Ok, thankyou. I will let you know once I make snort sniff the traffic in the given configuration, might be helpful for others. I will then try to do that kafka topic and will ask if any help is needed.
On Sun, Oct 22, 2017 at 6:10 AM, Laurens Vets <[email protected]> wrote: > Hi Syed, > > See inline. > > On 2017-10-20 00:32, Syed Hammad Tahir wrote: > >> I have installed the snort manually. Now I need help with : >> >> 1- Capturing the data of my lan and dumping it via snort :Snort cant see >> the traffic outside vagrant vm, how do I make it see that traffic? >> > > To be honest, configuring Snort to work on your LAN is out of scope of the > project. Have a look at the documentation at https://www.snort.org/. > You will probably have to add a 2nd network interface bridged to your LAN > in promiscuous mode. Additionally, I think most of us expect some basic > Linux & network administration knowledge when using Metron. > > 2- Making a kafka topic to push those saved logs in metron for >> preprocessing >> > > Have a look at the Metron documentation at https://metron.apache.org/curr > ent-book/index.html. Adding a new sensor in the Metron UI will create the > Kafka iirc. > > 3- Applying a basic Machine learning algorithm on the captured data. >> > > I can't help you with this :) >
