[jira] [Created] (METRON-1367) Stellar should optionally instrument function calls
Otto Fowler created METRON-1367: --- Summary: Stellar should optionally instrument function calls Key: METRON-1367 URL: https://issues.apache.org/jira/browse/METRON-1367 Project: Metron Issue Type: Improvement Reporter: Otto Fowler It would be nice if stellar processor(s) could optionally instrument function calls to test performance. The result would be some structure with the calls, the times and maybe some context as a list or map -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (METRON-1366) Add an entropy stellar function
[ https://issues.apache.org/jira/browse/METRON-1366?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16293623#comment-16293623 ] ASF GitHub Bot commented on METRON-1366: Github user ottobackwards commented on a diff in the pull request: https://github.com/apache/metron/pull/872#discussion_r157332543 --- Diff: metron-analytics/metron-statistics/src/main/java/org/apache/metron/statistics/informationtheory/InformationTheoryUtil.java --- @@ -0,0 +1,52 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.metron.statistics.informationtheory; + +import java.util.Map; + +public enum InformationTheoryUtil { + INSTANCE; + private static final double LOG2 = Math.log(2); + + public double entropy(Map counts, double logOfBase) { +double ret = 0.0; +int n = 0; +if(counts == null || counts.isEmpty()) { + return ret; +} +for(Integer f : counts.values()) { + n+=f; +} + +for(Integer f : counts.values()) { + double p = f.doubleValue()/n; + ret -= p * Math.log(p) / logOfBase; +} +return ret; + } + --- End diff -- https://github.com/ottobackwards/stream_entropy > Add an entropy stellar function > --- > > Key: METRON-1366 > URL: https://issues.apache.org/jira/browse/METRON-1366 > Project: Metron > Issue Type: Improvement >Reporter: Casey Stella > > Trending entropy for various volumetric statistics (e.g. netflow data) has > been a useful metric for intrusion detection (see > http://www.cs.bu.edu/techreports/pdf/2005-002-anomaly-mining.pdf). To wit, > it makes some sense to add an entropy calculation for Stellar. Used in > conjunction with the profiler and an outlier detector, we can recreate the > work of Lakhina referenced above. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (METRON-1366) Add an entropy stellar function
[ https://issues.apache.org/jira/browse/METRON-1366?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16293620#comment-16293620 ] ASF GitHub Bot commented on METRON-1366: Github user ottobackwards commented on a diff in the pull request: https://github.com/apache/metron/pull/872#discussion_r157332057 --- Diff: metron-analytics/metron-statistics/src/main/java/org/apache/metron/statistics/informationtheory/InformationTheoryUtil.java --- @@ -0,0 +1,52 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.metron.statistics.informationtheory; + +import java.util.Map; + +public enum InformationTheoryUtil { + INSTANCE; + private static final double LOG2 = Math.log(2); + + public double entropy(Map counts, double logOfBase) { +double ret = 0.0; +int n = 0; +if(counts == null || counts.isEmpty()) { + return ret; +} +for(Integer f : counts.values()) { + n+=f; +} + +for(Integer f : counts.values()) { + double p = f.doubleValue()/n; + ret -= p * Math.log(p) / logOfBase; +} +return ret; + } + --- End diff -- for giggles ```java public double stream_entropy(Map counts, double logOfBase) { double ret = 0.0; if (counts == null || counts.isEmpty()) { return ret; } final int n = counts.values().stream().mapToInt((d) -> d).sum(); return counts.values().stream().collect(reducing(0.0, (f) -> f.doubleValue(), (a, b) -> { double p = b.doubleValue() / n; a -= p * Math.log(p) / logOfBase; return a; })); } ``` > Add an entropy stellar function > --- > > Key: METRON-1366 > URL: https://issues.apache.org/jira/browse/METRON-1366 > Project: Metron > Issue Type: Improvement >Reporter: Casey Stella > > Trending entropy for various volumetric statistics (e.g. netflow data) has > been a useful metric for intrusion detection (see > http://www.cs.bu.edu/techreports/pdf/2005-002-anomaly-mining.pdf). To wit, > it makes some sense to add an entropy calculation for Stellar. Used in > conjunction with the profiler and an outlier detector, we can recreate the > work of Lakhina referenced above. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (METRON-1366) Add an entropy stellar function
[ https://issues.apache.org/jira/browse/METRON-1366?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16293407#comment-16293407 ] ASF GitHub Bot commented on METRON-1366: GitHub user cestella opened a pull request: https://github.com/apache/metron/pull/872 METRON-1366: Add an entropy stellar function ## Contributor Comments Trending entropy for various volumetric statistics (e.g. netflow data) has been a useful metric for intrusion detection (see http://www.cs.bu.edu/techreports/pdf/2005-002-anomaly-mining.pdf). To wit, it makes some sense to add an entropy calculation for Stellar. Used in conjunction with the profiler and an outlier detector, we can recreate the work of Lakhina referenced above. You can validate this from the REPL: * `IT_ENTROPY({ 'a' : 10, 'b' : 5, 'c' : 5} )` should yield `1.5` * By the definition of Entropy: `H(X) = -p(a)*log_2(p(a)) - p(b)*log_2(p(b)) - p(c)*log_2(p(c)) = -0.5*-1 - 0.25*-2 - 0.25*-2 = 1.5` * `IT_ENTROPY({})` should yield `0.0` ## Pull Request Checklist Thank you for submitting a contribution to Apache Metron. Please refer to our [Development Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235) for the complete guide to follow for contributions. Please refer also to our [Build Verification Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview) for complete smoke testing guides. In order to streamline the review of the contribution we ask you follow these guidelines and ask you to double check the following: ### For all changes: - [x] Is there a JIRA ticket associated with this PR? If not one needs to be created at [Metron Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel). - [x] Does your PR title start with METRON- where is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character. - [x] Has your PR been rebased against the latest commit within the target branch (typically master)? ### For code changes: - [x] Have you included steps to reproduce the behavior or problem that is being changed or addressed? - [x] Have you included steps or a guide to how the change may be verified and tested manually? - [x] Have you ensured that the full suite of tests and checks have been executed in the root metron folder via: ``` mvn -q clean integration-test install && build_utils/verify_licenses.sh ``` - [x] Have you written or updated unit tests and or integration tests to verify your changes? - [x] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? - [ ] Have you verified the basic functionality of the build by building and running locally with Vagrant full-dev environment or the equivalent? ### For documentation related changes: - [x] Have you ensured that format looks appropriate for the output in which it is rendered by building and verifying the site-book? If not then run the following commands and the verify changes via `site-book/target/site/index.html`: ``` cd site-book mvn site ``` Note: Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible. It is also recommended that [travis-ci](https://travis-ci.org) is set up for your personal repository such that your branches are built there before submitting a pull request. You can merge this pull request into a Git repository by running: $ git pull https://github.com/cestella/incubator-metron entropy Alternatively you can review and apply these changes as the patch at: https://github.com/apache/metron/pull/872.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #872 commit d4494854e482e2532f707b28ef2f891d13e129f3 Author: cstellaDate: 2017-12-15T23:25:50Z Added entropy function. > Add an entropy stellar function > --- > > Key: METRON-1366 > URL: https://issues.apache.org/jira/browse/METRON-1366 > Project: Metron > Issue Type: Improvement >Reporter: Casey Stella > > Trending entropy for various volumetric statistics (e.g. netflow data) has > been a useful metric for intrusion detection (see > http://www.cs.bu.edu/techreports/pdf/2005-002-anomaly-mining.pdf). To wit, > it makes some sense to add an entropy calculation for Stellar. Used in > conjunction
[jira] [Created] (METRON-1366) Add an entropy stellar function
Casey Stella created METRON-1366: Summary: Add an entropy stellar function Key: METRON-1366 URL: https://issues.apache.org/jira/browse/METRON-1366 Project: Metron Issue Type: Improvement Reporter: Casey Stella Trending entropy for various volumetric statistics (e.g. netflow data) has been a useful metric for intrusion detection (see http://www.cs.bu.edu/techreports/pdf/2005-002-anomaly-mining.pdf). To wit, it makes some sense to add an entropy calculation for Stellar. Used in conjunction with the profiler and an outlier detector, we can recreate the work of Lakhina referenced above. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (METRON-1365) Allow PROFILE_GET to return a default value for a profile and entity that does not have a value written.
[ https://issues.apache.org/jira/browse/METRON-1365?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16293382#comment-16293382 ] ASF GitHub Bot commented on METRON-1365: GitHub user cestella opened a pull request: https://github.com/apache/metron/pull/871 METRON-1365: Allow PROFILE_GET to return a default value for a profile and entity that does not have a value written. ## Contributor Comments Right now the profiler is a sparse system, namely if data is not written during a profile period for a given profile and entity, no values are written to HBase. Some algorithms may need non-sparse data (e.g. time series outlier detection algorithms). We should keep the default behavior as it stands, but allow the user at read time to specify a default value. This is most cleanly done by using the existing profiler config overrides (the 4rd argument to `PROFILE_GET`) and adding a `profiler.default.value`. You should be able to validate this in the REPL in full-dev by running: ``` PROFILE_GET('profile1', 'entity1', PROFILE_FIXED(4, 'HOURS'), { 'profiler.default.value' : 'metron'} ) ``` You should see a list of strings with 16 or 17 copies of `metron` in it. If you run it without the overrides, you should see an empty list returned. ## Pull Request Checklist Thank you for submitting a contribution to Apache Metron. Please refer to our [Development Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235) for the complete guide to follow for contributions. Please refer also to our [Build Verification Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview) for complete smoke testing guides. In order to streamline the review of the contribution we ask you follow these guidelines and ask you to double check the following: ### For all changes: - [x] Is there a JIRA ticket associated with this PR? If not one needs to be created at [Metron Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel). - [x] Does your PR title start with METRON- where is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character. - [x] Has your PR been rebased against the latest commit within the target branch (typically master)? ### For code changes: - [ x] Have you included steps to reproduce the behavior or problem that is being changed or addressed? - [ ] Have you included steps or a guide to how the change may be verified and tested manually? - [x] Have you ensured that the full suite of tests and checks have been executed in the root metron folder via: ``` mvn -q clean integration-test install && build_utils/verify_licenses.sh ``` - [x] Have you written or updated unit tests and or integration tests to verify your changes? - [x] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? - [ ] Have you verified the basic functionality of the build by building and running locally with Vagrant full-dev environment or the equivalent? ### For documentation related changes: - [x] Have you ensured that format looks appropriate for the output in which it is rendered by building and verifying the site-book? If not then run the following commands and the verify changes via `site-book/target/site/index.html`: ``` cd site-book mvn site ``` Note: Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible. It is also recommended that [travis-ci](https://travis-ci.org) is set up for your personal repository such that your branches are built there before submitting a pull request. You can merge this pull request into a Git repository by running: $ git pull https://github.com/cestella/incubator-metron profiler_default_values Alternatively you can review and apply these changes as the patch at: https://github.com/apache/metron/pull/871.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #871 commit f763a728bce19f10b49c2d431814e25006a5b5d3 Author: cstellaDate: 2017-12-15T22:37:22Z Adding the ability to return default values from the profiler. commit 44267b0850c7fc0912408f36badf64556a30d927 Author: cstella Date: 2017-12-15T22:39:14Z Updating readme to support default values > Allow PROFILE_GET to return a default value for a profile and entity that > does not
[jira] [Created] (METRON-1365) Allow PROFILE_GET to return a default value for a profile and entity that does not have a value written.
