Sorry about the brevity, answering on my phone. 1. By default the data comes from the sensor-stubs. For more details see https://github.com/apache/incubator-metron/blob/master/metron-deployment/roles/sensor-stubs/README.md
2. The vagrant details come from these two locations - https://atlas.hashicorp.com/metron/boxes/quick_dev and https://github.com/apache/incubator-metron/blob/master/metron-deployment/vagrant/quick-dev-platform/Vagrantfile and you should be able to use this to change the hard drive size - http://unix.stackexchange.com/a/176705/28597 3. Do you mean how to set up bro, yaf, and snort independently and then use them in a Metron cluster? I can help with that, and we definitely should have that documented, I agree. For some immediate information you can look at the snort yaf and bro roles - https://github.com/apache/incubator-metron/tree/master/metron-deployment/roles/snort https://github.com/apache/incubator-metron/tree/master/metron-deployment/roles/yaf and https://github.com/apache/incubator-metron/tree/master/metron-deployment/roles/bro 4. I don't know for sure but if you vagrant SSH then run some du commands you can find where is using the most data. My first thought is that you have a large number of error messages somewhere because the sensor logs should be rather low volume, although perpetual. Jon On Mon, Apr 3, 2017, 4:20 AM Farrukh Naveed Anjum <anjum.farr...@gmail.com> wrote: > Hi, > > I am working on the Metro 0.3.1 in short span of time. It fills out all > the space of 67 GB Box. I have few simple questions I hope some will be > able to answer them. > > 1. From where do we get the Bro, YAF, Snort data ? Does they sniff on eth0 > or they keep running some kind of garbage alerts ? (Please keep in mind i > am talking about there default behavior) > > 2. Is there any way I can Increase the HardDrive Space of QuickDevelopment > Vagrant Machine to 150GB ? > > 3. There is also zero information on how to kick start with Snort,Bro and > YAF. A small tutorial on it will be appericatate. As Merton classic use > case is built on the NiFi Log parsing usecase. > > 4. Why my disk space keep filling out > > Disk Usage (Non DFS Used) 51.8 GB / 67.6 GB (76.63%) > > I will like to help crate document + presentation on it. If some one help > me just kick start on it. > > > -- > With Regards > Farrukh Naveed Anjum > -- Jon
