[GitHub] incubator-metron issue #276: METRON-363 Fix Cisco ASA Parser

[nickwallen]

Github user nickwallen commented on the issue:

https://github.com/apache/incubator-metron/pull/276
  
+1  Great contribution


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-metron issue #276: METRON-363 Fix Cisco ASA Parser

[kylerichardson]

Github user kylerichardson commented on the issue:

https://github.com/apache/incubator-metron/pull/276
  
A big thank you to @ottobackwards for helping to troubleshoot the CI build 
fails. This should be good to go now.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Re: [GitHub] incubator-metron issue #276: METRON-363 Fix Cisco ASA Parser

[Otto Fowler]

I would like to understand what specific to your PR regressed the Storm 1.0
integration.  Maybe Casey or someone a little more familiar with what went
into troubleshooting that patch can help.


On November 1, 2016 at 21:57:57, Kyle Richardson (kylerichards...@gmail.com)
wrote:

Thanks, Otto! You're a genius.

I'm at a loss for why this broke the integration tests. For me, it seems to
have broke all of the integration tests which makes me think it broke some
piece of the underlying framework. The big change seems to have been with
the move to Storm 1.x but I can't say for sure it's related.

I had managed to get rid of all of the SLF4J multiple bindings prior to
rebasing so my guess is there was a change in some of the dependencies that
added these back in.

I've added the exclusion you highlighted as well as a couple of others to
get rid of the multiple bindings. I'm running through the unit and
integration tests now and, if successful, I'll push the fix to my PR and
see what Travis comes back with.

Thanks again for your help troubleshooting!

-Kyle

On Tue, Nov 1, 2016 at 4:52 PM, Otto Fowler 
wrote:

> Sorry, same test.
>
> I was able to resolve the issue by adding an exclusion for slf4j in the
> metron-parsers pom:
>
> 
> org.apache.kafka
> kafka_2.10
> ${global_kafka_version}
> 
> 
> slf4j-log4j12
> org.slf4j
> 
> 
> log4j
> log4j
> 
> 
> 
>
>
> I’m not sure why this would break with the asa parser though. Maybe
> someone else has an idea?
>
> On November 1, 2016 at 16:16:27, Otto Fowler (ottobackwa...@gmail.com)
> wrote:
>
> Kyle:
>
> I can reproduce this problem ( but with a different test ) locally.
>
> ---
>
> T E S T S
>
> ---
>
> Running org.apache.metron.parsers.integration.AsaIntegrationTest
>
> SLF4J: Class path contains multiple SLF4J bindings.
>
> SLF4J: Found binding in
> [jar:file:/Users/ottofowler/.m2/repository/org/slf4j/slf4j-
> log4j12/1.7.21/slf4j-log4j12-1.7.21.jar!/org/slf4j/impl/
> StaticLoggerBinder.class]
>
> SLF4J: Found binding in
> [jar:file:/Users/ottofowler/.m2/repository/org/slf4j/slf4j-
> simple/1.7.7/slf4j-simple-1.7.7.jar!/org/slf4j/impl/
> StaticLoggerBinder.class]
>
> SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an
> explanation.
>
> SLF4J: Actual binding is of type [org.slf4j.impl.Log4jLoggerFactory]
>
> Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 3.509 sec
> <<< FAILURE! - in
org.apache.metron.parsers.integration.AsaIntegrationTest
>
> test(org.apache.metron.parsers.integration.AsaIntegrationTest) Time
> elapsed: 3.506 sec <<< ERROR!
>
> java.lang.NoClassDefFoundError: org/slf4j/event/LoggingEvent
>
> I *did* pull master over your pr.
>
> Can you merge/pull master and update your local branch and reproduce?
>
>
>
> On November 1, 2016 at 15:33:55, Otto Fowler (ottobackwa...@gmail.com)
> wrote:
>
> " T E S T S
>
> ---
> Running org.apache.metron.parsers.integration.YafIntegrationTest
> SLF4J: Class path contains multiple SLF4J bindings.
> SLF4J: Found binding in
> [jar:file:/home/travis/.m2/repository/org/slf4j/slf4j-
> log4j12/1.7.21/slf4j-log4j12-1.7.21.jar!/org/slf4j/impl/
> StaticLoggerBinder.class]
> SLF4J: Found binding in
> [jar:file:/home/travis/.m2/repository/org/slf4j/slf4j-
> simple/1.7.7/slf4j-simple-1.7.7.jar!/org/slf4j/impl/
> StaticLoggerBinder.class]
> SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an
> explanation.
> SLF4J: Actual binding is of type [org.slf4j.impl.Log4jLoggerFactory]
> Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 8.64
> sec <<< FAILURE! - in
> org.apache.metron.parsers.integration.YafIntegrationTest
> test(org.apache.metron.parsers.integration.YafIntegrationTest) Time
> elapsed: 8.637 sec <<< ERROR!
> java.lang.NoClassDefFoundError: org/slf4j/event/LoggingEvent”
>
>
> This error, then a address already in use errors…. then no output -
> travis kills it.
>
> Maybe this error causes an ungraceful shutdown, which effects the next
> test?
>
>
> I’ll grab your pr clean and try to run mvn test && mvn
> integration-test on it and see here. I assume that this builds
> locally for you and the test and integration-tests run?
>
>
>
>
> On November 1, 2016 at 13:17:47, kylerichardson (g...@git.apache.org)
> wrote:
>
> Github user kylerichardson commented on the issue:
>
> https://github.com/apache/incubator-metron/pull/276
>
> Ok, need some helping figuring out why the CI build keeps failing...
>
> I get several of these at the end of the log:
> ```
> Running org.apache.metron.parsers.integration.JSONMapIntegrationTest
> 2016-11-01 15:54:52 FATAL KafkaServer:116 - [Kafka Server 0], Fatal error
> during KafkaServer startup. Prepare to shutdown
> kafka.common.KafkaException: Socket server failed to bind to
> localhost:6667: Address already in use.
> ```
>
> and prior to that I see:
> ```
> 