Casey Stella created METRON-1365: Summary: Allow PROFILE_GET to return a default value for a profile and entity that does not have a value written. Key: METRON-1365 URL: https://issues.apache.org/jira/browse/METRON-1365 Project: Metron Issue Type: Improvement Reporter: Casey Stella Right now the profiler is a sparse system, namely if data is not written during a profile period for a given profile and entity, no values are written to HBase. Some algorithms may need non-sparse data (e.g. time series outlier detection algorithms). We should keep the default behavior as it stands, but allow the user at read time to specify a default value. This is most cleanly done by using the existing profiler config overrides (the 3rd argument to PROFILE_GET) and adding a profiler.default.value. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (METRON-1364) Add an implementation of Robust PCA outlier detection
[ https://issues.apache.org/jira/browse/METRON-1364?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16293289#comment-16293289 ] ASF GitHub Bot commented on METRON-1364: GitHub user cestella opened a pull request: https://github.com/apache/metron/pull/870 METRON-1364: Add an implementation of Robust PCA outlier detection ## Contributor Comments With short circuiting in Stellar, we have the opportunity to delve into more computationally intensive outlier detection techniques. Generally these would be executed only if simpler outlier detection techniques indicated an outlier (e.g. statistical outlier tests). As the first one of these supported, I'd suggest a Robust PCA based technique similar to Netflix's Surus. See https://medium.com/netflix-techblog/rad-outlier-detection-on-big-data-d6b0494371cc and https://metamarkets.com/2012/algorithmic-trendspotting-the-meaning-of-interesting/ for more detail. It should be noted that there are some caveats with this approach around sparsity and orderedness. Regarding sparsity,this outlier detection algorithm presumes dense output, which is not the case for data spanning profiles (e.g. the profiler does not write out data every period if no data was seen). To deal with this, I am suggesting a modification to the profiler to allow PROFILE_GET to return a default value. That will be done in a separate JIRA. Regarding well-orderedness, this is an outlier detector for time series data, so it is sensitive to order to a certain extent. Given its computational intensity, it is likely to be used with a sample of the data to shrink the size of the data. To that end, uniform sampling is not sensible here, but rather a biased sample for recency. Without this, you may get poor results from this outlier detector. This sampler should be done in a separate JIRA, but I will ensure the infrastructure to add it is contributed in METRON-1350. ## Pull Request Checklist Thank you for submitting a contribution to Apache Metron. Please refer to our [Development Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235) for the complete guide to follow for contributions. Please refer also to our [Build Verification Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview) for complete smoke testing guides. In order to streamline the review of the contribution we ask you follow these guidelines and ask you to double check the following: ### For all changes: - [x] Is there a JIRA ticket associated with this PR? If not one needs to be created at [Metron Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel). - [x] Does your PR title start with METRON- where is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character. - [x] Has your PR been rebased against the latest commit within the target branch (typically master)? ### For code changes: - [x] Have you included steps to reproduce the behavior or problem that is being changed or addressed? - [ ] Have you included steps or a guide to how the change may be verified and tested manually? - [x] Have you ensured that the full suite of tests and checks have been executed in the root metron folder via: ``` mvn -q clean integration-test install && build_utils/verify_licenses.sh ``` - [x] Have you written or updated unit tests and or integration tests to verify your changes? - [x] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? - [ ] Have you verified the basic functionality of the build by building and running locally with Vagrant full-dev environment or the equivalent? ### For documentation related changes: - [x] Have you ensured that format looks appropriate for the output in which it is rendered by building and verifying the site-book? If not then run the following commands and the verify changes via `site-book/target/site/index.html`: ``` cd site-book mvn site ``` Note: Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible. It is also recommended that [travis-ci](https://travis-ci.org) is set up for your personal repository such that your branches are built there before submitting a pull request. You can merge this pull request into a Git repository by running: $ git pull https://github.com/cestella/incubator-metron RAD_outlier Alternatively you can review and apply these changes as the patch at:
[jira] [Created] (METRON-1364) Add an implementation of Robust PCA outlier detection
Casey Stella created METRON-1364: Summary: Add an implementation of Robust PCA outlier detection Key: METRON-1364 URL: https://issues.apache.org/jira/browse/METRON-1364 Project: Metron Issue Type: Improvement Reporter: Casey Stella With short circuiting in Stellar, we have the opportunity to delve into more computationally intensive outlier detection techniques. Generally these would be executed only if simpler outlier detection techniques indicated an outlier (e.g. statistical outlier tests). As the first one of these supported, I'd suggest a Robust PCA based technique similar to Netflix's Surus. See https://medium.com/netflix-techblog/rad-outlier-detection-on-big-data-d6b0494371cc and https://metamarkets.com/2012/algorithmic-trendspotting-the-meaning-of-interesting/ for more detail. It should be noted that there are some caveats with this approach around sparsity and orderedness. Regarding sparsity,this outlier detection algorithm presumes dense output, which is not the case for data spanning profiles (e.g. the profiler does not write out data every period if no data was seen). To deal with this, I am suggesting a modification to the profiler to allow PROFILE_GET to return a default value. That will be done in a separate JIRA. Regarding well-orderedness, this is an outlier detector for time series data, so it is sensitive to order to a certain extent. Given its computational intensity, it is likely to be used with a sample of the data to shrink the size of the data. To that end, uniform sampling is not sensible here, but rather a biased sample for recency. Without this, you may get poor results from this outlier detector. This sampler should be done in a separate JIRA, but I will ensure the infrastructure to add it is contributed in METRON-1350. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (METRON-1212) Bundles and Maven Plugin
[ https://issues.apache.org/jira/browse/METRON-1212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16293278#comment-16293278 ] ASF GitHub Bot commented on METRON-1212: Github user JonZeolla commented on a diff in the pull request: https://github.com/apache/metron/pull/865#discussion_r157303681 --- Diff: bundles-maven-plugin/README.md --- @@ -20,7 +20,9 @@ Apache Metron Bundles Maven Plugin helps to build Bundles Archives to support th - [Requirements](#requirements) - [Building](#building) -- [Getting Stared](#getting_started) +- [Getting Stared](#getting-started) --- End diff -- `s/Stared/Started/` > Bundles and Maven Plugin > > > Key: METRON-1212 > URL: https://issues.apache.org/jira/browse/METRON-1212 > Project: Metron > Issue Type: Sub-task >Reporter: Otto Fowler >Assignee: Otto Fowler > Labels: metron-feature-canidate, > metron-feature-extensions-parsers > > The first effort will be to land the bundle system and supporting maven > plugin on master -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-1158) Build backend for grouping alerts into meta alerts
[ https://issues.apache.org/jira/browse/METRON-1158?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Justin Leet updated METRON-1158: Fix Version/s: 0.4.2 > Build backend for grouping alerts into meta alerts > -- > > Key: METRON-1158 > URL: https://issues.apache.org/jira/browse/METRON-1158 > Project: Metron > Issue Type: New Feature >Reporter: Justin Leet >Assignee: Justin Leet > Fix For: 0.4.2 > > > We should be able to handle meta alerts (manually grouped alerts, > particularly from the UI) in the system. This should be integrated with the > DAO composition put into place with IndexDao. > While similar to faceting (and likely resulting from slicing and dicing from > faceting), these need to be interacted with and queryable alongside regular > alerts. > This needs to handle: > * ES (as a starting point. This shouldn't preclude Solr) > * Creation of meta alerts > * Maintain update semantics for alerts > * Handling scores when a child alert is added, updated or deleted. > * Continue to allow regular alerts to flow through cleanly to the original > sensor indices. > * Allow for querying (plus sorting and so on) alongside the original sensor > indices. > * Maintain UI grouping order as the minimum of metadata. > * This should be configured via the same indexDao definition (or at least > similar) as the other indexDaos. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-1190) Fix Meta Alert Type handling in calculation of scores
[ https://issues.apache.org/jira/browse/METRON-1190?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Justin Leet updated METRON-1190: Fix Version/s: 0.4.2 > Fix Meta Alert Type handling in calculation of scores > - > > Key: METRON-1190 > URL: https://issues.apache.org/jira/browse/METRON-1190 > Project: Metron > Issue Type: Bug >Reporter: Justin Leet >Assignee: Justin Leet > Fix For: 0.4.2 > > > The alerts field can actually come as two different types List vs > Object[] during calculation of meta score fields. A "correction" during the > original PR to fix one actually broke the other. Both should be able to be > handled (Contents should be the same, just wrapped differently.) -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-938) "service metron-rest start " does not work on CentOS 7.
[ https://issues.apache.org/jira/browse/METRON-938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Justin Leet updated METRON-938: --- Fix Version/s: (was: Next + 1) 0.4.2 > "service metron-rest start " does not work on CentOS 7. > - > > Key: METRON-938 > URL: https://issues.apache.org/jira/browse/METRON-938 > Project: Metron > Issue Type: Bug >Affects Versions: 0.4.0 > Environment: Metron 0.4.0 on CentOS 7. >Reporter: Laurens Vets >Assignee: Justin Leet >Priority: Minor > Fix For: 0.4.2 > > > I suppose due to the change to systemd, the command "service metron-rest > start " does not work anymore in CentOS 7. > Changing "METRON_JDBC_PASSWORD="$2"" to "METRON_JDBC_PASSWORD=" PASSWORD>"" in "/etc/rc.d/init.d/metron-rest" seems to fix this. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-1220) Create documentation around alert nested field
[ https://issues.apache.org/jira/browse/METRON-1220?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Justin Leet updated METRON-1220: Fix Version/s: 0.4.2 > Create documentation around alert nested field > -- > > Key: METRON-1220 > URL: https://issues.apache.org/jira/browse/METRON-1220 > Project: Metron > Issue Type: Improvement >Reporter: Justin Leet >Assignee: Justin Leet > Fix For: 0.4.2 > > > There is an additional requirement around defining a sensor's fields in > Elasticsearch as a result of the meta alert functionality resulting from > Elasticsearch 2.x. This should be added to to the appropriate READMEs as > needed. > Specifically the sensors must all define a field as such: > {code} > "alert": { > "type": "nested" > } > {code} > This field is a dummy field used exclusively to make searches work (because > an error will be thrown when a field is missing). > {code} > QueryParsingException[[nested] failed to find nested object under path > [alert]]; > {code} > As noted https://github.com/apache/metron/pull/619#issuecomment-330529609, > this underlying ES behavior is changed with ES 5.x and a small modification > to the query can be made and this field removed. This is documentd by ES at > https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-sort.html#_ignoring_unmapped_fields -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-1202) ElasticsearchDao Has extraneous sleep call
[ https://issues.apache.org/jira/browse/METRON-1202?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Justin Leet updated METRON-1202: Fix Version/s: (was: Next + 1) 0.4.2 > ElasticsearchDao Has extraneous sleep call > -- > > Key: METRON-1202 > URL: https://issues.apache.org/jira/browse/METRON-1202 > Project: Metron > Issue Type: Bug >Reporter: Justin Leet >Assignee: Justin Leet > Fix For: 0.4.2 > > > Pointless sleep call that snuck in. Just dump it. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-1272) Hide child alerts from searches and grouping if they belong to meta alerts
