quick session where I mock-up some logic that sends a

Re: Post-parsing and Enrichment test framework

2017-07-07 Thread Nick Allen
s get you 80% there? On Fri, Jul 7, 2017 at 10:54 AM, Nick Allen <n...@nickallen.org> wrote: > For experimenting or validating specific Stellar expressions, the Stellar > Shell is perfect. To do this, you just have to remember than when your > Stellar expressions execute all o

Re: [DISCUSS] METRON-994 -> Rest v. Stellar ( api of record )?

2017-07-07 Thread Nick Allen
Like you mentioned, Otto, I think it makes more sense to have a REST API that is backed by Stellar functions executed in a JVM. That is, the REST API simply executes the right Stellar functions in a JVM. This makes it very simple to reuse the same implementation (Stellar functions) across

Re: [DISCUSS] Relocate Docker

2017-07-19 Thread Nick Allen
ained. Are there any other pieces of the code > > base that would fit into this type of area? > > > > -Kyle > > > > On Thu, Jul 13, 2017 at 12:30 PM Laurens Vets <laur...@daemon.be> wrote: > > > > > On 2017-07-13 09:04, Nick Allen wrote: > > >

Re: auto-install on bare metal

2017-04-26 Thread Nick Allen
Here is an example of how you might do that. I created this quite a while ago, but it shows you the structure and how you could manage multiple environments with this method. https://github.com/nickwallen/metron-environments On Tue, Apr 25, 2017 at 9:46 PM, Otto Fowler

Re: auto-install on bare metal

2017-04-26 Thread Nick Allen
ll Ambari first, right? > > - Dima > > On 04/26/2017 07:54 PM, Nick Allen wrote: > > Ok, then I must have totally misunderstood what you're looking for. > Sorry. > > > > On Wed, Apr 26, 2017 at 9:59 AM, Otto Fowler <ottobackwa...@gmail.com> > > wrote: > >

Re: Normalization topology or separate normalization bolt for parsing topology

2017-04-26 Thread Nick Allen
> For some reason, the incoming data do not look like in the way that has to be. In my mind that would be something for your parser to handle. On Wed, Apr 26, 2017 at 9:43 AM, Ali Nazemian wrote: > Having Stellar function for the normalization is very cool actually. > >

Re: auto-install on bare metal

2017-04-26 Thread Nick Allen
need to verify it post recent changes to allow building in docker > again. > > > On April 26, 2017 at 09:54:26, Nick Allen (n...@nickallen.org) wrote: > > Here is an example of how you might do that. I created this quite a while > ago, but it shows you the structure and how you

Re: Quick Dev - Atlas Images

2017-04-26 Thread Nick Allen
ou can have vagrant use docker as a back end too right? > > > > On April 25, 2017 at 14:34:14, Nick Allen (n...@nickallen.org) wrote: > > >> I hadn't really reasoned about the notion of a "released" Quick Dev > image, > but I can see a lot of value in havi

Re: Ambari Wizard: Repo Tab

2017-04-26 Thread Nick Allen
eptions at all from the execute > calls. I wonder what the best practice is? > I can’t seem to find the ambari mpack programming documentation ;) > > > On April 26, 2017 at 16:50:18, Nick Allen (n...@nickallen.org) wrote: > > I can create the JIRA. I capture the logs. > >

Re: Ambari Wizard: Repo Tab

2017-04-26 Thread Nick Allen
Yes, I am also running on CentOS 7. On Wed, Apr 26, 2017 at 3:19 PM, Otto Fowler <ottobackwa...@gmail.com> wrote: > Would i have to change that on Centos 7? > > > On April 26, 2017 at 15:12:38, Nick Allen (n...@nickallen.org) wrote: > > Check on the `network_ho

Re: Ambari Wizard: Repo Tab

2017-04-26 Thread Nick Allen
I can create the JIRA. I capture the logs. On Wed, Apr 26, 2017 at 4:48 PM, Nick Allen <n...@nickallen.org> wrote: > Yes, Otto. I just experienced that myself. It is a bug that we should > create a JIRA for. > > I was able to work around it by just using "sta

Re: Quick Dev - Atlas Images

2017-04-25 Thread Nick Allen
it as a convenience binary signed and hosted alongside the > other release artifacts. Meantime, we could keep the incremental versions > of Quick Dev in Atlas. > > Anyway, I think it's a really interesting notion. > > -D... > > > On Mon, Apr 24, 2017 at 11:26 AM, Ni