Re: [GitHub] incubator-metron issue #276: METRON-363 Fix Cisco ASA Parser

[Kyle Richardson]

Thanks, Otto! You're a genius.

I'm at a loss for why this broke the integration tests. For me, it seems to
have broke all of the integration tests which makes me think it broke some
piece of the underlying framework. The big change seems to have been with
the move to Storm 1.x but I can't say for sure it's related.

I had managed to get rid of all of the SLF4J multiple bindings prior to
rebasing so my guess is there was a change in some of the dependencies that
added these back in.

I've added the exclusion you highlighted as well as a couple of others to
get rid of the multiple bindings. I'm running through the unit and
integration tests now and, if successful, I'll push the fix to my PR and
see what Travis comes back with.

Thanks again for your help troubleshooting!

-Kyle

On Tue, Nov 1, 2016 at 4:52 PM, Otto Fowler  wrote:

> Sorry, same test.
>
> I was able to resolve the issue by adding an exclusion for slf4j in the
> metron-parsers pom:
>
> 
> org.apache.kafka
> kafka_2.10
> ${global_kafka_version}
> 
> 
> slf4j-log4j12
> org.slf4j
> 
> 
> log4j
> log4j
> 
> 
> 
>
>
> I’m not sure why this would break with the asa parser though.  Maybe
> someone else has an idea?
>
> On November 1, 2016 at 16:16:27, Otto Fowler (ottobackwa...@gmail.com)
> wrote:
>
> Kyle:
>
> I can reproduce this problem ( but with a different test ) locally.
>
> ---
>
>  T E S T S
>
> ---
>
> Running org.apache.metron.parsers.integration.AsaIntegrationTest
>
> SLF4J: Class path contains multiple SLF4J bindings.
>
> SLF4J: Found binding in
> [jar:file:/Users/ottofowler/.m2/repository/org/slf4j/slf4j-
> log4j12/1.7.21/slf4j-log4j12-1.7.21.jar!/org/slf4j/impl/
> StaticLoggerBinder.class]
>
> SLF4J: Found binding in
> [jar:file:/Users/ottofowler/.m2/repository/org/slf4j/slf4j-
> simple/1.7.7/slf4j-simple-1.7.7.jar!/org/slf4j/impl/
> StaticLoggerBinder.class]
>
> SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an
> explanation.
>
> SLF4J: Actual binding is of type [org.slf4j.impl.Log4jLoggerFactory]
>
> Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 3.509 sec
> <<< FAILURE! - in org.apache.metron.parsers.integration.AsaIntegrationTest
>
> test(org.apache.metron.parsers.integration.AsaIntegrationTest)  Time
> elapsed: 3.506 sec  <<< ERROR!
>
> java.lang.NoClassDefFoundError: org/slf4j/event/LoggingEvent
>
> I *did* pull master over your pr.
>
> Can you merge/pull master and update your local branch and reproduce?
>
>
>
> On November 1, 2016 at 15:33:55, Otto Fowler (ottobackwa...@gmail.com)
> wrote:
>
> " T E S T S
>
> ---
> Running org.apache.metron.parsers.integration.YafIntegrationTest
> SLF4J: Class path contains multiple SLF4J bindings.
> SLF4J: Found binding in
> [jar:file:/home/travis/.m2/repository/org/slf4j/slf4j-