[ https://issues.apache.org/jira/browse/METRON-1272?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Justin Leet updated METRON-1272: Fix Version/s: 0.4.2 > Hide child alerts from searches and grouping if they belong to meta alerts > -- > > Key: METRON-1272 > URL: https://issues.apache.org/jira/browse/METRON-1272 > Project: Metron > Issue Type: Improvement >Reporter: Justin Leet >Assignee: Justin Leet > Fix For: 0.4.2 > > > If an alert is already grouped into a meta alert, it's nice to route > everything through the same query structure and allow sorting alongside them, > etc. However, showing alerts that are already contained in a meta alert is > potential clutter for a user and gives the impression an event has occurred > twice if it's in a standalone alert and a metaalert. > This should hide alerts contained in a meta alert from searches (which will > always match the enclosing meta alert anyway, so nothing will be lost from > the search). > They should also be hidden from grouping calls, because the user has already > manually grouped them during prior slicing and dicing. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-1247) REST search and findOne endpoints return unexpected or incorrect results for guids
[ https://issues.apache.org/jira/browse/METRON-1247?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Justin Leet updated METRON-1247: Fix Version/s: 0.4.2 > REST search and findOne endpoints return unexpected or incorrect results for > guids > -- > > Key: METRON-1247 > URL: https://issues.apache.org/jira/browse/METRON-1247 > Project: Metron > Issue Type: Bug >Reporter: Justin Leet >Assignee: Justin Leet > Fix For: 0.4.2 > > > When running a search for a particular GUID, e.g. > {code} > { > "indices": ["websphere", "snort", "asa", "bro", "yaf"], > "query": "guid:a2d7ba04-d335-4948-8bc8-c889e7c531c9", > "from": 0, > "size": 500 > } > {code} > Multiple results can be returned. This appears to be because the "guid" > field gets the default analyzer, so the individual segments between the > hyphens can match. > A workaround is simply to quote the string (escaping appropriately). This > should be documented. A longer term solution is likely needed, but requires > more discussion. > For findOne, the same situation happens, but since only one item is returned > it can be incorrect (a partial match that happens to be sorted earlier). > This should be changed to a simple GET against the id (which is also the guid > by design). It's also more efficient to do this anyway. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-1284) Remove extraneous dead query in ElasticsearchDao
[ https://issues.apache.org/jira/browse/METRON-1284?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Justin Leet updated METRON-1284: Fix Version/s: 0.4.2 > Remove extraneous dead query in ElasticsearchDao > > > Key: METRON-1284 > URL: https://issues.apache.org/jira/browse/METRON-1284 > Project: Metron > Issue Type: Bug >Reporter: Justin Leet >Assignee: Justin Leet >Priority: Minor > Fix For: 0.4.2 > > > This is pointless, but not really harmful. > {code} > org.elasticsearch.action.search.SearchResponse result = > client.prepareSearch("test*").setFetchSource(true).setQuery(QueryBuilders.matchAllQuery()).get(); > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (METRON-939) Upgrade ElasticSearch and Kibana
[ https://issues.apache.org/jira/browse/METRON-939?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292889#comment-16292889 ] ASF GitHub Bot commented on METRON-939: --- Github user mmiklavc commented on the issue: https://github.com/apache/metron/pull/840 Just a status update on this. We're currently waiting for 0.4.2 to roll out before this gets committed. We definitely want more eyes and testing on this PR considering its breadth and size. We do not have any +1's yet, and I would prefer to have at least 2 for good measure, if at all possible. > Upgrade ElasticSearch and Kibana > > > Key: METRON-939 > URL: https://issues.apache.org/jira/browse/METRON-939 > Project: Metron > Issue Type: Improvement >Reporter: Jon Zeolla >Assignee: Michael Miklavcic > Labels: backwards-incompatible > Attachments: Metron-Dashboard - Kibana.pdf, Metron-Error-Dashboard - > Kibana.pdf > > > Upgrade ElasticSearch and Kibana (latest is 5.4 as of writing this). Among > other benefits, this allows us to use periods in field names > (https://github.com/elastic/elasticsearch/pull/19937/files), which has been > available as of 5.0 and 2.4, and the ability to index an IPv6 address > properly > (https://www.elastic.co/blog/indexing-ipv6-addresses-in-elasticsearch). -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-1177) Stale running topologies seen post-kerberization and cause exceptions
[ https://issues.apache.org/jira/browse/METRON-1177?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen updated METRON-1177: --- Affects Version/s: 0.4.1 > Stale running topologies seen post-kerberization and cause exceptions > - > > Key: METRON-1177 > URL: https://issues.apache.org/jira/browse/METRON-1177 > Project: Metron > Issue Type: Bug >Affects Versions: 0.4.1 >Reporter: Anand Subramanian >Assignee: Nick Allen > Fix For: 0.4.2 > > > *Steps to Reproduce* > 1. Install Ambari on 12 node cluster > 2. Install Metron using MPack > 3. Metron topologies are now running as user 'storm' > 4. Setup standalone KDC on Ambari node by following these > [steps|https://github.com/apache/metron/blob/master/metron-deployment/Kerberos-manual-setup.md#setup-a-kdc] > 5. Initiate "kerberize" cluster using Ambari > 6. Ambari triggers "Stop all services" > 7. In the event of a race condition, the REST service shuts down (which > prevents from being able to shutdown metron topologies) > 8. Metron topology shut down occurs, but Metron Mpack cannot stop topologies > because REST already stopped. Metron ignores this condition and continues on > assuming the topologies are down > 9. Storm service shuts down > 10. Cluster kerberization occurs > 11. Ambari triggers "Start all services" > 12. Storm service starts. > 13. Since the Metron topologies were running when Storm was shutdown, these > same topologies are attempted to be started again by Storm, but are declared > as "already running" > 14. All other services start successfully > 15. Now, if we attempt to run a test with the stale topologies, following > exceptions are seen: > {code} > AuthorizationException(msg:getTopologyInfo on topology snort is not > authorized) > at > org.apache.storm.generated.Nimbus$getTopologyInfo_result$getTopologyInfo_resultStandardScheme.read(Nimbus.java:36971) > at > org.apache.storm.generated.Nimbus$getTopologyInfo_result$getTopologyInfo_resultStandardScheme.read(Nimbus.java:36939) > at > org.apache.storm.generated.Nimbus$getTopologyInfo_result.read(Nimbus.java:36870) > at > org.apache.storm.thrift.TServiceClient.receiveBase(TServiceClient.java:86) > at > org.apache.storm.generated.Nimbus$Client.recv_getTopologyInfo(Nimbus.java:1182) > at > org.apache.storm.generated.Nimbus$Client.getTopologyInfo(Nimbus.java:1169) > at > org.hw.metron.lib.storm.StormClient.isTopologyRunning(StormClient.java:150) > at > org.hw.metron.lib.storm.StormClient.startTopology(StormClient.java:68) > at > functional.SnortTopologyTest.snortElasticsearchIndexTest(SnortTopologyTest.java:36) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > org.testng.internal.MethodInvocationHelper.invokeMethod(MethodInvocationHelper.java:86) > at org.testng.internal.Invoker.invokeMethod(Invoker.java:643) > at org.testng.internal.Invoker.invokeTestMethod(Invoker.java:820) > at org.testng.internal.Invoker.invokeTestMethods(Invoker.java:1128) > at > org.testng.internal.TestMethodWorker.invokeTestMethods(TestMethodWorker.java:129) > at org.testng.internal.TestMethodWorker.run(TestMethodWorker.java:112) > at org.testng.TestRunner.privateRun(TestRunner.java:782) > at org.testng.TestRunner.run(TestRunner.java:632) > at org.testng.SuiteRunner.runTest(SuiteRunner.java:366) > at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:361) > at org.testng.SuiteRunner.privateRun(SuiteRunner.java:319) > at org.testng.SuiteRunner.run(SuiteRunner.java:268) > at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:52) > at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:86) > at org.testng.TestNG.runSuitesSequentially(TestNG.java:1244) > at org.testng.TestNG.runSuitesLocally(TestNG.java:1169) > at org.testng.TestNG.run(TestNG.java:1064) > at > org.apache.maven.surefire.testng.TestNGExecutor.run(TestNGExecutor.java:295) > at > org.apache.maven.surefire.testng.TestNGXmlTestSuite.execute(TestNGXmlTestSuite.java:84) > at > org.apache.maven.surefire.testng.TestNGProvider.invoke(TestNGProvider.java:90) > at > org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:203) > at > org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:155) > at >
[jira] [Updated] (METRON-1177) Stale running topologies seen post-kerberization and cause exceptions
[ https://issues.apache.org/jira/browse/METRON-1177?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen updated METRON-1177: --- Fix Version/s: 0.4.2 > Stale running topologies seen post-kerberization and cause exceptions > - > > Key: METRON-1177 > URL: https://issues.apache.org/jira/browse/METRON-1177 > Project: Metron > Issue Type: Bug >Reporter: Anand Subramanian >Assignee: Nick Allen > Fix For: 0.4.2 > > > *Steps to Reproduce* > 1. Install Ambari on 12 node cluster > 2. Install Metron using MPack > 3. Metron topologies are now running as user 'storm' > 4. Setup standalone KDC on Ambari node by following these > [steps|https://github.com/apache/metron/blob/master/metron-deployment/Kerberos-manual-setup.md#setup-a-kdc] > 5. Initiate "kerberize" cluster using Ambari > 6. Ambari triggers "Stop all services" > 7. In the event of a race condition, the REST service shuts down (which > prevents from being able to shutdown metron topologies) > 8. Metron topology shut down occurs, but Metron Mpack cannot stop topologies > because REST already stopped. Metron ignores this condition and continues on > assuming the topologies are down > 9. Storm service shuts down > 10. Cluster kerberization occurs > 11. Ambari triggers "Start all services" > 12. Storm service starts. > 13. Since the Metron topologies were running when Storm was shutdown, these > same topologies are attempted to be started again by Storm, but are declared > as "already running" > 14. All other services start successfully > 15. Now, if we attempt to run a test with the stale topologies, following > exceptions are seen: > {code} > AuthorizationException(msg:getTopologyInfo on topology snort is not > authorized) > at > org.apache.storm.generated.Nimbus$getTopologyInfo_result$getTopologyInfo_resultStandardScheme.read(Nimbus.java:36971) > at > org.apache.storm.generated.Nimbus$getTopologyInfo_result$getTopologyInfo_resultStandardScheme.read(Nimbus.java:36939) > at > org.apache.storm.generated.Nimbus$getTopologyInfo_result.read(Nimbus.java:36870) > at > org.apache.storm.thrift.TServiceClient.receiveBase(TServiceClient.java:86) > at > org.apache.storm.generated.Nimbus$Client.recv_getTopologyInfo(Nimbus.java:1182) > at > org.apache.storm.generated.Nimbus$Client.getTopologyInfo(Nimbus.java:1169) > at > org.hw.metron.lib.storm.StormClient.isTopologyRunning(StormClient.java:150) > at > org.hw.metron.lib.storm.StormClient.startTopology(StormClient.java:68) > at > functional.SnortTopologyTest.snortElasticsearchIndexTest(SnortTopologyTest.java:36) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > org.testng.internal.MethodInvocationHelper.invokeMethod(MethodInvocationHelper.java:86) > at org.testng.internal.Invoker.invokeMethod(Invoker.java:643) > at org.testng.internal.Invoker.invokeTestMethod(Invoker.java:820) > at org.testng.internal.Invoker.invokeTestMethods(Invoker.java:1128) > at > org.testng.internal.TestMethodWorker.invokeTestMethods(TestMethodWorker.java:129) > at org.testng.internal.TestMethodWorker.run(TestMethodWorker.java:112) > at org.testng.TestRunner.privateRun(TestRunner.java:782) > at org.testng.TestRunner.run(TestRunner.java:632) > at org.testng.SuiteRunner.runTest(SuiteRunner.java:366) > at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:361) > at org.testng.SuiteRunner.privateRun(SuiteRunner.java:319) > at org.testng.SuiteRunner.run(SuiteRunner.java:268) > at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:52) > at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:86) > at org.testng.TestNG.runSuitesSequentially(TestNG.java:1244) > at org.testng.TestNG.runSuitesLocally(TestNG.java:1169) > at org.testng.TestNG.run(TestNG.java:1064) > at > org.apache.maven.surefire.testng.TestNGExecutor.run(TestNGExecutor.java:295) > at > org.apache.maven.surefire.testng.TestNGXmlTestSuite.execute(TestNGXmlTestSuite.java:84) > at > org.apache.maven.surefire.testng.TestNGProvider.invoke(TestNGProvider.java:90) > at > org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:203) > at > org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:155) > at >