Re: Ambari Wizard: Repo Tab

2017-04-25 Thread Nick Allen
createrepo On Tue, Apr 25, 2017 at 4:42 PM, Otto Fowler wrote: > Ok, now I see the repos in the ‘pick version’ screen, but it is erring on > the f://localrepo > even though the folder exists, there is no repodata/repomd.xml. > > What is the command to create a local

Re: Profiler statistics NaN

2017-08-09 Thread Nick Allen
till a HLLP object, not a statistics object, so doing a > STATS_MERGE on a bunch of them wouldn't work either. > > On Wed, Aug 9, 2017 at 4:15 PM, Nick Allen <n...@nickallen.org> wrote: > > > That is another problem. Isn't the simplest answer, to just ch

Re: Profiler statistics NaN

2017-08-09 Thread Nick Allen
wrote: > > > > Yeah, I'm leaning toward STATS_ADD or STATS_INIT taking a list of > numbers. > > STATS_MERGE seems confusing. > > > > On Wed, Aug 9, 2017 at 4:37 PM, Nick Allen <n...@nickallen.org> wrote: > > > > > Or even change the behavior of STA

Re: Profiler statistics NaN

2017-08-09 Thread Nick Allen
It seems that you are using the Profiler Client API correctly from the REPL, but you are using it incorrectly in your triage rules. Change your triage rules to match what you ran in the REPL. Correct: PROFILE_GET( "host-talks-to" , "99.191.183.156", PROFILE_FIXED(300, "MINUTES")) Incorrect:

Re: Profiler statistics NaN

2017-08-09 Thread Nick Allen
That is another problem. Isn't the simplest answer, to just change this... "result": "HLLP_CARDINALITY(outcoming)" to this... "result": "outcoming" ? On Wed, Aug 9, 2017 at 3:48 PM Casey Stella wrote: > Ok, so the problem here is that your profile is returning integers

Re: Profiler statistics NaN

2017-08-09 Thread Nick Allen
to consider. On Wed, Aug 9, 2017 at 4:31 PM Nick Allen <n...@nickallen.org> wrote: > Oh yeah, duh. Now I'm with you. That would be a good quick hit. > > The current behavior is a little nutty. If there is a list, it only > consumes the first element in the list. I'd exp

Re: [DISCUSS] Using Yarn package manager for metron-alerts

2017-08-16 Thread Nick Allen
Thanks for laying this all out for us, Raghu. Based on the built-in support for offline installs and version locking, I think this is a great suggestion. (However unfortunate the namespace collision might be.) On Wed, Aug 16, 2017 at 8:51 AM RaghuMitra Kandikonda <

Re: [DISCUSS] Synopsis of Community Meeting on 8/22/2017

2017-08-23 Thread Nick Allen
That is actually our plugin. Well, ours is theirs. The Bro Project is getting out of the business of maintaining plugins for the most part. This is one side effect of the new Bro packaging mechanism. The plan is to migrate the code to the new Bro packaging mechanism and for it to live here

Re: Request double-check on Ambari config logic (ES network_host)

2017-05-03 Thread Nick Allen
and working out-of-the-box here, Matt? On Wed, May 3, 2017 at 8:30 AM, Nick Allen <n...@nickallen.org> wrote: > It only worked "good enough" on Ansible because it was mainly used for > deploying to a controlled environment where we know the interface names; > aka Vagran

Re: [GitHub] incubator-metron issue #562: METRON-915 add node and npm to platform_info.sh

2017-05-03 Thread Nick Allen
I think it still makes sense to add these to the platform script. What if the mvn plugin breaks or starts working in an unexpected way? This would help us uncover issues there. But good point to bring up, Ryan. On Wed, May 3, 2017 at 8:32 AM, Ryan Merriman wrote: > We

Re: Normalization topology or separate normalization bolt for parsing topology

2017-05-03 Thread Nick Allen
munity in future. Ideally, it would be better that official Metron developers focus on Metron features instead of developing generic parsers. Thanks, Ali On Wed, May 3, 2017 at 3:03 AM, Nick Allen <n...@nickallen.org> wrote: > Yes, and currently that normalization step is the Parser

Re: Request double-check on Ambari config logic (ES network_host)

2017-05-03 Thread Nick Allen
It only worked "good enough" on Ansible because it was mainly used for deploying to a controlled environment where we know the interface names; aka Vagrant/Single Node. It did not work well at all on environments other than Vagrant/Single Node. The work that was done with Elasticsearch and