> log4j12/1.7.21/slf4j-log4j12-1.7.21.jar!/org/slf4j/impl/
> StaticLoggerBinder.class]
> SLF4J: Found binding in
> [jar:file:/home/travis/.m2/repository/org/slf4j/slf4j-
> simple/1.7.7/slf4j-simple-1.7.7.jar!/org/slf4j/impl/
> StaticLoggerBinder.class]
> SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an
> explanation.
> SLF4J: Actual binding is of type [org.slf4j.impl.Log4jLoggerFactory]
> Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 8.64
> sec <<< FAILURE! - in
> org.apache.metron.parsers.integration.YafIntegrationTest
> test(org.apache.metron.parsers.integration.YafIntegrationTest)  Time
> elapsed: 8.637 sec  <<< ERROR!
> java.lang.NoClassDefFoundError: org/slf4j/event/LoggingEvent”
>
>
> This error, then a address already in use errors…. then no output -
> travis kills it.
>
> Maybe this error causes an ungraceful shutdown, which effects the next
> test?
>
>
> I’ll grab your pr clean and try to run mvn test && mvn
> integration-test on it and see here.  I assume that this builds
> locally for you and the test and integration-tests run?
>
>
>
>
> On November 1, 2016 at 13:17:47, kylerichardson (g...@git.apache.org)
> wrote:
>
> Github user kylerichardson commented on the issue:
>
> https://github.com/apache/incubator-metron/pull/276
>
> Ok, need some helping figuring out why the CI build keeps failing...
>
> I get several of these at the end of the log:
> ```
> Running org.apache.metron.parsers.integration.JSONMapIntegrationTest
> 2016-11-01 15:54:52 FATAL KafkaServer:116 - [Kafka Server 0], Fatal error
> during KafkaServer startup. Prepare to shutdown
> kafka.common.KafkaException: Socket server failed to bind to
> localhost:6667: Address already in use.
> ```
>
> and prior to that I see:
> ```
> Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 8.64 sec
> <<< FAILURE! - in org.apache.metron.parsers.integration.YafIntegrationTest
> 

Re: [GitHub] incubator-metron issue #276: METRON-363 Fix Cisco ASA Parser

[Otto Fowler]

" T E S T S

---
Running org.apache.metron.parsers.integration.YafIntegrationTest
SLF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in
[jar:file:/home/travis/.m2/repository/org/slf4j/slf4j-log4j12/1.7.21/slf4j-log4j12-1.7.21.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in
[jar:file:/home/travis/.m2/repository/org/slf4j/slf4j-simple/1.7.7/slf4j-simple-1.7.7.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [org.slf4j.impl.Log4jLoggerFactory]
Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 8.64
sec <<< FAILURE! - in
org.apache.metron.parsers.integration.YafIntegrationTest
test(org.apache.metron.parsers.integration.YafIntegrationTest)  Time
elapsed: 8.637 sec  <<< ERROR!
java.lang.NoClassDefFoundError: org/slf4j/event/LoggingEvent”


This error, then a address already in use errors…. then no output -
travis kills it.