[jira] [Updated] (METRON-1349) Full Dev Builds Metron Twice
[ https://issues.apache.org/jira/browse/METRON-1349?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen updated METRON-1349: --- Fix Version/s: Next + 1 > Full Dev Builds Metron Twice > > > Key: METRON-1349 > URL: https://issues.apache.org/jira/browse/METRON-1349 > Project: Metron > Issue Type: Bug >Reporter: Nick Allen >Assignee: Nick Allen > Fix For: Next + 1 > > > When deploying Metron in Full Dev, the "Build Metron" step gets run twice. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-1336) Patching Can Result in Bad Configuration
[ https://issues.apache.org/jira/browse/METRON-1336?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen updated METRON-1336: --- Fix Version/s: (was: 0.4.1) 0.4.2 > Patching Can Result in Bad Configuration > > > Key: METRON-1336 > URL: https://issues.apache.org/jira/browse/METRON-1336 > Project: Metron > Issue Type: Bug >Affects Versions: 0.4.1 >Reporter: Nick Allen >Assignee: Nick Allen > Fix For: 0.4.2 > > > When applying a patch with `zk_load_configs` the resulting configuration can > be invalid. The resulting configuration should be validated so that a patch > can never result in an invalid configuration. > For example, applying the following patch with `zk_load_config` to the > Profiler yields a broken Profiler configuration. > {code} > [ >{ > "path":"profiles", > "value":{ > "profile":"sketchy_mad", > "onlyif":"true", > "update":{ > "s":"OUTLIER_MAD_ADD(s, value)" > }, > "init":{ > "s":"OUTLIER_MAD_STATE_MERGE(PROFILE_GET('sketchy_mad','global', > PROFILE_FIXED(5, 'MINUTES')))" > }, > "foreach":"'global'", > "result":"s" > }, > "op":"add" >} > ] > {code} > The broken configuration is only discovered after dumping the configuration. > {code} > $ bin/zk_load_configs.sh -z $ZOOKEEPER -m DUMP -c PROFILER > Exception in thread "main" java.lang.RuntimeException: Unable to load { > "profiles" : { > "profile" : "sketchy_mad", > "onlyif" : "true", > "update" : { > "s" : "OUTLIER_MAD_ADD(s, value)" > }, > "init" : { > "s" : "OUTLIER_MAD_STATE_MERGE(PROFILE_GET('sketchy_mad','global', > PROFILE_FIXED(5, 'MINUTES')))" > }, > "foreach" : "'global'", > "result" : "s" > } > } > at > org.apache.metron.common.configuration.ConfigurationType.lambda$static$4(ConfigurationType.java:68) > at > org.apache.metron.common.configuration.ConfigurationType.deserialize(ConfigurationType.java:93) > at > org.apache.metron.common.configuration.ConfigurationsUtils.lambda$dumpConfigs$6(ConfigurationsUtils.java:621) > at > org.apache.metron.common.configuration.ConfigurationsUtils.visitConfigs(ConfigurationsUtils.java:575) > at > org.apache.metron.common.configuration.ConfigurationsUtils.dumpConfigs(ConfigurationsUtils.java:619) > at > org.apache.metron.common.cli.ConfigurationManager.dump(ConfigurationManager.java:189) > at > org.apache.metron.common.cli.ConfigurationManager.run(ConfigurationManager.java:268) > at > org.apache.metron.common.cli.ConfigurationManager.run(ConfigurationManager.java:243) > at > org.apache.metron.common.cli.ConfigurationManager.main(ConfigurationManager.java:355) > Caused by: org.apache.metron.jackson.databind.JsonMappingException: Can not > deserialize instance of java.util.ArrayList out of START_OBJECT token > at [Source: { > "profiles" : { > "profile" : "sketchy_mad", > "onlyif" : "true", > "update" : { > "s" : "OUTLIER_MAD_ADD(s, value)" > }, > "init" : { > "s" : "OUTLIER_MAD_STATE_MERGE(PROFILE_GET('sketchy_mad','global', > PROFILE_FIXED(5, 'MINUTES')))" > }, > "foreach" : "'global'", > "result" : "s" > } > }; line: 2, column: 16] (through reference chain: > org.apache.metron.common.configuration.profiler.ProfilerConfig["profiles"]) > at > org.apache.metron.jackson.databind.JsonMappingException.from(JsonMappingException.java:255) > at > org.apache.metron.jackson.databind.DeserializationContext.mappingException(DeserializationContext.java:971) > at > org.apache.metron.jackson.databind.DeserializationContext.mappingException(DeserializationContext.java:967) > at > org.apache.metron.jackson.databind.deser.std.CollectionDeserializer.handleNonArray(CollectionDeserializer.java:327) > at > org.apache.metron.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:259) > at > org.apache.metron.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:249) > at > org.apache.metron.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:26) > at > org.apache.metron.jackson.databind.deser.SettableBeanProperty.deserialize(SettableBeanProperty.java:490) > at > org.apache.metron.jackson.databind.deser.impl.MethodProperty.deserializeAndSet(MethodProperty.java:95) > at > org.apache.metron.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:260) > at > org.apache.metron.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:125) > at >
[jira] [Updated] (METRON-1336) Patching Can Result in Bad Configuration
[ https://issues.apache.org/jira/browse/METRON-1336?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen updated METRON-1336: --- Affects Version/s: 0.4.1 > Patching Can Result in Bad Configuration > > > Key: METRON-1336 > URL: https://issues.apache.org/jira/browse/METRON-1336 > Project: Metron > Issue Type: Bug >Affects Versions: 0.4.1 >Reporter: Nick Allen >Assignee: Nick Allen > Fix For: 0.4.2 > > > When applying a patch with `zk_load_configs` the resulting configuration can > be invalid. The resulting configuration should be validated so that a patch > can never result in an invalid configuration. > For example, applying the following patch with `zk_load_config` to the > Profiler yields a broken Profiler configuration. > {code} > [ >{ > "path":"profiles", > "value":{ > "profile":"sketchy_mad", > "onlyif":"true", > "update":{ > "s":"OUTLIER_MAD_ADD(s, value)" > }, > "init":{ > "s":"OUTLIER_MAD_STATE_MERGE(PROFILE_GET('sketchy_mad','global', > PROFILE_FIXED(5, 'MINUTES')))" > }, > "foreach":"'global'", > "result":"s" > }, > "op":"add" >} > ] > {code} > The broken configuration is only discovered after dumping the configuration. > {code} > $ bin/zk_load_configs.sh -z $ZOOKEEPER -m DUMP -c PROFILER > Exception in thread "main" java.lang.RuntimeException: Unable to load { > "profiles" : { > "profile" : "sketchy_mad", > "onlyif" : "true", > "update" : { > "s" : "OUTLIER_MAD_ADD(s, value)" > }, > "init" : { > "s" : "OUTLIER_MAD_STATE_MERGE(PROFILE_GET('sketchy_mad','global', > PROFILE_FIXED(5, 'MINUTES')))" > }, > "foreach" : "'global'", > "result" : "s" > } > } > at > org.apache.metron.common.configuration.ConfigurationType.lambda$static$4(ConfigurationType.java:68) > at > org.apache.metron.common.configuration.ConfigurationType.deserialize(ConfigurationType.java:93) > at > org.apache.metron.common.configuration.ConfigurationsUtils.lambda$dumpConfigs$6(ConfigurationsUtils.java:621) > at > org.apache.metron.common.configuration.ConfigurationsUtils.visitConfigs(ConfigurationsUtils.java:575) > at > org.apache.metron.common.configuration.ConfigurationsUtils.dumpConfigs(ConfigurationsUtils.java:619) > at > org.apache.metron.common.cli.ConfigurationManager.dump(ConfigurationManager.java:189) > at > org.apache.metron.common.cli.ConfigurationManager.run(ConfigurationManager.java:268) > at > org.apache.metron.common.cli.ConfigurationManager.run(ConfigurationManager.java:243) > at > org.apache.metron.common.cli.ConfigurationManager.main(ConfigurationManager.java:355) > Caused by: org.apache.metron.jackson.databind.JsonMappingException: Can not > deserialize instance of java.util.ArrayList out of START_OBJECT token > at [Source: { > "profiles" : { > "profile" : "sketchy_mad", > "onlyif" : "true", > "update" : { > "s" : "OUTLIER_MAD_ADD(s, value)" > }, > "init" : { > "s" : "OUTLIER_MAD_STATE_MERGE(PROFILE_GET('sketchy_mad','global', > PROFILE_FIXED(5, 'MINUTES')))" > }, > "foreach" : "'global'", > "result" : "s" > } > }; line: 2, column: 16] (through reference chain: > org.apache.metron.common.configuration.profiler.ProfilerConfig["profiles"]) > at > org.apache.metron.jackson.databind.JsonMappingException.from(JsonMappingException.java:255) > at > org.apache.metron.jackson.databind.DeserializationContext.mappingException(DeserializationContext.java:971) > at > org.apache.metron.jackson.databind.DeserializationContext.mappingException(DeserializationContext.java:967) > at > org.apache.metron.jackson.databind.deser.std.CollectionDeserializer.handleNonArray(CollectionDeserializer.java:327) > at > org.apache.metron.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:259) > at > org.apache.metron.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:249) > at > org.apache.metron.jackson.databind.deser.std.CollectionDeserializer.deserialize(CollectionDeserializer.java:26) > at > org.apache.metron.jackson.databind.deser.SettableBeanProperty.deserialize(SettableBeanProperty.java:490) > at > org.apache.metron.jackson.databind.deser.impl.MethodProperty.deserializeAndSet(MethodProperty.java:95) > at > org.apache.metron.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:260) > at > org.apache.metron.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:125) > at >
[jira] [Updated] (METRON-1334) Add C++11 Compliance Check to 'platform-info.sh'
[ https://issues.apache.org/jira/browse/METRON-1334?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen updated METRON-1334: --- Affects Version/s: 0.4.1 > Add C++11 Compliance Check to 'platform-info.sh' > > > Key: METRON-1334 > URL: https://issues.apache.org/jira/browse/METRON-1334 > Project: Metron > Issue Type: Sub-task >Affects Versions: 0.4.1 >Reporter: Nick Allen >Assignee: Nick Allen > Fix For: 0.4.2 > > > Some of the module dependencies for the Management and Alerts UI must be > built natively on the host. This requires a C/C++ compiler. In addition, some > of the dependencies require a C++11 compliant compiler. This is causing > problems for users who attempt to build Metron on a system with an older > version of GCC, like CentOS 6. > Not having a C++11 compliant compiler can cause some non-obvious error > messages when the build fails. This adds a version check for GCC and also a > C++11 compliance check. The compiler itself must be on the user's PATH, which > is what the Node modules also require. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-1338) Rat Check Should Ignore Vagrant Retry Files
[ https://issues.apache.org/jira/browse/METRON-1338?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen updated METRON-1338: --- Fix Version/s: (was: 0.4.1) 0.4.2 > Rat Check Should Ignore Vagrant Retry Files > --- > > Key: METRON-1338 > URL: https://issues.apache.org/jira/browse/METRON-1338 > Project: Metron > Issue Type: Bug >Affects Versions: 0.4.1 >Reporter: Nick Allen >Assignee: Nick Allen >Priority: Trivial > Fix For: 0.4.2 > > > When Vagrant fails, it generates a *.retry file. These files are ignored by > Git, but will unnecessarily fail a build because of the Rat check. This has > annoyed me to no end. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-1334) Add C++11 Compliance Check to 'platform-info.sh'
[ https://issues.apache.org/jira/browse/METRON-1334?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen updated METRON-1334: --- Fix Version/s: (was: 0.4.1) 0.4.2 > Add C++11 Compliance Check to 'platform-info.sh' > > > Key: METRON-1334 > URL: https://issues.apache.org/jira/browse/METRON-1334 > Project: Metron > Issue Type: Sub-task >Affects Versions: 0.4.1 >Reporter: Nick Allen >Assignee: Nick Allen > Fix For: 0.4.2 > > > Some of the module dependencies for the Management and Alerts UI must be > built natively on the host. This requires a C/C++ compiler. In addition, some > of the dependencies require a C++11 compliant compiler. This is causing > problems for users who attempt to build Metron on a system with an older > version of GCC, like CentOS 6. > Not having a C++11 compliant compiler can cause some non-obvious error > messages when the build fails. This adds a version check for GCC and also a > C++11 compliance check. The compiler itself must be on the user's PATH, which > is what the Node modules also require. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-1338) Rat Check Should Ignore Vagrant Retry Files
[ https://issues.apache.org/jira/browse/METRON-1338?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen updated METRON-1338: --- Affects Version/s: 0.4.1 > Rat Check Should Ignore Vagrant Retry Files > --- > > Key: METRON-1338 > URL: https://issues.apache.org/jira/browse/METRON-1338 > Project: Metron > Issue Type: Bug >Affects Versions: 0.4.1 >Reporter: Nick Allen >Assignee: Nick Allen >Priority: Trivial > Fix For: 0.4.2 > > > When Vagrant fails, it generates a *.retry file. These files are ignored by > Git, but will unnecessarily fail a build because of the Rat check. This has > annoyed me to no end. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-1310) "Template Delete" Action Deletes Search Indices