Re: Failure to Deploy "Quick Dev"

2017-05-03 Thread Nick Allen
nickwallen Thanks. On Wed, May 3, 2017 at 9:03 AM, David Lyle <dlyle65...@gmail.com> wrote: > Hi Nick, > > You do. just need to set up an Atlas account and shoot over the name. > > -D... > > > On Wed, May 3, 2017 at 8:44 AM, Nick Allen <n...@nickallen.org>

Re: Failure to Deploy "Quick Dev"

2017-05-03 Thread Nick Allen
Fowler <ottobackwa...@gmail.com> > wrote: > >> From lira: >> >> I 'think' that quickdev is actually build from full_dev, with metron >> installed already. So it may be that we need a new image built to make >> this >> not an upgrade situation? >> &g

Re: MaaS + Apache Twill ?

2017-05-03 Thread Nick Allen
s that Twill > offers. I think had we known that Twill existed a few years ago we would > have considered it, but given where we are today I don't see a reason to > switch. > > Thanks, > James > > 18.04.2017, 12:30, "Nick Allen" <n...@nickallen.org>: > >>

Re: [DISCUSS] platform_info.sh and PR template / Dev Guidelines

2017-05-03 Thread Nick Allen
+0 I am not a fan of the PR template. In my opinion, there is too much text already and I ended up just skipping over it. I think it gets in the way of a contributor actually describing their change. Just my opinion. I know many others disagree and find value in it. On Wed, May 3, 2017 at

Re: Request double-check on Ambari config logic (ES network_host)

2017-05-03 Thread Nick Allen
lt;ottobackwa...@gmail.com> > wrote: > > > My experience deploying with small_cluster / ansible was that it just > > worked at the time to > > my centos 6.9 esxi cluster. > > > > > > On May 3, 2017 at 08:30:59, Nick Allen (n...@nic

Re: [DISCUSS] Enrichment Split/Join issues

2017-05-16 Thread Nick Allen
I would like to see us just migrate wholly to Stellar enrichments and remove the separate HBase and Geo enrichment bolts from the Enrichment topology. Stellar provides a user with much greater flexibility than the existing HBase and Geo enrichment bolts. A side effect of this would be to greatly

Re: [DISCUSS] Enrichment Split/Join issues

2017-05-16 Thread Nick Allen
personal desire would be to > have just stellar enrichments, though. You can do every one of the other > enrichments in Stellar and it would greatly simplify that config above. > > > > On Tue, May 16, 2017 at 11:59 AM, Nick Allen <n...@nickallen.org> wrote: > > > I

Re: [DISCUSS] Enrichment Split/Join issues

2017-05-16 Thread Nick Allen
t something is missing, and could drive > things like replay of the message to retrospectively enrich when things > have calmed down. > > Simon > > > On 16 May 2017, at 17:25, Nick Allen <n...@nickallen.org> wrote: > > > > Ah, yes. Makes sense and I can see the valu

Re: Why bro parser allows periods in keys?

2017-05-09 Thread Nick Allen
​The ES indexer replaces periods, I believe. Are you seeing periods hit Elasticsearch?​ And architecturally that kind of logic should be done in the indexers anyways. On Tue, May 9, 2017 at 9:41 AM, zeo...@gmail.com wrote: > Is there a reason why the bro parser allows

Profiler Deck

2017-06-19 Thread Nick Allen
I created a deck that walks through the current state of the Profiler. I thought this might be helpful to others on the list. Feel free to share any feedback or questions. https://www.slideshare.net/NickAllen4/apache-metron-profiler FYI - Viewing on Slideshare, corrupts a few images. If you

Re: Metron Release rules

2017-06-26 Thread Nick Allen
+1 Yes, definitely cruft. Good find. On Mon, Jun 26, 2017 at 9:50 PM, Matt Foley wrote: > The Release Process document at https://cwiki.apache.org/ > confluence/display/METRON/Release+Process > currently states that a file named DISCLAIMER is a required artifact in > the

Re: Trying to spin up Metron in EC2: Failed

2017-05-23 Thread Nick Allen
Good. Glad to hear that. On Tue, May 23, 2017 at 6:50 PM, Laurens Vets <laur...@daemon.be> wrote: > Hmmm, deploying Metron in AWS from another EC2 instance seems to work > fine... > > I have a fully deployed 10 node Metron install now. > > On 2017-05-19 10:52, Nic

