One time, I saw an issue where the flume agent did not have the correct rights to access the csv, so died a horrible death.
We don’t use flume any longer however. I would want to take a look at the log files for what is reading the snort csv. I believe the start_snort_producer.sh script is used now. I am not sure about the logs, but maybe you can try to run that manually and see the output? On March 22, 2017 at 11:38:53, tkg_cangkul (yuza.ras...@gmail.com) wrote: anyone can help me to solved this? On 22/03/17 15:24, tkg_cangkul wrote: hi, i've try to using snort as a sensor on metron in my ambari cluster. now i've a problem. the snort topology doesn't emitted the data automatically. i must send the messages to kafka manually to emitted the data. *cat /var/log/snort/alert.csv | bin/kafka-console-producer.sh --broker-list localhost:6667 --topic snort* any suggest about this?