[ https://issues.apache.org/jira/browse/METRON-1310?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen updated METRON-1310: --- Fix Version/s: (was: Next + 1) 0.4.2 > "Template Delete" Action Deletes Search Indices > --- > > Key: METRON-1310 > URL: https://issues.apache.org/jira/browse/METRON-1310 > Project: Metron > Issue Type: Bug >Affects Versions: 0.4.1 >Reporter: Nick Allen >Assignee: Nick Allen > Fix For: 0.4.2 > > > The "Elasticsearch Template Delete" service action available within the > Indexing service actually deletes the search indices, rather than just > deleting the template definitions themselves. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-1301) Alerts UI - Sorting on Triage Score Unexpectedly Filters Some Records
[ https://issues.apache.org/jira/browse/METRON-1301?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen updated METRON-1301: --- Fix Version/s: (was: Next + 1) 0.4.2 > Alerts UI - Sorting on Triage Score Unexpectedly Filters Some Records > - > > Key: METRON-1301 > URL: https://issues.apache.org/jira/browse/METRON-1301 > Project: Metron > Issue Type: Bug >Affects Versions: 0.4.1 >Reporter: Nick Allen >Assignee: Nick Allen > Fix For: 0.4.2 > > Attachments: 01-Alerts-UI-default-view.png, 02-Sort-on-Score-field.png > > > Sorting on a field like threat triage score in the Alerts UI removes any > records that do not have a threat triage score defined from the search > results. > For example, I have 7 records when sorted by timestamp. All 7 records have a > timestamp field. > After sorting by score (threat triage score) there are only 5 records. The 2 > records missing a threat triage score are no longer included. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-1311) Service Check Should Check Elasticsearch Index Templates
[ https://issues.apache.org/jira/browse/METRON-1311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen updated METRON-1311: --- Fix Version/s: (was: Next + 1) 0.4.2 > Service Check Should Check Elasticsearch Index Templates > > > Key: METRON-1311 > URL: https://issues.apache.org/jira/browse/METRON-1311 > Project: Metron > Issue Type: Bug >Affects Versions: 0.4.1 >Reporter: Nick Allen >Assignee: Nick Allen > Fix For: 0.4.2 > > > The Service Check in Ambari does not validate that the Elasticsearch index > templates have been installed. Without these index templates bad things can > happen. For example, the Alerts UI will not be able to display any alerts. > The Elasticsearch index templates that are installed by Ambari should also be > checked as part of the Metron Service Check. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-1295) Unable to Configure Logging for REST API
[ https://issues.apache.org/jira/browse/METRON-1295?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen updated METRON-1295: --- Fix Version/s: 0.4.2 > Unable to Configure Logging for REST API > > > Key: METRON-1295 > URL: https://issues.apache.org/jira/browse/METRON-1295 > Project: Metron > Issue Type: Bug >Reporter: Nick Allen >Assignee: Nick Allen > Fix For: 0.4.2 > > > I have not been able to configure logging for the REST API. To replicate, > create a log4j configuration file, then add the following to "Metron JVM > Flags" in Ambari > Metron > Config. > {code} > -Dlog4j.debug > -Dlog4j.configuration=file:/usr/metron/0.4.2/config/log4j.properties > {code} > This will result in the following exception when Log4j initializes. > {code} > log4j: Using URL [file:/usr/metron/0.4.2/config/log4j.properties] for > automatic log4j configuration. > log4j: Reading configuration from URL > file:/usr/metron/0.4.2/config/log4j.properties > log4j: Parsing for [root] with value=[INFO, file]. > log4j: Level token is [INFO]. > log4j: Category root set to INFO > log4j: Parsing appender named "file". > log4j:ERROR A "org.apache.log4j.RollingFileAppender" object is not assignable > to a "org.apache.hadoop.hbase.shaded.org.apache.log4j.Appender" variable. > log4j:ERROR The class > "org.apache.hadoop.hbase.shaded.org.apache.log4j.Appender" was loaded by > log4j:ERROR [sun.misc.Launcher$AppClassLoader@5c647e05] whereas object of type > log4j:ERROR "org.apache.log4j.RollingFileAppender" was loaded by > [sun.misc.Launcher$AppClassLoader@5c647e05]. > log4j:ERROR Could not instantiate appender named "file". > log4j: Finished configuring. > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-1266) Profiler - SASL Authentication Failed
[ https://issues.apache.org/jira/browse/METRON-1266?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen updated METRON-1266: --- Fix Version/s: (was: Next + 1) 0.4.2 > Profiler - SASL Authentication Failed > - > > Key: METRON-1266 > URL: https://issues.apache.org/jira/browse/METRON-1266 > Project: Metron > Issue Type: Bug >Affects Versions: 0.4.1 >Reporter: Nick Allen >Assignee: Nick Allen > Fix For: 0.4.2 > > > When running the Profiler on a cluster that has multiple nodes and is secured > by Kerberos, it was observed that the HBaseBolt was unable to write to HBase. > The Storm worker running the HBaseBolt logged the following exception. This > does not occur all the time and does not occur in all environments. > {code} > 2017-10-19 14:51:00.146 o.a.h.h.i.AbstractRpcClient [ERROR] SASL > authentication failed. The most likely cause is missing or invalid > credentials. Consider 'kinit'. > javax.security.sasl.SaslException: GSS initiate failed > at > com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211) > ~[?:1.8.0_144] > at > org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:179) > ~[stormjar.jar:?] > at > org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.setupSaslConnection(RpcClientImpl.java:609) > ~[stormjar.jar:?] > at > org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.access$600(RpcClientImpl.java:154) > [stormjar.jar:?] > at > org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection$2.run(RpcClientImpl.java:735) > ~[stormjar.jar:?] > at > org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection$2.run(RpcClientImpl.java:732) > ~[stormjar.jar:?] > at java.security.AccessController.doPrivileged(Native Method) > ~[?:1.8.0_144] > at javax.security.auth.Subject.doAs(Subject.java:422) ~[?:1.8.0_144] > at > org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657) > ~[stormjar.jar:?] > at > org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.setupIOstreams(RpcClientImpl.java:732) > [stormjar.jar:?] > at > org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.writeRequest(RpcClientImpl.java:885) > [stormjar.jar:?] > at > org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.tracedWriteRequest(RpcClientImpl.java:854) > [stormjar.jar:?] > at > org.apache.hadoop.hbase.ipc.RpcClientImpl.call(RpcClientImpl.java:1180) > [stormjar.jar:?] > at > org.apache.hadoop.hbase.ipc.AbstractRpcClient.callBlockingMethod(AbstractRpcClient.java:213) > [stormjar.jar:?] > at > org.apache.hadoop.hbase.ipc.AbstractRpcClient$BlockingRpcChannelImplementation.callBlockingMethod(AbstractRpcClient.java:287) > [stormjar.jar:?] > at > org.apache.hadoop.hbase.protobuf.generated.ClientProtos$ClientService$BlockingStub.scan(ClientProtos.java:32651) > [stormjar.jar:?] > at > org.apache.hadoop.hbase.client.ClientSmallScanner$SmallScannerCallable.call(ClientSmallScanner.java:201) > [stormjar.jar:?] > at > org.apache.hadoop.hbase.client.ClientSmallScanner$SmallScannerCallable.call(ClientSmallScanner.java:180) > [stormjar.jar:?] > at > org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithoutRetries(RpcRetryingCaller.java:200) > [stormjar.jar:?] > at > org.apache.hadoop.hbase.client.ScannerCallableWithReplicas$RetryingRPC.call(ScannerCallableWithReplicas.java:369) > [stormjar.jar:?] > at > org.apache.hadoop.hbase.client.ScannerCallableWithReplicas$RetryingRPC.call(ScannerCallableWithReplicas.java:343) > [stormjar.jar:?] > at > org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithRetries(RpcRetryingCaller.java:126) > [stormjar.jar:?] > at > org.apache.hadoop.hbase.client.ResultBoundedCompletionService$QueueingFuture.run(ResultBoundedCompletionService.java:64) > [stormjar.jar:?] > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > [?:1.8.0_144] > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > [?:1.8.0_144] > at java.lang.Thread.run(Thread.java:748) [?:1.8.0_144] > Caused by: org.ietf.jgss.GSSException: No valid credentials provided > (Mechanism level: Failed to find any Kerberos tgt) > at > sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147) > ~[?:1.8.0_144] > at > sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122) > ~[?:1.8.0_144] > at > sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187) > ~[?:1.8.0_144] > at > sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224) > ~[?:1.8.0_144] > at >
[jira] [Updated] (METRON-1226) Searching Can Errantly Query the Wrong Indices
[ https://issues.apache.org/jira/browse/METRON-1226?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen updated METRON-1226: --- Affects Version/s: 0.4.1 > Searching Can Errantly Query the Wrong Indices > -- > > Key: METRON-1226 > URL: https://issues.apache.org/jira/browse/METRON-1226 > Project: Metron > Issue Type: Bug >Affects Versions: 0.4.1 >Reporter: Nick Allen >Assignee: Nick Allen > Fix For: 0.4.2 > > > The ElasticsearchDAO can errantly query the wrong indices under certain > conditions. This can occur when there are at least two different sensors > that have been configured with a similar name prefix. > For example, if you have have configured both a "snort" and "snort_v2" > sensor, the query generated by the ElasticsearchDAO will hit both of those > indices, when in fact only one or the other is desired. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-1260) Include Alerts UI in Ambari Service Check
[ https://issues.apache.org/jira/browse/METRON-1260?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen updated METRON-1260: --- Fix Version/s: 0.4.2 > Include Alerts UI in Ambari Service Check > - > > Key: METRON-1260 > URL: https://issues.apache.org/jira/browse/METRON-1260 > Project: Metron > Issue Type: Bug >Affects Versions: 0.4.1 >Reporter: Nick Allen >Assignee: Nick Allen > Fix For: 0.4.2 > > > The Alerts UI is not currently included in the Metron Service Check that is a > part of the Ambari MPack. This should be added. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-1260) Include Alerts UI in Ambari Service Check
[ https://issues.apache.org/jira/browse/METRON-1260?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen updated METRON-1260: --- Affects Version/s: 0.4.1 > Include Alerts UI in Ambari Service Check > - > > Key: METRON-1260 > URL: https://issues.apache.org/jira/browse/METRON-1260 > Project: Metron > Issue Type: Bug >Affects Versions: 0.4.1 >Reporter: Nick Allen >Assignee: Nick Allen > Fix For: 0.4.2 > > > The Alerts UI is not currently included in the Metron Service Check that is a > part of the Ambari MPack. This should be added. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-1226) Searching Can Errantly Query the Wrong Indices
[ https://issues.apache.org/jira/browse/METRON-1226?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen updated METRON-1226: --- Fix Version/s: 0.4.2 > Searching Can Errantly Query the Wrong Indices > -- > > Key: METRON-1226 > URL: https://issues.apache.org/jira/browse/METRON-1226 > Project: Metron > Issue Type: Bug >Affects Versions: 0.4.1 >Reporter: Nick Allen >Assignee: Nick Allen > Fix For: 0.4.2 > > > The ElasticsearchDAO can errantly query the wrong indices under certain > conditions. This can occur when there are at least two different sensors > that have been configured with a similar name prefix. > For example, if you have have configured both a "snort" and "snort_v2" > sensor, the query generated by the ElasticsearchDAO will hit both of those > indices, when in fact only one or the other is desired. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-1194) Add Profiler Debug Functions to Profiler README
[ https://issues.apache.org/jira/browse/METRON-1194?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen updated METRON-1194: --- Fix Version/s: 0.4.2 > Add Profiler Debug Functions to Profiler README > --- > > Key: METRON-1194 > URL: https://issues.apache.org/jira/browse/METRON-1194 > Project: Metron > Issue Type: Improvement >Reporter: Nick Allen >Assignee: Nick Allen > Fix For: 0.4.2 > > > The Profiler Debugging functions provide a simple means for users to get up > and running with the Profiler. Update the README to use this new > functionality to introduce new users to these functions. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-1156) Simulate Triage Rules in the Stellar REPL