Re: Trying to spin up Metron in EC2: Failed

2017-05-19 Thread Nick Allen
Missed one important point. You actually choose the data center here [2] in the configuration file. [2] https://github.com/apache/metron/blob/master/metron-deployment/amazon-ec2/conf/defaults.yml#L43 On Fri, May 19, 2017 at 1:52 PM, Nick Allen <n...@nickallen.org> wrote: > I am not

Re: Trying to spin up Metron in EC2: Failed

2017-05-19 Thread Nick Allen
I am not sure what the issue is. Nothing is jumping out at me. Weird issues can arise when the machine that you are running the Ansible deployment from has intermittent connectivity issues to the AWS data center. Is Amazon's us-west-2 data center the one closest to you? You might try a

Re: [Discuss] Improving new developer onboarding experience

2017-05-19 Thread Nick Allen
Hi Marc - Welcome to the community. > Vagrant quick dev env does not boot for me. This relies on an image stored in Atlas. There was recently a commit that broke that image. We just need to update the image stored in Atlas. Until we do, feel free to use Full Dev. > The environment variables

Re: [Discuss] Improving new developer onboarding experience

2017-05-19 Thread Nick Allen
Also, there are usually people on #apache-metron on Freenode. If you are having trouble and need to ask a question, you can try there too. Jon and Otto tend to be our community leaders there. Many, many thanks to them for that. They are super helpful. I need to join more often. On Fri, May

Re: [INCOMING] Metron 0.4.0 release (RC3)

2017-06-01 Thread Nick Allen
Sounds good, Matt. Looking forward to cutting this release. On Thu, Jun 1, 2017 at 5:17 PM, Matt Foley wrote: > Hi all, > > Now that METRON-844 is in, I plan to proceed with the 0.4.0 release > candidate. I think 844 was the last item we considered a must-have for the >

Re: [Discussion] About the wiki….

2017-06-13 Thread Nick Allen
+1 for migrating away from the Wiki. I am not a fan. It is too difficult to keep in-sync with the source code. It also doesn't get the loving care and review that a PR does in our community. On Tue, Jun 13, 2017 at 2:27 PM, zeo...@gmail.com wrote: > I suggested in the past

Re: [DISCUSS] Kerberos First

2017-05-01 Thread Nick Allen
If so, need for KDC applies, > and it would still be good to allow QuickDev to come up without Kerberos as > a simplified environment when that’s desirable. > > > > Thanks, > > --Matt > > > > From: Nick Allen <n...@nickallen.org> > Reply-To: "dev

Re: [DISCUSS] Update Metron Release Documentation

2017-05-01 Thread Nick Allen
One major benefit of the site-book is that we can maintain docs for previous releases of Metron. Unless there is a major technical hurdle, I think we should do so. On Mon, May 1, 2017 at 10:06 AM, zeo...@gmail.com wrote: > Just bringing up this thread again, as we're going to

[DISCUSS] Kerberos First

2017-05-01 Thread Nick Allen
I hate dealing with Kerberos. It is a pain to setup, it is a pain to work with, it has its own learning curve, *but it is absolutely necessary*. Due to the sensitive nature of Metron's use case, most of our users should be using Kerberos as part of a defense-in-depth strategy to protect

Re: [DISCUSS] REST + ambari

2017-05-08 Thread Nick Allen
As opposed to using the Ambari REST API to get this information? On Mon, May 8, 2017 at 8:06 AM, Otto Fowler wrote: > I was thinking about have an ambari ‘service’ in the rest api. > The initial purpose would be to be able to retrieve ambari configuration > variables

Re: [DISCUSS] Code Style

2017-05-08 Thread Nick Allen
+1 Good points, Justin. I am onboard. On Mon, May 8, 2017 at 9:29 AM, Justin Leet wrote: > I've been taking a look at setting up checkstyle per > https://issues.apache.org/jira/browse/METRON-746. > > Given that we don't actually enforce any style right now (saying we

Re: Normalization topology or separate normalization bolt for parsing topology

2017-05-02 Thread Nick Allen
Before worrying about how to ingest this 'noisy' data, I would want to better understand root cause. If you cannot even get a valid date format, are you sure the data can be trusted? Rather than bending over backwards to try to ingest it, I would first make sure the telemetry is not totally