Maybe this error causes an ungraceful shutdown, which effects the next test?


I’ll grab your pr clean and try to run mvn test && mvn
integration-test on it and see here.  I assume that this builds
locally for you and the test and integration-tests run?




On November 1, 2016 at 13:17:47, kylerichardson (g...@git.apache.org) wrote:

Github user kylerichardson commented on the issue:

https://github.com/apache/incubator-metron/pull/276

Ok, need some helping figuring out why the CI build keeps failing...

I get several of these at the end of the log:
```
Running org.apache.metron.parsers.integration.JSONMapIntegrationTest
2016-11-01 15:54:52 FATAL KafkaServer:116 - [Kafka Server 0], Fatal error
during KafkaServer startup. Prepare to shutdown
kafka.common.KafkaException: Socket server failed to bind to
localhost:6667: Address already in use.
```

and prior to that I see:
```
Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 8.64 sec
<<< FAILURE! - in org.apache.metron.parsers.integration.YafIntegrationTest
test(org.apache.metron.parsers.integration.YafIntegrationTest) Time
elapsed: 8.637 sec <<< ERROR!
java.lang.NoClassDefFoundError: org/slf4j/event/LoggingEvent
```

This occurred for both of the CI builds since I rebased to the latest
master. Any ideas?



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-metron issue #276: METRON-363 Fix Cisco ASA Parser

[kylerichardson]

Github user kylerichardson commented on the issue:

https://github.com/apache/incubator-metron/pull/276
  
Ok, need some helping figuring out why the CI build keeps failing...

I get several of these at the end of the log:
```
Running org.apache.metron.parsers.integration.JSONMapIntegrationTest
2016-11-01 15:54:52 FATAL KafkaServer:116 - [Kafka Server 0], Fatal error 
during KafkaServer startup. Prepare to shutdown
kafka.common.KafkaException: Socket server failed to bind to 
localhost:6667: Address already in use.
```

and prior to that I see:
```
Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 8.64 sec 
<<< FAILURE! - in org.apache.metron.parsers.integration.YafIntegrationTest
test(org.apache.metron.parsers.integration.YafIntegrationTest)  Time 
elapsed: 8.637 sec  <<< ERROR!
java.lang.NoClassDefFoundError: org/slf4j/event/LoggingEvent
```

This occurred for both of the CI builds since I rebased to the latest 
master. Any ideas?



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-metron issue #276: METRON-363 Fix Cisco ASA Parser

[kylerichardson]

Github user kylerichardson commented on the issue:

https://github.com/apache/incubator-metron/pull/276
  
Rebased against master to incorporate the global junit version change. 
Should be good to go now pending Travis.

Thanks again to everyone for all of the suggestions, feedback, and testing.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-metron issue #276: METRON-363 Fix Cisco ASA Parser

[james-sirota]

Github user james-sirota commented on the issue:

https://github.com/apache/incubator-metron/pull/276
  
Still testing...bare with me


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-metron issue #276: METRON-363 Fix Cisco ASA Parser

[kylerichardson]

Github user kylerichardson commented on the issue:

https://github.com/apache/incubator-metron/pull/276
  
Any other feedback or suggestions for me?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-metron issue #276: METRON-363 Fix Cisco ASA Parser

[kylerichardson]

Github user kylerichardson commented on the issue:

https://github.com/apache/incubator-metron/pull/276
  
Whew, got the CI build to finally pass. All integration and unit tests are 
passing. I've also re-testing in the single node vm environment I described 
above.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-metron issue #276: METRON-363 Fix Cisco ASA Parser

[mattf-horton]