[ https://issues.apache.org/jira/browse/METRON-1156?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen updated METRON-1156: --- Fix Version/s: (was: Next + 1) 0.4.2 > Simulate Triage Rules in the Stellar REPL > - > > Key: METRON-1156 > URL: https://issues.apache.org/jira/browse/METRON-1156 > Project: Metron > Issue Type: New Feature >Affects Versions: 0.4.1 >Reporter: Nick Allen >Assignee: Nick Allen > Fix For: 0.4.2 > > > Troubleshooting issues when programming against a live stream of data is > difficult. It would be useful to have a means to run the entire threat triage > process within the REPL before deploying your rule set on a Metron cluster. > This creates a set of functions to allow simulation of Threat Triage inside > of the Stellar REPL. This is useful for creating new triage rules, debugging > existing triage rules, and to iterate quickly when testing rule sets. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-1156) Simulate Triage Rules in the Stellar REPL
[ https://issues.apache.org/jira/browse/METRON-1156?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen updated METRON-1156: --- Affects Version/s: 0.4.1 > Simulate Triage Rules in the Stellar REPL > - > > Key: METRON-1156 > URL: https://issues.apache.org/jira/browse/METRON-1156 > Project: Metron > Issue Type: New Feature >Affects Versions: 0.4.1 >Reporter: Nick Allen >Assignee: Nick Allen > Fix For: 0.4.2 > > > Troubleshooting issues when programming against a live stream of data is > difficult. It would be useful to have a means to run the entire threat triage > process within the REPL before deploying your rule set on a Metron cluster. > This creates a set of functions to allow simulation of Threat Triage inside > of the Stellar REPL. This is useful for creating new triage rules, debugging > existing triage rules, and to iterate quickly when testing rule sets. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-1198) Pycapa - No such configuration property: "sasl.kerberos.principal"
[ https://issues.apache.org/jira/browse/METRON-1198?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen updated METRON-1198: --- Fix Version/s: (was: Next + 1) 0.4.2 > Pycapa - No such configuration property: "sasl.kerberos.principal" > -- > > Key: METRON-1198 > URL: https://issues.apache.org/jira/browse/METRON-1198 > Project: Metron > Issue Type: Improvement >Affects Versions: 0.4.1 >Reporter: Nick Allen >Assignee: Nick Allen > Fix For: 0.4.2 > > > When running pycapa in a Kerberized environment, but without a version of > librdkafka built with SASL support, it can produce error messages that > look-like the following. > {code} > KafkaError{code=_INVALID_ARG,val=-186,str="No such configuration property: > "sasl.kerberos.principal""} > {code} > This can happen when a user accidentally installs multiple version of > librdkafka and the version that the Python interpreter links to is the one > without SASL support. > I am going to update the README to doc this specific condition. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-1187) Indexing/Profiler Kafka ACL Groups Not Setup Correctly
[ https://issues.apache.org/jira/browse/METRON-1187?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen updated METRON-1187: --- Affects Version/s: (was: 0.4.0) 0.4.1 > Indexing/Profiler Kafka ACL Groups Not Setup Correctly > -- > > Key: METRON-1187 > URL: https://issues.apache.org/jira/browse/METRON-1187 > Project: Metron > Issue Type: Bug >Affects Versions: 0.4.1 >Reporter: Nick Allen >Assignee: Nick Allen > Fix For: 0.4.2 > > > When kerberizing Metron using the MPack, either the Profiler or the Indexing > Kafka ACL groups will not authorize the 'metron' user. This will only work > correctly for the component which is executed first. > This can lead to an error in either the Profiler or Indexing topology that > looks like the following. > {code} > 2017-09-14 07:29:52.984 o.a.s.util [ERROR] Async loop died! > org.apache.kafka.common.errors.GroupAuthorizationException: Not authorized to > access group: indexing > {code} > Manually checking confirms the problem. > {code} > [root@XXX ambari-server]# /usr/hdp/current/kafka-broker/bin/kafka-acls.sh > --authorizer-properties zookeeper.connect=${ZOOKEEPER} --list > [2017-09-14 12:09:26,284] WARN read null data from > /kafka-acl-changes/acl_changes_04 when processing notification > acl_changes_04 (kafka.common.ZkNodeChangeNotificationListener) > [2017-09-14 12:09:26,304] WARN read null data from > /kafka-acl-changes/acl_changes_05 when processing notification > acl_changes_05 (kafka.common.ZkNodeChangeNotificationListener) > [2017-09-14 12:09:26,315] WARN read null data from > /kafka-acl-changes/acl_changes_06 when processing notification > acl_changes_06 (kafka.common.ZkNodeChangeNotificationListener) > [2017-09-14 12:09:26,321] WARN read null data from > /kafka-acl-changes/acl_changes_07 when processing notification > acl_changes_07 (kafka.common.ZkNodeChangeNotificationListener) > [2017-09-14 12:09:26,323] WARN read null data from > /kafka-acl-changes/acl_changes_08 when processing notification > acl_changes_08 (kafka.common.ZkNodeChangeNotificationListener) > [2017-09-14 12:09:26,325] WARN read null data from > /kafka-acl-changes/acl_changes_09 when processing notification > acl_changes_09 (kafka.common.ZkNodeChangeNotificationListener) > [2017-09-14 12:09:26,327] WARN read null data from > /kafka-acl-changes/acl_changes_10 when processing notification > acl_changes_10 (kafka.common.ZkNodeChangeNotificationListener) > [2017-09-14 12:09:26,337] WARN read null data from > /kafka-acl-changes/acl_changes_11 when processing notification > acl_changes_11 (kafka.common.ZkNodeChangeNotificationListener) > Current ACLs for resource `Group:bro_parser`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Topic:ambari_kafka_service_check`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Group:profiler`: > User:metron has Allow permission for operations: All from hosts: * > [2017-09-14 12:09:26,349] WARN read null data from > /kafka-acl-changes/acl_changes_12 when processing notification > acl_changes_12 (kafka.common.ZkNodeChangeNotificationListener) > Current ACLs for resource `Group:metron-rest`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Topic:enrichments`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Topic:snort`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Topic:yaf`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Group:enrichments`: > User:metron has Allow permission for operations: All from hosts: * > [2017-09-14 12:09:26,351] WARN read null data from > /kafka-acl-changes/acl_changes_13 when processing notification > acl_changes_13 (kafka.common.ZkNodeChangeNotificationListener) > Current ACLs for resource `Topic:__consumer_offsets`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Topic:bro`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Topic:escalation`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Group:yaf_parser`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Group:snort_parser`: > User:metron has Allow permission for operations: All from hosts: * > Current
[jira] [Updated] (METRON-1187) Indexing/Profiler Kafka ACL Groups Not Setup Correctly
[ https://issues.apache.org/jira/browse/METRON-1187?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen updated METRON-1187: --- Fix Version/s: (was: Next + 1) 0.4.2 > Indexing/Profiler Kafka ACL Groups Not Setup Correctly > -- > > Key: METRON-1187 > URL: https://issues.apache.org/jira/browse/METRON-1187 > Project: Metron > Issue Type: Bug >Affects Versions: 0.4.1 >Reporter: Nick Allen >Assignee: Nick Allen > Fix For: 0.4.2 > > > When kerberizing Metron using the MPack, either the Profiler or the Indexing > Kafka ACL groups will not authorize the 'metron' user. This will only work > correctly for the component which is executed first. > This can lead to an error in either the Profiler or Indexing topology that > looks like the following. > {code} > 2017-09-14 07:29:52.984 o.a.s.util [ERROR] Async loop died! > org.apache.kafka.common.errors.GroupAuthorizationException: Not authorized to > access group: indexing > {code} > Manually checking confirms the problem. > {code} > [root@XXX ambari-server]# /usr/hdp/current/kafka-broker/bin/kafka-acls.sh > --authorizer-properties zookeeper.connect=${ZOOKEEPER} --list > [2017-09-14 12:09:26,284] WARN read null data from > /kafka-acl-changes/acl_changes_04 when processing notification > acl_changes_04 (kafka.common.ZkNodeChangeNotificationListener) > [2017-09-14 12:09:26,304] WARN read null data from > /kafka-acl-changes/acl_changes_05 when processing notification > acl_changes_05 (kafka.common.ZkNodeChangeNotificationListener) > [2017-09-14 12:09:26,315] WARN read null data from > /kafka-acl-changes/acl_changes_06 when processing notification > acl_changes_06 (kafka.common.ZkNodeChangeNotificationListener) > [2017-09-14 12:09:26,321] WARN read null data from > /kafka-acl-changes/acl_changes_07 when processing notification > acl_changes_07 (kafka.common.ZkNodeChangeNotificationListener) > [2017-09-14 12:09:26,323] WARN read null data from > /kafka-acl-changes/acl_changes_08 when processing notification > acl_changes_08 (kafka.common.ZkNodeChangeNotificationListener) > [2017-09-14 12:09:26,325] WARN read null data from > /kafka-acl-changes/acl_changes_09 when processing notification > acl_changes_09 (kafka.common.ZkNodeChangeNotificationListener) > [2017-09-14 12:09:26,327] WARN read null data from > /kafka-acl-changes/acl_changes_10 when processing notification > acl_changes_10 (kafka.common.ZkNodeChangeNotificationListener) > [2017-09-14 12:09:26,337] WARN read null data from > /kafka-acl-changes/acl_changes_11 when processing notification > acl_changes_11 (kafka.common.ZkNodeChangeNotificationListener) > Current ACLs for resource `Group:bro_parser`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Topic:ambari_kafka_service_check`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Group:profiler`: > User:metron has Allow permission for operations: All from hosts: * > [2017-09-14 12:09:26,349] WARN read null data from > /kafka-acl-changes/acl_changes_12 when processing notification > acl_changes_12 (kafka.common.ZkNodeChangeNotificationListener) > Current ACLs for resource `Group:metron-rest`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Topic:enrichments`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Topic:snort`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Topic:yaf`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Group:enrichments`: > User:metron has Allow permission for operations: All from hosts: * > [2017-09-14 12:09:26,351] WARN read null data from > /kafka-acl-changes/acl_changes_13 when processing notification > acl_changes_13 (kafka.common.ZkNodeChangeNotificationListener) > Current ACLs for resource `Topic:__consumer_offsets`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Topic:bro`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Topic:escalation`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Group:yaf_parser`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs for resource `Group:snort_parser`: > User:metron has Allow permission for operations: All from hosts: * > Current ACLs
[jira] [Updated] (METRON-1183) Improve KDC Setup Instructions
[ https://issues.apache.org/jira/browse/METRON-1183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen updated METRON-1183: --- Affects Version/s: (was: 0.3.1) 0.4.1 > Improve KDC Setup Instructions > -- > > Key: METRON-1183 > URL: https://issues.apache.org/jira/browse/METRON-1183 > Project: Metron > Issue Type: Improvement >Affects Versions: 0.4.1 >Reporter: Nick Allen >Assignee: Nick Allen > Fix For: 0.4.2 > > > I use the instructions that we have in Kerberos-ambari-setup.md and > Kerberos-manual-setup.md all the time when testing under Kerberization. > There are a few changes that could make it easier to grok and copy/paste as > needed. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-1183) Improve KDC Setup Instructions
[ https://issues.apache.org/jira/browse/METRON-1183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen updated METRON-1183: --- Affects Version/s: (was: 0.4.0) 0.3.1 > Improve KDC Setup Instructions > -- > > Key: METRON-1183 > URL: https://issues.apache.org/jira/browse/METRON-1183 > Project: Metron > Issue Type: Improvement >Affects Versions: 0.3.1 >Reporter: Nick Allen >Assignee: Nick Allen > Fix For: 0.4.0 > > > I use the instructions that we have in Kerberos-ambari-setup.md and > Kerberos-manual-setup.md all the time when testing under Kerberization. > There are a few changes that could make it easier to grok and copy/paste as > needed. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (METRON-1183) Improve KDC Setup Instructions
[ https://issues.apache.org/jira/browse/METRON-1183?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nick Allen updated METRON-1183: --- Fix Version/s: (was: Next + 1) 0.4.0 > Improve KDC Setup Instructions > -- > > Key: METRON-1183 > URL: https://issues.apache.org/jira/browse/METRON-1183 > Project: Metron > Issue Type: Improvement >Affects Versions: 0.3.1 >Reporter: Nick Allen >Assignee: Nick Allen > Fix For: 0.4.0 > > > I use the instructions that we have in Kerberos-ambari-setup.md and > Kerberos-manual-setup.md all the time when testing under Kerberization. > There are a few changes that could make it easier to grok and copy/paste as > needed. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (METRON-1362) Improve Metron Deployment README
