Hi, Thanks for the help, Lets get started document how to use snort, bro and yaf ? Please give me a simple example. I will document it and try to make to contribute to main documentation.
As for as the Vagrant Disk Resize is concerned. I tried this method from http://unix.stackexchange.com/a/176705/28597 $ VBoxManage list hdds [get the UUID of the disk in question from the output] $ VBoxManage modifyhd [UUID] --resize [size in MiB] I am encountering following error [root@centos16 quick-dev-platform]# VBoxManage modifyhd 2962f332-6b83-4a8c-8906-427357634888 --resize 153600 VBoxManage: error: Failed to lock media when compacting '/root/VirtualBox VMs/quick-dev-platform_node1_1490609732558_14824/quick-dev- centos-6.7-disk1.vmdk' VBoxManage: error: Details: code VBOX_E_INVALID_OBJECT_STATE (0x80bb0007), component MediumWrap, interface IMedium, callee nsISupports VBoxManage: error: Context: "Resize(cbResize, pProgress.asOutParam())" at line 691 of file VBoxManageDisk.cpp VBoxManage: error: Failed to resize medium! On Mon, Apr 3, 2017 at 3:08 PM, zeo...@gmail.com <zeo...@gmail.com> wrote: > Sorry about the brevity, answering on my phone. > > 1. By default the data comes from the sensor-stubs. For more details see > https://github.com/apache/incubator-metron/blob/master/ > metron-deployment/roles/sensor-stubs/README.md > > 2. The vagrant details come from these two locations - > https://atlas.hashicorp.com/metron/boxes/quick_dev and > https://github.com/apache/incubator-metron/blob/master/ > metron-deployment/vagrant/quick-dev-platform/Vagrantfile and you should > be able to use this to change the hard drive size - > http://unix.stackexchange.com/a/176705/28597 > > 3. Do you mean how to set up bro, yaf, and snort independently and then > use them in a Metron cluster? I can help with that, and we definitely > should have that documented, I agree. For some immediate information you > can look at the snort yaf and bro roles - https://github.com/apache/ > incubator-metron/tree/master/metron-deployment/roles/snort > https://github.com/apache/incubator-metron/tree/master/ > metron-deployment/roles/yaf and https://github.com/apache/ > incubator-metron/tree/master/metron-deployment/roles/bro > > 4. I don't know for sure but if you vagrant SSH then run some du commands > you can find where is using the most data. My first thought is that you > have a large number of error messages somewhere because the sensor logs > should be rather low volume, although perpetual. > > Jon > > On Mon, Apr 3, 2017, 4:20 AM Farrukh Naveed Anjum <anjum.farr...@gmail.com> > wrote: > >> Hi, >> >> I am working on the Metro 0.3.1 in short span of time. It fills out all >> the space of 67 GB Box. I have few simple questions I hope some will be >> able to answer them. >> >> 1. From where do we get the Bro, YAF, Snort data ? Does they sniff on >> eth0 or they keep running some kind of garbage alerts ? (Please keep in >> mind i am talking about there default behavior) >> >> 2. Is there any way I can Increase the HardDrive Space of >> QuickDevelopment Vagrant Machine to 150GB ? >> >> 3. There is also zero information on how to kick start with Snort,Bro and >> YAF. A small tutorial on it will be appericatate. As Merton classic use >> case is built on the NiFi Log parsing usecase. >> >> 4. Why my disk space keep filling out >> >> Disk Usage (Non DFS Used) 51.8 GB / 67.6 GB (76.63%) >> >> I will like to help crate document + presentation on it. If some one help >> me just kick start on it. >> >> >> -- >> With Regards >> Farrukh Naveed Anjum >> > -- > > Jon > -- With Regards Farrukh Naveed Anjum
