All I did was install snort separately on vagrant ssh console. The ran it to collect logs. Now I need to bring those logs to metron.
On Wed, Oct 25, 2017 at 9:50 AM, Farrukh Naveed Anjum < [email protected]> wrote: > Hi Syed Hammed, > > Can you share the steps how did you connected snort with external source ? > (Metron Snort ?) > > On Tue, Oct 24, 2017 at 8:27 PM, Nick Allen <[email protected]> wrote: > >> Take a look at `kafka-console-producer.sh`, which is installed as part of >> Kafka. >> >> On Tue, Oct 24, 2017 at 2:11 AM, Syed Hammad Tahir <[email protected]> >> wrote: >> >>> Ok, I have fixed everything on my own. Now that I have snort logs saved >>> in a file, I need to get them to metron. Can anyone help me on that? >>> >>> On Mon, Oct 23, 2017 at 3:44 PM, Syed Hammad Tahir <[email protected] >>> > wrote: >>> >>>> yes nut I am a bit confused here. Let me ask them as well then. >>>> >>>> On Mon, Oct 23, 2017 at 3:35 PM, [email protected] <[email protected]> >>>> wrote: >>>> >>>>> Hi Syed, >>>>> >>>>> Just to clarify, this a snort issue you are having? If so I suggest >>>>> looking at their documentation (https://snort.org/documents) or >>>>> reaching out to their community (https://snort.org/community), as >>>>> they have more expertise in this area. >>>>> >>>>> Jon >>>>> >>>>> On Mon, Oct 23, 2017, 03:52 Syed Hammad Tahir <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi guys, >>>>>> >>>>>> I tried to add another network interface in order to bridge it to >>>>>> LAN. I tried to do it on virtualbox vm settings and when i did vagrant up >>>>>> after that, there was no bridged interface. Can anyone help me on this? >>>>>> >>>>>> On Sun, Oct 22, 2017 at 11:44 AM, Syed Hammad Tahir < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Ok, thankyou. I will let you know once I make snort sniff the >>>>>>> traffic in the given configuration, might be helpful for others. I will >>>>>>> then try to do that kafka topic and will ask if any help is needed. >>>>>>> >>>>>>> On Sun, Oct 22, 2017 at 6:10 AM, Laurens Vets <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi Syed, >>>>>>>> >>>>>>>> See inline. >>>>>>>> >>>>>>>> On 2017-10-20 00:32, Syed Hammad Tahir wrote: >>>>>>>> >>>>>>>>> I have installed the snort manually. Now I need help with : >>>>>>>>> >>>>>>>>> 1- Capturing the data of my lan and dumping it via snort :Snort >>>>>>>>> cant see the traffic outside vagrant vm, how do I make it see that >>>>>>>>> traffic? >>>>>>>>> >>>>>>>> >>>>>>>> To be honest, configuring Snort to work on your LAN is out of scope >>>>>>>> of the project. Have a look at the documentation at >>>>>>>> https://www.snort.org/. >>>>>>>> You will probably have to add a 2nd network interface bridged to >>>>>>>> your LAN in promiscuous mode. Additionally, I think most of us expect >>>>>>>> some >>>>>>>> basic Linux & network administration knowledge when using Metron. >>>>>>>> >>>>>>>> 2- Making a kafka topic to push those saved logs in metron for >>>>>>>>> preprocessing >>>>>>>>> >>>>>>>> >>>>>>>> Have a look at the Metron documentation at >>>>>>>> https://metron.apache.org/current-book/index.html. Adding a new >>>>>>>> sensor in the Metron UI will create the Kafka iirc. >>>>>>>> >>>>>>>> 3- Applying a basic Machine learning algorithm on the captured data. >>>>>>>>> >>>>>>>> >>>>>>>> I can't help you with this :) >>>>>>>> >>>>>>> >>>>>>> >>>>>> -- >>>>> >>>>> Jon >>>>> >>>> >>>> >>> >> > > > -- > With Regards > Farrukh Naveed Anjum >