[ https://issues.apache.org/jira/browse/METRON-1362?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292733#comment-16292733 ] ASF GitHub Bot commented on METRON-1362: Github user justinleet commented on a diff in the pull request: https://github.com/apache/metron/pull/869#discussion_r157238284 --- Diff: metron-deployment/README.md --- @@ -1,175 +1,127 @@ -# Overview -This set of playbooks can be used to deploy an Ambari-managed Hadoop cluster containing Metron services using Ansible. These playbooks target RHEL/CentOS 6.x operating -systems. - -Installation consists of - -- Building Metron tarballs, RPMs and the Ambari MPack -- Deploying Ambari -- Leveraging Ambari to install: - * The required Hadoop Components - * Core Metron (Parsing, Enrichment, Indexing) - * Elasticsearch - * Kibana -- Starting All Services - -## Prerequisites -The following tools are required to run these scripts: - -- [Maven](https://maven.apache.org/) -- [Git](https://git-scm.com/) -- [Ansible](http://www.ansible.com/) (2.0.0.2 or 2.2.2.0) -- [Docker](https://www.docker.com/) (Docker for Mac on OSX) - -These scripts depend on two files for configuration: - -- hosts - declares which Ansible roles will be run on which hosts -- group_vars/all - various configuration settings needed to install Metron - -For production use, it is recommended that Metron be installed on an existing cluster managed by Ambari as described in the Installing Management Pack section below. -## Ambari -The Ambari playbook will install a Hadoop cluster including the Metron Services (Parsing, Enrichment, Indexing). Ambari will also install Elasticsearch and Kibana. - -Currently, the playbooks supports building a local development cluster running on one node or deploying to a 10 node cluster on AWS EC2. - -## Vagrant -There is a development environment based on Vagrant that is referred to as "Full Dev". This installs the entire Ambari/Metron stack. This is useful in testing out changes to the installation procedure. - -### Prerequsities -- Install [Vagrant](https://www.vagrantup.com/) (5.0.16+) -- Install the Hostmanager plugin for vagrant - Run `vagrant plugin install vagrant-hostmanager` on the machine where Vagrant is -installed - -### Full-Dev -Navigate to `metron/metron-deployment/vagrant/full-dev-platform` and run `vagrant up`. - -## Ambari Management Pack -An Ambari Management Pack can be built in order to make the Metron service available on top of an existing stack, rather than needing a direct stack update. - -This will set up -- Metron Parsers -- Enrichment -- Indexing -- GeoIP data -- Optional Elasticsearch -- Optional Kibana - -### Prerequisites +This project contains a variety of tools for deploying Apache Metron. Please refer to the following sections for more information on the best way to deploy Metron in your environment. + + * [How do I deploy Metron on a single VM?](#how-do-i-deploy-metron-on-a-single-vm) + * [How do I deploy Metron on a large cluster with Ambari?](#how-do-i-deploy-metron-on-a-large-cluster-with-ambari) + * [How do I build RPM packages?](#how-do-i-build-rpm-packages) + * [How do I build DEB packages?](#how-do-i-build-deb-packages) + * [How do I deploy Metron within AWS?](#how-do-i-deploy-metron-within-aws) + +## How do I deploy Metron on a single VM? + + Who is this for? + +If you are new to Metron and just want to explore the functionality that it offers, this is good place to start. If you are a developer building on Metron, then this is also a great way to test out your changes. + + What does this do? + +This option will deploy Metron on a virtual machine running on your computer. This is often referred to as the "Full Dev" environment. + + How do I do it? +Follow these [instructions to deploy Metron on a single VM](vagrant/full-dev-platform/README.md). + + Where can I get more information? +* [Full Dev Platform](vagrant/full-dev-platform) + +## How do I deploy Metron on a large cluster with Ambari? + + Who is this for? + +If you want to see how Metron can really scale by deploying it on your own hardware, or even in your own cloud-based environment, this is the best option for you. + + What does this do? + +This creates a Management Pack (MPack) extension for [Apache Ambari](https://ambari.apache.org/) that simplifies the provisioning, managing and monitoring of Metron on large clusters. This allows you to easily install Metron on a large cluster using a simple, guided process. This also allows you to monitor cluster
[jira] [Updated] (METRON-1363) Autogenerate Stellar Documentation
[ https://issues.apache.org/jira/browse/METRON-1363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Justin Leet updated METRON-1363: Summary: Autogenerate Stellar Documentation (was: Autogenerate Stellar Annotations) > Autogenerate Stellar Documentation > -- > > Key: METRON-1363 > URL: https://issues.apache.org/jira/browse/METRON-1363 > Project: Metron > Issue Type: Improvement >Reporter: Justin Leet >Assignee: Justin Leet > > As discussed in this > [thread|https://lists.apache.org/thread.html/c6eefc77475d3aaa3feccff52399483d63bff00fadddbd31ce3f0fc8@%3Cdev.metron.apache.org%3E], > it would be nice to autogenerate the Stellar documentation we currently > maintain by hand. > A minimal POC is at https://github.com/justinleet/metron/tree/stellardoc > Considerations to be addressed > 1) Consolidation across projects. Stellar functions live across projects > projects, and we should be able to consolidate all of them (without dupes) > 2) Potentially abstracting generating the markdown from the actual annotation > parsing. Given that consolidation across projects might necessitate a second > pass anyway, just writing things into some format (e.g. JSON) and generating > markdown later may be nice. > 3) Make sure we don't break current Javadoc. > 4) Some management of this. Presumably it can be regenerated whenever and > kept in git. > Nifi apparently also does some of this, so it might be worthwhile to adapt > it. > https://github.com/apache/nifi/tree/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-documentation/src/main/java/org/apache/nifi/documentation > For a bit of context, I'd looked at seeing if we could generate something > similar to actual Javadocs by piggybacking on their impl, but everything in > there is essentially considered purely internal and subject to change for any > reason. > There's also been some discussion of namespace documentation in > https://issues.apache.org/jira/browse/METRON-1361, that may affect this, but > depending on when that happens, incorporating some of that organization may > be follow-on. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (METRON-1363) Autogenerate Stellar Annotations
Justin Leet created METRON-1363: --- Summary: Autogenerate Stellar Annotations Key: METRON-1363 URL: https://issues.apache.org/jira/browse/METRON-1363 Project: Metron Issue Type: Improvement Reporter: Justin Leet Assignee: Justin Leet As discussed in this [thread|https://lists.apache.org/thread.html/c6eefc77475d3aaa3feccff52399483d63bff00fadddbd31ce3f0fc8@%3Cdev.metron.apache.org%3E], it would be nice to autogenerate the Stellar documentation we currently maintain by hand. A minimal POC is at https://github.com/justinleet/metron/tree/stellardoc Considerations to be addressed 1) Consolidation across projects. Stellar functions live across projects projects, and we should be able to consolidate all of them (without dupes) 2) Potentially abstracting generating the markdown from the actual annotation parsing. Given that consolidation across projects might necessitate a second pass anyway, just writing things into some format (e.g. JSON) and generating markdown later may be nice. 3) Make sure we don't break current Javadoc. 4) Some management of this. Presumably it can be regenerated whenever and kept in git. Nifi apparently also does some of this, so it might be worthwhile to adapt it. https://github.com/apache/nifi/tree/master/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-documentation/src/main/java/org/apache/nifi/documentation For a bit of context, I'd looked at seeing if we could generate something similar to actual Javadocs by piggybacking on their impl, but everything in there is essentially considered purely internal and subject to change for any reason. There's also been some discussion of namespace documentation in https://issues.apache.org/jira/browse/METRON-1361, that may affect this, but depending on when that happens, incorporating some of that organization may be follow-on. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (METRON-1212) Bundles and Maven Plugin
[ https://issues.apache.org/jira/browse/METRON-1212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292500#comment-16292500 ] ASF GitHub Bot commented on METRON-1212: Github user JonZeolla commented on a diff in the pull request: https://github.com/apache/metron/pull/865#discussion_r157196243 --- Diff: bundles-maven-plugin/README.md --- @@ -0,0 +1,230 @@ + +# Apache Metron Bundle Maven Plugin + +Apache Metron Bundles Maven Plugin helps to build Bundles Archives to support the classloader isolation model. + +## Table of Contents + +- [Requirements](#requirements) +- [Building](#building) +- [Getting Stared](#getting_started) +- [Getting Help](#getting-help) +- [License](#license) + +## Requirements +* JDK 1.7 or higher +* Apache Maven 3.1.0 or higher + +## Building + +Building the bundles-maven-plugin module should be rare since it will be released infrequently compared to +the main 'metron' code tree. + +- Build with `mvn clean install` +- Presuming you need to make use of changes to the bundles-maven-plugin module, you should next + go to the [metron](../metron) directory and follow its instructions. + +## Getting Started + +While it is most likely +that a maven archetype is being utilized to create bundles, as part of a toolkit etc, you may want to create on manually, or may need to create a project for use in an archetype. + +The plugin is utilized by setting the packaging of a maven module to 'bundle'. + +```xml +bundle +``` + +This means that when you package this module, any of it's non-provided dependencies will be packaged into the produced bundle ( and all of their non-provided dependencies as well). +Since a library may not always be distributed as part of a bundle with all it's dependencies, the bundle module +shall be a separate module from the actual classes and dependencies to be bundled. + +A very simple example layout for a project that utilizes bundles would be: + +```bash +├── README.md +├── pom.xml +├── testapp +│ ├── pom.xml +│ ├── src +│ │ ├── main +│ │ │ └── java +│ │ │ └── org +│ │ │ └── apache +│ │ │ └── test +│ │ │ └── App.java +│ │ └── test +│ │ └── java +│ │ └── org +│ │ └── apache +│ │ └── test +│ │ └── AppTest.java +└── testappbundle +├── pom.xml +``` +Where testappbundle is the bundle module that creates a bundle of testapp, and contains the following pom.xml: +```xml + +http://maven.apache.org/POM/4.0.0; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd;> + +test.bundles.plugin +org.apache.test +1.0-SNAPSHOT + + 4.0.0 + + test.app.bundle + + + bundle + + + + + org.apache.test + test.app + 1.0-SNAPSHOT + + + + + + + + + org.apache.metron + bundles-maven-plugin + 0.4.2 + true + + + + + + + +org.apache.metron +bundles-maven-plugin +0.4.2 +true + + + + +``` +When the module is packaged, it packages all of it's non-provided dependencies into the bundles /bundled-dependencies directory. +Thus, to create a bundle of a module's jar and that jar's non-provided dependencies, you add that module to your +bundle modules dependencies. You can unzip and examine the bundle in the target directory, and verify +it's contents, which should be similar to : + +```bash +-> % tree . +. +└── META-INF +├── MANIFEST.MF +├── bundled-dependencies +│ ├── log4j-1.2.17.jar +│ ├── metron-common-0.4.1.jar +│ ├── slf4j-api-1.7.7.jar +│ ├── slf4j-log4j12-1.7.7.jar +│ └── test.app-1.0-SNAPSHOT.jar +└── maven +└── org.apache.test +└── test.app.bundle +├── pom.properties +└── pom.xml +``` + +This reflects the testapp project, which has these dependencies : + +```xml + + + org.apache.metron + metron-common + 0.4.1 + + + junit + junit + 3.8.1 + test + + +``` +metron-common
[jira] [Commented] (METRON-1212) Bundles and Maven Plugin