Re: Normalization topology or separate normalization bolt for parsing topology

2017-05-02 Thread Nick Allen
and flexible > solution is not very hard. > > Cheers, > Ali > > On Tue, May 2, 2017 at 11:24 PM, Nick Allen <n...@nickallen.org> wrote: > > > Before worrying about how to ingest this 'noisy' data, I would want to > > better understand root cause. If you cannot

Re: [Discuss] Cyber Security Asset Management for Metron

2017-05-24 Thread Nick Allen
I think the addition of a graph capability would be very powerful. I know many who would love the idea, but I know of no implementations that have occurred. It might be good to discuss in the community specific use cases that would be enabled by a graph database. That might help to flesh out

Re: Github Code Owners

2017-09-15 Thread Nick Allen
-1 IMHO I do not want to see hard dependencies on anyone. Life happens sometimes, but the project has to keep moving. Also, I don't want to see certain parts of the project that are only known by a few individuals. While I don't think this Github feature directly leads to that, it makes it

Re: Committing to the metron-bro-plugin-kafka repo

2017-09-15 Thread Nick Allen
Hi Jon - I agree with you on the approach. We should first copy everything as it is to the new repo. We should maintain the revision history too. I'm sure there is a way to do it, but would have to research a bit. Then we apply your changes on top of that. Thanks On Thu, Sep 14, 2017 at

Re: Committing to the metron-bro-plugin-kafka repo

2017-09-18 Thread Nick Allen
/metron-bro-plugin-kafka/tree/dev > > Jon > > On Fri, Sep 15, 2017 at 12:54 PM zeo...@gmail.com <zeo...@gmail.com> > wrote: > > > Good point, I can take that task re migrating the revision history of the > > folder. > > > > Jon > > > > On F

Re: feature branch bumps

2017-09-20 Thread Nick Allen
Hi Otto - What is the plan for bringing the feature branch and master together? Do these PRs move us closer to bringing the two branches together? Thanks On Wed, Sep 20, 2017 at 8:19 AM Otto Fowler wrote: > Can I get a bump on

Re: feature branch bumps

2017-09-20 Thread Nick Allen
conceptually there is ( might not be complete ) > > * the discuss thread topic from this morning ( metron parsers v. > extensions wrt registration and management ) > * default configurations ( parser, enrichment, indexing, elasticsearch) > > > > > On September 20, 2017 at 11

Re: feature branch bumps

2017-09-20 Thread Nick Allen
ed on. > > > On September 20, 2017 at 10:23:44, Nick Allen (n...@nickallen.org) wrote: > > So it sounds like these PRs do move us closer to bringing the two branches > together. But I think I am missing your high-level approach though. > > How are we going to get all

Re: feature branch bumps

2017-09-20 Thread Nick Allen
n integrate master > into feature and then bring it out to the stacked PR’s. Simple as that. > > > > On September 20, 2017 at 08:35:09, Nick Allen (n...@nickallen.org) wrote: > > Hi Otto - > > What is the plan for bringing the feature branch and master together? Do > these

Re: feature branch bumps

2017-09-20 Thread Nick Allen
l chunks” is what I keep hearing. I have no idea how to do > that from an already integrated and working branch. > Do you mean I… > - create patch files of whole directories and do a pr per directory, but > the build doesn’t work? > > > On September 20, 2017 at 15:07:56, Nick Alle

Re: feature branch bumps

2017-09-21 Thread Nick Allen
h builds and passes travis ), but just > have code to review. > > But, as you said, it has been since April, and only Bundles has been > reviewed. If nobody but Matt is even going to _attempt_ code review, then > it may now be implicitly required that I do this. > > > On Sept

Re: feature branch bumps

2017-09-21 Thread Nick Allen
( > again I apologize if I am wrong ), is to catch up on the confluence and > where things currently stand, and then move the discussion on from there. > I feel like a lot has gone on in 777 and there that relate to your concerns > ( although I am not saying they address them ). > &

Re: Cloudtrail use case

2017-10-05 Thread Nick Allen
We don't really have a location in the source code for use cases like this right now. But I think it is so important that we get use cases like this published somewhere. For now, you could add this to the Wiki. Then later on we can figure out how to handle that. On Thu, Oct 5, 2017 at 6:49 PM,

Re: Can we close old inactive PR’s

2017-10-17 Thread Nick Allen
If we've made an honest effort to contact the contributor, I think it is completely legit to force close it. I've done that a few times before actually. You just have to open a JIRA for Apache Infra to close the PR. On Tue, Oct 17, 2017 at 9:00 AM, Otto Fowler wrote:

Re: Can we close old inactive PR’s

2017-10-17 Thread Nick Allen
I am not completely sure, but I think committers are able to. On Tue, Oct 17, 2017 at 9:54 AM, Otto Fowler <ottobackwa...@gmail.com> wrote: > Whom can open such a jira? Do we limit it to committers, PMC members? > > > On October 17, 2017 at 09:41:00, Nick Allen (n...@ni

Re: Unclear recent commit

2017-09-09 Thread Nick Allen
I don't think this instance is a big deal. But ideally I think any changes, including a fix like this, should go through the PR process. On Fri, Sep 8, 2017 at 10:44 PM Casey Stella wrote: > So, generally the goal is to commit the minimal set of commits squashed by >

Re: [DISCUSS] Metron release 0.4.1

2017-09-05 Thread Nick Allen
the community says we want to >>> call the upcoming release, and everything that’s there when I throw the >>> switch will be included. >>> > >>> >Jon and Anand, will they be in by end/day Friday? >>> >Thanks, >>> >--Matt >>>

Re: [DISCUSS] Metron release 0.4.1

2017-09-06 Thread Nick Allen
gt; Great, working on it! > > > > From: Nick Allen <n...@nickallen.org> > Date: Tuesday, September 5, 2017 at 8:00 AM > To: Casey Stella <ceste...@gmail.com>, "zeo...@gmail.com" < > zeo...@gmail.com> > Cc: Anand Subramanian <asubraman..

Re: [DISCUSS] metron-config build failure on Centos 7

2017-09-06 Thread Nick Allen
at 5:29 PM Nick Allen <n...@nickallen.org> wrote: > What version of Metron are you running? > > This error seems a bit different, but do you have the patch for this issue > that was fixed a while back? > https://github.com/apache/metron/pull/691 > https://issues.apache.org

Re: [DISCUSS] metron-config build failure on Centos 7

2017-09-06 Thread Nick Allen
What version of Metron are you running? This error seems a bit different, but do you have the patch for this issue that was fixed a while back? https://github.com/apache/metron/pull/691 https://issues.apache.org/jira/browse/METRON-1104 On Wed, Sep 6, 2017 at 3:41 PM Ian Abreu

Re: [VOTE] Metron Release Candidate 0.4.1-RC4

2017-09-12 Thread Nick Allen
+1 (binding) Deployed to Full Dev and AWS successfully. On Sun, Sep 10, 2017 at 10:30 PM zeo...@gmail.com wrote: > +1 (binding) > > - Verified the signature > - Verified all hashes > - mvn -q -T 2C surefire:test@unit-tests && mvn -q > surefire:test@integration-tests && mvn -q

Re: feature branch bumps

2017-09-26 Thread Nick Allen
-Matt and Otto > > > On 9/21/17, 11:53 AM, "Otto Fowler" <ottobackwa...@gmail.com> wrote: > > My thought was that in answering things in the wiki, it would build > out the > ‘guide’ there. But I was just taking a stab at that. I am open to > wha

Re: [DISCUSS] How should Management UI save changes?

2017-10-02 Thread Nick Allen
> Maybe change the text on the button on the primary panel to "write" instead of "save"? Another option would be to call it "Apply". > Also, I want wider child panels in the management UI if at all possible. > Especially the "RAW JSON" feels cramped. Yes, I agree. It seems to odd to me that

Re: [DISCUSS] Is there a reason for separate Management & Alerts UIs?

2017-10-02 Thread Nick Allen
I think the main reason historically is that each UI has different use cases and user roles. The Management UI will mainly be used by an Security Platform Engineer, while the Alerts UI will be used by a SOC Analyst, Investigator or Manager. That being said, I am not against a single, unified UI,

Re: Error message when changing riskLevelRules

2017-10-03 Thread Nick Allen
Laurens - The problem is that we expect a Stellar expression for the "reason" field. What you are providing is a string that is not a valid Stellar expression. For it to be a valid expression you need to add another set of quotes to make it a Stellar string; " 'No MFA used.' ". I definitely see

Re: Error message when changing riskLevelRules

2017-10-03 Thread Nick Allen
AGE_* things. > > > On 2017-10-03 08:40, Nick Allen wrote: > >> Laurens - >> >> The problem is that we expect a Stellar expression for the "reason" field. >> What you are providing is a string that is not a valid Stellar expression. >> For i