Github user mattf-horton commented on the issue:

https://github.com/apache/incubator-metron/pull/276
  
I added a comment above, to SyslogUtils.java line 36, which the system did 
not email to the list, probably because I immediately edited it to fix a format 
error.  @kylerichardson please consider it.  Thanks.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-metron issue #276: METRON-363 Fix Cisco ASA Parser

[kylerichardson]

Github user kylerichardson commented on the issue:

https://github.com/apache/incubator-metron/pull/276
  
@nickwallen Apologies, I should have been more specific. I tested using the 
same steps provided earlier in the PR. That said, my "single node vm" testing 
is not done with vagrant. Currently I'm not able to successfully use the quick 
dev environment based on my setup (e.g. Windows). I'm working to remedy that.

For "single node vm" testing, I actually run two vms, one Fedora host which 
I do development on and use to run the ansible deployment and a second Centos 6 
(base install from snapshot) host which I deploy Metron onto.

For testing this PR, I deployed Metron without the sensors to by Centos 6 
vm for testing and ran through the steps provided above.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-metron issue #276: METRON-363 Fix Cisco ASA Parser

[nickwallen]

Github user nickwallen commented on the issue:

https://github.com/apache/incubator-metron/pull/276
  
@kylerichardson When you say "tested in single node vm", what do you mean 
exactly?  Do you not use the Vagrant deployment mechanism at 
`metron-deployment/vagrant/quick-dev-platform` or 
`metron-deployment/vagrant/full-dev-platform` to create a single node VM for 
testing?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-metron issue #276: METRON-363 Fix Cisco ASA Parser

[kylerichardson]

Github user kylerichardson commented on the issue:

https://github.com/apache/incubator-metron/pull/276
  
Thanks. Looks like re-opening did the trick.

I've done my best to incorporate everyone's feedback into this version. 
Re-tested in single node vm successfully.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-metron issue #276: METRON-363 Fix Cisco ASA Parser

[kylerichardson]

Github user kylerichardson commented on the issue:

https://github.com/apache/incubator-metron/pull/276
  
Not entirely sure why the CI build failed.

The error was:
```

testExample1(org.apache.metron.profiler.integration.ProfilerIntegrationTest)  
Time elapsed: 35.546 sec  <<< FAILURE!
java.lang.AssertionError: expected:<1950.0> but was:<390.0>
at org.junit.Assert.fail(Assert.java:88)
at org.junit.Assert.failNotEquals(Assert.java:834)
at org.junit.Assert.assertEquals(Assert.java:553)
at org.junit.Assert.assertEquals(Assert.java:683)
at 
org.apache.metron.profiler.integration.ProfilerIntegrationTest.testExample1(ProfilerIntegrationTest.java:140)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at 
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at 
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at 
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at 
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at 
org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:27)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at 
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at 
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at 
org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:252)
at 
org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:141)
at 
org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:112)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:483)
at 
org.apache.maven.surefire.util.ReflectionUtils.invokeMethodWithArray(ReflectionUtils.java:189)
at 
org.apache.maven.surefire.booter.ProviderFactory$ProviderProxy.invoke(ProviderFactory.java:165)
at 
org.apache.maven.surefire.booter.ProviderFactory.invokeProvider(ProviderFactory.java:85)
at 
org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:115)
at 
org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:75)
```