[ https://issues.apache.org/jira/browse/METRON-1212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292503#comment-16292503 ] ASF GitHub Bot commented on METRON-1212: Github user JonZeolla commented on a diff in the pull request: https://github.com/apache/metron/pull/865#discussion_r157196122 --- Diff: bundles-maven-plugin/NOTICE --- @@ -0,0 +1,8 @@ +Apache NiFi +Copyright 2014-2017 The Apache Software Foundation + +Apache Metron +Copyright 2015-2017 The Apache Software Foundation + +This product includes software developed at +The Apache Software Foundation (http://www.apache.org/). --- End diff -- `s/http/https`? > Bundles and Maven Plugin > > > Key: METRON-1212 > URL: https://issues.apache.org/jira/browse/METRON-1212 > Project: Metron > Issue Type: Sub-task >Reporter: Otto Fowler >Assignee: Otto Fowler > Labels: metron-feature-canidate, > metron-feature-extensions-parsers > > The first effort will be to land the bundle system and supporting maven > plugin on master -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (METRON-1212) Bundles and Maven Plugin
[ https://issues.apache.org/jira/browse/METRON-1212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292506#comment-16292506 ] ASF GitHub Bot commented on METRON-1212: Github user JonZeolla commented on a diff in the pull request: https://github.com/apache/metron/pull/865#discussion_r157196478 --- Diff: bundles-maven-plugin/pom.xml --- @@ -0,0 +1,328 @@ + + +http://maven.apache.org/POM/4.0.0; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd;> +4.0.0 + +org.apache +apache +17 + + +org.apache.metron +bundles-maven-plugin +0.4.2 +maven-plugin +Apache Metron Bundles Maven Plugin +http://metron.apache.org + +Apache Metron Project +http://metron.apache.org/ + + + +Apache License, Version 2.0 +http://www.apache.org/licenses/LICENSE-2.0 --- End diff -- `s/http/https/` > Bundles and Maven Plugin > > > Key: METRON-1212 > URL: https://issues.apache.org/jira/browse/METRON-1212 > Project: Metron > Issue Type: Sub-task >Reporter: Otto Fowler >Assignee: Otto Fowler > Labels: metron-feature-canidate, > metron-feature-extensions-parsers > > The first effort will be to land the bundle system and supporting maven > plugin on master -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (METRON-1212) Bundles and Maven Plugin
[ https://issues.apache.org/jira/browse/METRON-1212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292502#comment-16292502 ] ASF GitHub Bot commented on METRON-1212: Github user JonZeolla commented on a diff in the pull request: https://github.com/apache/metron/pull/865#discussion_r157197191 --- Diff: bundles-maven-plugin/README.md --- @@ -0,0 +1,230 @@ + +# Apache Metron Bundle Maven Plugin + +Apache Metron Bundles Maven Plugin helps to build Bundles Archives to support the classloader isolation model. + +## Table of Contents + +- [Requirements](#requirements) +- [Building](#building) +- [Getting Stared](#getting_started) +- [Getting Help](#getting-help) +- [License](#license) + +## Requirements +* JDK 1.7 or higher +* Apache Maven 3.1.0 or higher + +## Building + +Building the bundles-maven-plugin module should be rare since it will be released infrequently compared to +the main 'metron' code tree. + +- Build with `mvn clean install` +- Presuming you need to make use of changes to the bundles-maven-plugin module, you should next + go to the [metron](../metron) directory and follow its instructions. --- End diff -- Broken link. Not positive offhand how to fix in a way that also works in the site-book, I need to take another look later. Just noting for now. > Bundles and Maven Plugin > > > Key: METRON-1212 > URL: https://issues.apache.org/jira/browse/METRON-1212 > Project: Metron > Issue Type: Sub-task >Reporter: Otto Fowler >Assignee: Otto Fowler > Labels: metron-feature-canidate, > metron-feature-extensions-parsers > > The first effort will be to land the bundle system and supporting maven > plugin on master -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (METRON-1212) Bundles and Maven Plugin
[ https://issues.apache.org/jira/browse/METRON-1212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292504#comment-16292504 ] ASF GitHub Bot commented on METRON-1212: Github user JonZeolla commented on a diff in the pull request: https://github.com/apache/metron/pull/865#discussion_r157196275 --- Diff: bundles-maven-plugin/README.md --- @@ -0,0 +1,230 @@ + +# Apache Metron Bundle Maven Plugin + +Apache Metron Bundles Maven Plugin helps to build Bundles Archives to support the classloader isolation model. + +## Table of Contents + +- [Requirements](#requirements) +- [Building](#building) +- [Getting Stared](#getting_started) +- [Getting Help](#getting-help) +- [License](#license) + +## Requirements +* JDK 1.7 or higher +* Apache Maven 3.1.0 or higher + +## Building + +Building the bundles-maven-plugin module should be rare since it will be released infrequently compared to +the main 'metron' code tree. + +- Build with `mvn clean install` +- Presuming you need to make use of changes to the bundles-maven-plugin module, you should next + go to the [metron](../metron) directory and follow its instructions. + +## Getting Started + +While it is most likely +that a maven archetype is being utilized to create bundles, as part of a toolkit etc, you may want to create on manually, or may need to create a project for use in an archetype. + +The plugin is utilized by setting the packaging of a maven module to 'bundle'. + +```xml +bundle +``` + +This means that when you package this module, any of it's non-provided dependencies will be packaged into the produced bundle ( and all of their non-provided dependencies as well). +Since a library may not always be distributed as part of a bundle with all it's dependencies, the bundle module +shall be a separate module from the actual classes and dependencies to be bundled. + +A very simple example layout for a project that utilizes bundles would be: + +```bash +├── README.md +├── pom.xml +├── testapp +│ ├── pom.xml +│ ├── src +│ │ ├── main +│ │ │ └── java +│ │ │ └── org +│ │ │ └── apache +│ │ │ └── test +│ │ │ └── App.java +│ │ └── test +│ │ └── java +│ │ └── org +│ │ └── apache +│ │ └── test +│ │ └── AppTest.java +└── testappbundle +├── pom.xml +``` +Where testappbundle is the bundle module that creates a bundle of testapp, and contains the following pom.xml: +```xml + +http://maven.apache.org/POM/4.0.0; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd;> + +test.bundles.plugin +org.apache.test +1.0-SNAPSHOT + + 4.0.0 + + test.app.bundle + + + bundle + + + + + org.apache.test + test.app + 1.0-SNAPSHOT + + + + + + + + + org.apache.metron + bundles-maven-plugin + 0.4.2 + true + + + + + + + +org.apache.metron +bundles-maven-plugin +0.4.2 +true + + + + +``` +When the module is packaged, it packages all of it's non-provided dependencies into the bundles /bundled-dependencies directory. +Thus, to create a bundle of a module's jar and that jar's non-provided dependencies, you add that module to your +bundle modules dependencies. You can unzip and examine the bundle in the target directory, and verify +it's contents, which should be similar to : + +```bash +-> % tree . +. +└── META-INF +├── MANIFEST.MF +├── bundled-dependencies +│ ├── log4j-1.2.17.jar +│ ├── metron-common-0.4.1.jar +│ ├── slf4j-api-1.7.7.jar +│ ├── slf4j-log4j12-1.7.7.jar +│ └── test.app-1.0-SNAPSHOT.jar +└── maven +└── org.apache.test +└── test.app.bundle +├── pom.properties +└── pom.xml +``` + +This reflects the testapp project, which has these dependencies : + +```xml + + + org.apache.metron + metron-common + 0.4.1 + + + junit + junit + 3.8.1 + test + + +``` +metron-common
[jira] [Commented] (METRON-1212) Bundles and Maven Plugin
[ https://issues.apache.org/jira/browse/METRON-1212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292505#comment-16292505 ] ASF GitHub Bot commented on METRON-1212: Github user JonZeolla commented on a diff in the pull request: https://github.com/apache/metron/pull/865#discussion_r157196342 --- Diff: bundles-maven-plugin/pom.xml --- @@ -0,0 +1,328 @@ + + +http://maven.apache.org/POM/4.0.0; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd;> +4.0.0 + +org.apache +apache +17 + + +org.apache.metron +bundles-maven-plugin +0.4.2 +maven-plugin +Apache Metron Bundles Maven Plugin +http://metron.apache.org --- End diff -- `s/http/https/` > Bundles and Maven Plugin > > > Key: METRON-1212 > URL: https://issues.apache.org/jira/browse/METRON-1212 > Project: Metron > Issue Type: Sub-task >Reporter: Otto Fowler >Assignee: Otto Fowler > Labels: metron-feature-canidate, > metron-feature-extensions-parsers > > The first effort will be to land the bundle system and supporting maven > plugin on master -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (METRON-1212) Bundles and Maven Plugin
[ https://issues.apache.org/jira/browse/METRON-1212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292501#comment-16292501 ] ASF GitHub Bot commented on METRON-1212: Github user JonZeolla commented on a diff in the pull request: https://github.com/apache/metron/pull/865#discussion_r157196527 --- Diff: metron-bundles/bundles-lib/pom.xml --- @@ -0,0 +1,185 @@ + + + +http://maven.apache.org/POM/4.0.0; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd;> +4.0.0 + +org.apache.metron +metron-bundles +0.4.2 + + +bundles-lib +jar + + + +The Apache Software License, Version 2.0 +http://www.apache.org/licenses/LICENSE-2.0.txt --- End diff -- `s/http/https/` > Bundles and Maven Plugin > > > Key: METRON-1212 > URL: https://issues.apache.org/jira/browse/METRON-1212 > Project: Metron > Issue Type: Sub-task >Reporter: Otto Fowler >Assignee: Otto Fowler > Labels: metron-feature-canidate, > metron-feature-extensions-parsers > > The first effort will be to land the bundle system and supporting maven > plugin on master -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (METRON-1212) Bundles and Maven Plugin
[ https://issues.apache.org/jira/browse/METRON-1212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292507#comment-16292507 ] ASF GitHub Bot commented on METRON-1212: Github user JonZeolla commented on a diff in the pull request: https://github.com/apache/metron/pull/865#discussion_r157196378 --- Diff: bundles-maven-plugin/pom.xml --- @@ -0,0 +1,328 @@ + + +http://maven.apache.org/POM/4.0.0; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd;> +4.0.0 + +org.apache +apache +17 + + +org.apache.metron +bundles-maven-plugin +0.4.2 +maven-plugin +Apache Metron Bundles Maven Plugin +http://metron.apache.org + +Apache Metron Project +http://metron.apache.org/ --- End diff -- `s/http/https/` > Bundles and Maven Plugin > > > Key: METRON-1212 > URL: https://issues.apache.org/jira/browse/METRON-1212 > Project: Metron > Issue Type: Sub-task >Reporter: Otto Fowler >Assignee: Otto Fowler > Labels: metron-feature-canidate, > metron-feature-extensions-parsers > > The first effort will be to land the bundle system and supporting maven > plugin on master -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (METRON-1212) Bundles and Maven Plugin
[ https://issues.apache.org/jira/browse/METRON-1212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292498#comment-16292498 ] ASF GitHub Bot commented on METRON-1212: Github user JonZeolla commented on a diff in the pull request: https://github.com/apache/metron/pull/865#discussion_r157196009 --- Diff: metron-bundles/bundles-lib/src/main/java/org/apache/metron/bundles/VfsBundleClassLoaderResource.java --- @@ -0,0 +1,110 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 --- End diff -- I think there's an extraneous space before http in this comment block. > Bundles and Maven Plugin > > > Key: METRON-1212 > URL: https://issues.apache.org/jira/browse/METRON-1212 > Project: Metron > Issue Type: Sub-task >Reporter: Otto Fowler >Assignee: Otto Fowler > Labels: metron-feature-canidate, > metron-feature-extensions-parsers > > The first effort will be to land the bundle system and supporting maven > plugin on master -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (METRON-1212) Bundles and Maven Plugin
[ https://issues.apache.org/jira/browse/METRON-1212?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16292499#comment-16292499 ] ASF GitHub Bot commented on METRON-1212: Github user JonZeolla commented on a diff in the pull request: https://github.com/apache/metron/pull/865#discussion_r157194648 --- Diff: bundles-maven-plugin/README.md --- @@ -0,0 +1,230 @@ + +# Apache Metron Bundle Maven Plugin + +Apache Metron Bundles Maven Plugin helps to build Bundles Archives to support the classloader isolation model. + +## Table of Contents + +- [Requirements](#requirements) +- [Building](#building) +- [Getting Stared](#getting_started) --- End diff -- Change to \[Getting Started\](#getting-started) then insert below \[Quickstart\](#quickstart) \[Settings and configuration\](#settings-and-configuration) > Bundles and Maven Plugin > > > Key: METRON-1212 > URL: https://issues.apache.org/jira/browse/METRON-1212 > Project: Metron > Issue Type: Sub-task >Reporter: Otto Fowler >Assignee: Otto Fowler > Labels: metron-feature-canidate, > metron-feature-extensions-parsers > > The first effort will be to land the bundle system and supporting maven > plugin on master -- This message was sent by Atlassian JIRA (v6.4.14#64029)