Hi, Thanks for the support. Can it be performed both on dumped log and real time data? Regards.
On Tue, Oct 17, 2017 at 1:02 AM, James Sirota <[email protected]> wrote: > What I mean is that you should install snort, load the appropriate Snort > rules for your use case, set Snort to log to a directory, and send traffic > to the network interface where Snort is listening. That will produce Snort > log files. Then you can push the contents of Snort logs either to Kafka > using NiFi (preferred) or using Kafka utilities such as command line > producer. This should be pushed to a Kafka topic called Snort where each > message is a log line of the Snort file. Does that make sense? > > Thanks, > James > > > 11.10.2017, 23:08, "Syed Hammad Tahir" <[email protected]>: > > You mean that I must start snort from terminal by doing snort -v and then > push it to kafka topic? I need to start snort in packet capture mode. > > On Tue, Oct 10, 2017 at 9:52 PM, James Sirota <[email protected]> wrote: > > Yes, you can use Snort. Metron can consume Snort telemetries out of the > box. You have to setup Snort on your own and push the output into a kafka > topic (most likely using NiFi). From there on you can use the output of > Snort in Metron. > > > 10.10.2017, 00:48, "Syed Hammad Tahir" <[email protected]>: > > Hi, > > Can I use snort in packet capture mode with metron? By default it works in > IDS mode only. > > Regards. > > > > ------------------- > Thank you, > > James Sirota > PMC- Apache Metron > jsirota AT apache DOT org > > > > > ------------------- > Thank you, > > James Sirota > PMC- Apache Metron > jsirota AT apache DOT org > >
