Ok, I have fixed everything on my own. Now that I have snort logs saved in a file, I need to get them to metron. Can anyone help me on that?
On Mon, Oct 23, 2017 at 3:44 PM, Syed Hammad Tahir <[email protected]> wrote: > yes nut I am a bit confused here. Let me ask them as well then. > > On Mon, Oct 23, 2017 at 3:35 PM, [email protected] <[email protected]> > wrote: > >> Hi Syed, >> >> Just to clarify, this a snort issue you are having? If so I suggest >> looking at their documentation (https://snort.org/documents) or reaching >> out to their community (https://snort.org/community), as they have more >> expertise in this area. >> >> Jon >> >> On Mon, Oct 23, 2017, 03:52 Syed Hammad Tahir <[email protected]> >> wrote: >> >>> Hi guys, >>> >>> I tried to add another network interface in order to bridge it to LAN. I >>> tried to do it on virtualbox vm settings and when i did vagrant up after >>> that, there was no bridged interface. Can anyone help me on this? >>> >>> On Sun, Oct 22, 2017 at 11:44 AM, Syed Hammad Tahir < >>> [email protected]> wrote: >>> >>>> Ok, thankyou. I will let you know once I make snort sniff the traffic >>>> in the given configuration, might be helpful for others. I will then try to >>>> do that kafka topic and will ask if any help is needed. >>>> >>>> On Sun, Oct 22, 2017 at 6:10 AM, Laurens Vets <[email protected]> >>>> wrote: >>>> >>>>> Hi Syed, >>>>> >>>>> See inline. >>>>> >>>>> On 2017-10-20 00:32, Syed Hammad Tahir wrote: >>>>> >>>>>> I have installed the snort manually. Now I need help with : >>>>>> >>>>>> 1- Capturing the data of my lan and dumping it via snort :Snort cant >>>>>> see the traffic outside vagrant vm, how do I make it see that traffic? >>>>>> >>>>> >>>>> To be honest, configuring Snort to work on your LAN is out of scope of >>>>> the project. Have a look at the documentation at >>>>> https://www.snort.org/. >>>>> You will probably have to add a 2nd network interface bridged to your >>>>> LAN in promiscuous mode. Additionally, I think most of us expect some >>>>> basic >>>>> Linux & network administration knowledge when using Metron. >>>>> >>>>> 2- Making a kafka topic to push those saved logs in metron for >>>>>> preprocessing >>>>>> >>>>> >>>>> Have a look at the Metron documentation at >>>>> https://metron.apache.org/current-book/index.html. Adding a new >>>>> sensor in the Metron UI will create the Kafka iirc. >>>>> >>>>> 3- Applying a basic Machine learning algorithm on the captured data. >>>>>> >>>>> >>>>> I can't help you with this :) >>>>> >>>> >>>> >>> -- >> >> Jon >> > >
