Re: snort topology doesn't emitted automatically

[tkg_cangkul]

sorry but there i didn't found that directory on my cluster.
for your information, i'm using metron 0.3.0 now.

when i try to run this command manually :

tail -F /var/log/snort/alert.csv | 
/usr/yava/2.2.0.5/kafka/bin/kafka-console-producer.sh --broker-list 
localhost:6667 --topic snort


i've got an error message like this :

*[2017-03-23 01:03:49,998] ERROR Error when sending message to topic 
snort with key: null, value: 214 bytes with error: 
(org.apache.kafka.clients.producer.internals.ErrorLoggingCallback)**
**org.apache.kafka.common.errors.TimeoutException: Failed to update 
metadata after 6 ms*




On 23/03/17 00:59, Otto Fowler wrote:

/opt/snort-producer/start-snort-producer.sh


On March 22, 2017 at 13:30:36, tkg_cangkul (yuza.ras...@gmail.com 
) wrote:



start_snort_producer.sh

Re: snort topology doesn't emitted automatically

[Otto Fowler]

/opt/snort-producer/start-snort-producer.sh



On March 22, 2017 at 13:30:36, tkg_cangkul (yuza.ras...@gmail.com) wrote:

start_snort_producer.sh

Re: snort topology doesn't emitted automatically

[tkg_cangkul]

where i can find the start_snort_producer.sh script? i didn't see it 
inside my metron_home dir


On 22/03/17 23:54, Otto Fowler wrote:
One time, I saw an issue where the flume agent did not have the 
correct rights

to access the csv, so died a horrible death.

We don’t use flume any longer however.  I would want to take a look at 
the log files

for what is reading the snort csv.

I believe the start_snort_producer.sh script is used now.  I am not 
sure about the logs,

but maybe you can try to run that manually and see the output?


On March 22, 2017 at 11:38:53, tkg_cangkul (yuza.ras...@gmail.com 
) wrote:



anyone can help me to solved this?

On 22/03/17 15:24, tkg_cangkul wrote:

hi, i've try to using snort as a sensor on metron in my ambari cluster.
now i've a problem. the snort topology doesn't emitted the data 
automatically.

i must send the messages to kafka manually to emitted the data.

/cat /var/log/snort/alert.csv | bin/kafka-console-producer.sh 
--broker-list localhost:6667 --topic snort/


any suggest about this?

Re: snort topology doesn't emitted automatically

[Otto Fowler]

One time, I saw an issue where the flume agent did not have the correct
rights
to access the csv, so died a horrible death.

We don’t use flume any longer however.  I would want to take a look at the
log files
for what is reading the snort csv.

I believe the start_snort_producer.sh script is used now.  I am not sure
about the logs,
but maybe you can try to run that manually and see the output?


On March 22, 2017 at 11:38:53, tkg_cangkul (yuza.ras...@gmail.com) wrote:

anyone can help me to solved this?

On 22/03/17 15:24, tkg_cangkul wrote:

hi, i've try to using snort as a sensor on metron in my ambari cluster.
now i've a problem. the snort topology doesn't emitted the data
automatically.
i must send the messages to kafka manually to emitted the data.

*cat /var/log/snort/alert.csv | bin/kafka-console-producer.sh --broker-list
localhost:6667 --topic snort*

any suggest about this?