metron-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject [41/44] metron git commit: METRON-819: Document kafka console producer parameter for sensors with kerberos (mmiklavc) closes apache/metron#507
Date Thu, 01 Jun 2017 21:42:00 GMT
METRON-819: Document kafka console producer parameter for sensors with kerberos (mmiklavc)
closes apache/metron#507


Project: http://git-wip-us.apache.org/repos/asf/metron/repo
Commit: http://git-wip-us.apache.org/repos/asf/metron/commit/9dc8c3a7
Tree: http://git-wip-us.apache.org/repos/asf/metron/tree/9dc8c3a7
Diff: http://git-wip-us.apache.org/repos/asf/metron/diff/9dc8c3a7

Branch: refs/heads/Metron_0.4.0
Commit: 9dc8c3a707bbdd4ac2070d5e29a558abde63f360
Parents: f127c6d
Author: mmiklavc <michael.miklavcic@gmail.com>
Authored: Wed May 31 15:31:51 2017 -0600
Committer: Michael Miklavcic <michael.miklavcic@gmail.com>
Committed: Wed May 31 15:31:51 2017 -0600

----------------------------------------------------------------------
 metron-deployment/Kerberos-manual-setup.md | 30 ++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/metron/blob/9dc8c3a7/metron-deployment/Kerberos-manual-setup.md
----------------------------------------------------------------------
diff --git a/metron-deployment/Kerberos-manual-setup.md b/metron-deployment/Kerberos-manual-setup.md
index 76d3701..1540231 100644
--- a/metron-deployment/Kerberos-manual-setup.md
+++ b/metron-deployment/Kerberos-manual-setup.md
@@ -17,7 +17,7 @@ This document provides instructions for kerberizing Metron's Vagrant-based
devel
 Setup
 -----
 
-1. Deploy a Vagrant development environment; either [Full Dev](full-dev-platform) or [Quick
Dev](quick-dev-platform).
+1. Deploy a Vagrant development environment; either [Full Dev](vagrant/full-dev-platform/README.md)
or [Quick Dev](vagrant/quick-dev-platform/README.md).
 
 1. Export the following environment variables.  These need to be set for the remainder of
the instructions. Replace `node1` with the appropriate hosts, if you are running Metron anywhere
other than Vagrant.
 
@@ -424,6 +424,34 @@ KVNO Timestamp         Principal
 
 ### Kafka with Kerberos enabled
 
+#### Running Sensors
+
+A couple steps are required to produce data to a Kerberized Kafka topic. On the host you'll
be setting up your sensor(s), switch to the metron user and create a client_jaas.conf file
in the metron home directory if one doesn't already exist. It should be owned by metron:metron
and
+contain at least the following stanza that tells the Kafka client how to interact with Kerberos:
+```
+su - metron
+cat ${METRON_HOME}/client_jaas.conf
+...
+KafkaClient {
+   com.sun.security.auth.module.Krb5LoginModule required
+   useKeyTab=true
+   keyTab="/etc/security/keytabs/metron.headless.keytab"
+   storeKey=true
+   useTicketCache=false
+   serviceName="kafka"
+   principal="metron@EXAMPLE.COM";
+};
+```
+
+You'll also need to set KAFKA_OPTS to tell the Kafka client how to interact with Kerberos.
+```
+export KAFKA_OPTS="-Djava.security.auth.login.config=${METRON_HOME}/client_jaas.conf"
+```
+
+For sensors that leverage the Kafka console producer to pipe data into Metron, e.g. Snort
and Yaf, you will need to modify the corresponding sensor shell scripts or config to append
the SASL security protocol property. `--security-protocol SASL_PLAINTEXT`. Be sure to kinit
with the metron user's keytab before executing the script that starts the sensor.
+
+More notes can be found in [metron/metron-sensors/README.md](../metron-sensors/README.md)
+
 #### Write data to a topic with SASL
 
 ```


Mime
View raw message