Slightly earlier in the log:
```
106738 [Curator-Framework-0] ERROR o.a.c.ConnectionState - Connection timed 
out for connection string (127.0.0.1:51857) and timeout (15000) / elapsed 
(18872)
org.apache.curator.CuratorConnectionLossException: KeeperErrorCode = 
ConnectionLoss
at 
org.apache.curator.ConnectionState.checkTimeouts(ConnectionState.java:197) 
[metron-common-0.2.1BETA.jar:?]
at 
org.apache.curator.ConnectionState.getZooKeeper(ConnectionState.java:87) 
[metron-common-0.2.1BETA.jar:?]
at 
org.apache.curator.CuratorZookeeperClient.getZooKeeper(CuratorZookeeperClient.java:115)
 [metron-common-0.2.1BETA.jar:?]
at 
org.apache.curator.framework.imps.CuratorFrameworkImpl.performBackgroundOperation(CuratorFrameworkImpl.java:806)
 [metron-common-0.2.1BETA.jar:?]
at 
org.apache.curator.framework.imps.CuratorFrameworkImpl.backgroundOperationsLoop(CuratorFrameworkImpl.java:792)
 [metron-common-0.2.1BETA.jar:?]
at 
org.apache.curator.framework.imps.CuratorFrameworkImpl.access$300(CuratorFrameworkImpl.java:62)
 [metron-common-0.2.1BETA.jar:?]
at 
org.apache.curator.framework.imps.CuratorFrameworkImpl$4.call(CuratorFrameworkImpl.java:257)
 [metron-common-0.2.1BETA.jar:?]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_31]
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) 
[?:1.8.0_31]
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) 
[?:1.8.0_31]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_31]
```

I'm thinking this is similar to 

[GitHub] incubator-metron issue #276: METRON-363 Fix Cisco ASA Parser

[kylerichardson]

Github user kylerichardson commented on the issue:

https://github.com/apache/incubator-metron/pull/276
  
@nickwallen @cestella Thanks very much for the feedback! Much appreciated. 
I'll get started on these changes and respond to your questions as soon as I 
can.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-metron issue #276: METRON-363 Fix Cisco ASA Parser

[kylerichardson]

Github user kylerichardson commented on the issue:

https://github.com/apache/incubator-metron/pull/276
  
**Testing**

It occurs to me I haven't outlined how to test or how I tested this code 
(apologies, this is my first PR).

All my testing was performed on a single node vm (no sensors). This should 
mimic the quick-dev environment (unfortunately, I haven't had much luck with 
vagrant due to my primary OS being Windows).

Test Steps

1) Deploy single node vm using metron_full_install ansible playbook (I can 
provide my host and group_vars if anyone is interested)

2) Stop unused parsers
`monit stop pcap-parser`
`monit stop yaf-parser`
`monit stop bro-parser`
`monit stop snort-parser`

3) Install elasticsearch head
`/usr/share/elasticsearch/bin/plugin install mobz/elasticsearch-head`

4) Start the asa parser topology
`start_parser_topology.sh -k node1:6667 -z node1:2181 -s asa`

5) Use the console producer to load raw asa events into kafka
`/usr/hdp/current/kafka-broker/bin/kafka-console-producer.sh --broker-list 
node1:6667 --topic asa < asa_raw.txt`
For test data I used the sample data provided for integration testing and 
raw data collected from one of my devices.

6) Verify events in elasticsearch
Using the head plugin, I could browse the asa_index_* index and see the 
enriched events

Future enhancements

1) I could not add the asa* indexes to kibana. I believe an elasticsearch 
template is required. I'll be working on that as a future PR.

2) Minor bug in one of the ansible roles (metron_common). The logic to 
verify the jars exist is done remotely and should be done locally. I'll submit 
a separate JIRA and PR for this fix.



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-metron issue #276: METRON-363 Fix Cisco ASA Parser

[kylerichardson]

Github user kylerichardson commented on the issue:

https://github.com/apache/incubator-metron/pull/276
  
Currently my branch doesn't have build_utils. Going to rebase and see if 
that fixes the CI build.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-metron issue #276: METRON-363 Fix Cisco ASA Parser

[kylerichardson]

Github user kylerichardson commented on the issue:

https://github.com/apache/incubator-metron/pull/276
  
I've tested in a slimmed down single node vm (no sensors) but not in 
vagrant.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-metron issue #276: METRON-363 Fix Cisco ASA Parser

[danieljue]

Github user danieljue commented on the issue:

https://github.com/apache/incubator-metron/pull/276
  
FYI the PR for METRON-451 is failing at the same place.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-metron issue #276: METRON-363 Fix Cisco ASA Parser

[cestella]

Github user cestella commented on the issue:

https://github.com/apache/incubator-metron/pull/276
  
Have you run this up in vagrant yet?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---