Hello, greetings to all.
I have 5 nodes, installed HDP, and I am already correlating data from some
sources such as a firewall, switches, Server Active directory, Netflow, etc
and all that I analyzed with elastic. My question is how to build this
Metron Apache dashboard:👇
[image: Inline image 1]
I sent a random message to that kafka topic and got this
[image: Inline image 1]
I guess this is because I am not following the format of message I should
send? Like those snort logs you showed.
On Mon, Oct 30, 2017 at 5:24 PM, zeo...@gmail.com wrote:
> They need to meet the format of the logs
They need to meet the format of the logs I sent earlier. Look into the
snort output options - may require you rerun snort, depending on your
situation
Jon
On Mon, Oct 30, 2017, 06:53 Syed Hammad Tahir wrote:
> Yes, I have converted them to text but those logs are simply captured
> packet heade
Yes, I have converted them to text but those logs are simply captured
packet headers over the local network. Now I just push them via that kafka
producer command under topic name of snort and they will be visible in
metron?
On Mon, Oct 30, 2017 at 2:41 PM, zeo...@gmail.com wrote:
> You need text
You need text logs. Here's an example of some properly formatted logs -
https://raw.githubusercontent.com/apache/metron/master/metron-deployment/roles/sensor-stubs/files/snort.out
Jon
On Mon, Oct 30, 2017, 01:34 Syed Hammad Tahir wrote:
> I have found the kafka-console-producer.sh but I need to