Re: [DISCUSS] METRON-777 and the road to perditi... er enlightenment

2017-08-23 Thread Nick Allen
+1 I like it all, Otto. You deserve a freakin' medal. On Wed, Aug 23, 2017 at 10:04 AM Otto Fowler wrote: > WRT : regression fixes, I would also like us to consider putting these the > initial 777 to feature branch PR as an option. > > > On August 23, 2017 at

Re: [DISCUSS] METRON-777 and the road to perditi... er enlightenment

2017-08-23 Thread Nick Allen
ore than that could potentially be warranted. > > +1 > > Jon > > On Wed, Aug 23, 2017 at 12:38 PM Nick Allen <n...@nickallen.org> wrote: > > > +1 I like it all, Otto. You deserve a freakin' medal. > > > > > > > > > > > > On Wed, Aug 23,

Maven Exec REPL with all Metron Dependencies

2017-08-31 Thread Nick Allen
Previously, I found that you could run the REPL from the Metron source by running the following command from the ​source root ​ directory. This is useful because it lets you run the REPL with the libraries that will be available ​during Enrichment.​ mvn exec:java \

Re: [DISCUSS] Metron release 0.4.1

2017-08-31 Thread Nick Allen
gt; > > wrote: > > > > >I have some work around fixing how we handle config with Ambari that I'd > > >like to see go in. No PR yet, but coming soon. I expect to have this by > > the > > >RC deadline. > > > > > >Mike > >

Re: Feature Branch: Extension System for Metron and Metron Parsers

2017-08-30 Thread Nick Allen
Yes, I think you still need +1s. The same PR rules apply to the feature branch PRs. The only difference being that as a reviewer/committer I won't expect the same level of quality, documentation, etc to get my +1 for a PR that is destined for a feature branch. And of course, each

Re: Feature Branch: Extension System for Metron and Metron Parsers

2017-08-30 Thread Nick Allen
t, I mean the initial PR that moves the other branches in. I don’t > think we expect that pr to get reviewed. > > > > On August 30, 2017 at 10:26:00, Nick Allen (n...@nickallen.org) wrote: > > Yes, I think you still need +1s. The same PR rules apply to the feature > branch P

Re: [DISCUSS] Metron release 0.4.1

2017-08-30 Thread Nick Allen
n 8/29/17, 9:34 AM, "Casey Stella" <ceste...@gmail.com> wrote: > > > > For my PRs, I'd vote for METRON-1122 being in (commit very > imminent). > > I'd very much like METRON-1134 to be in as well. > > > > Beyon

Re: [DISCUSS] Feature Branches and updating from Master

2017-08-30 Thread Nick Allen
I think opening PRs is the way to go. We're going to have maybe three kinds of merges when we sync a feature branch with master. - The *good* kind when there are no conflicts. Yay! Easy review, no problems, quick +1. - The *bad* kind when there are conflicts. This will take some

Re: Quick Dev

2017-10-06 Thread Nick Allen
+1 To killing Quick Dev and updating the Wiki. Quick Dev has been broken for eons. Simon's point about "profusion of installs" makes a lot of sense too. On Fri, Oct 6, 2017 at 8:33 AM Simon Elliston Ball < si...@simonellistonball.com> wrote: > +1 we see a lot of people struggling with the

Re: Cloudtrail use case

2017-10-06 Thread Nick Allen
ier for multiple things. Some from the wiki, > some from random READMEs we could relocate and link, some from > presentations and so on. > > Having said all that, I know discuss threads can take a few days to > resolve, so wiki and then convert might be the lesser of two evils. > &

Re: Quick Dev

2017-10-06 Thread Nick Allen
Fri, Oct 6, 2017 at 8:39 AM, Nick Allen <n...@nickallen.org> wrote: > > > +1 To killing Quick Dev and updating the Wiki. Quick Dev has been broken > > for eons. Simon's point about "profusion of installs" makes a lot of > sense > > too. > &g

Re: Quick Dev

2017-10-06 Thread Nick Allen
sible-skip-tags'? We probably should document any > tags you might want to skip anyway. > > I'm pretty in favor of killing that. > > On Fri, Oct 6, 2017 at 8:46 AM, Nick Allen <n...@nickallen.org> wrote: > > > The same case might be made for the Code Lab Platform &g

  1   2   3   >