metron-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From FeiChen <c_chen...@163.com>
Subject //pcap issue in OpenSOC project
Date Tue, 19 Apr 2016 06:30:44 GMT
The pictures in the mail have some problem, fix again.
--------
Great!
i want get some help about OpenSOC from here.  when i  use the function of pcap in the project
of OpenSoc,  i can not make it work well 
Someone can help me ?
the information below is my issue.
---------------------------------------------------------------
  These days , i have learn more about the OpenSOC and the new concept of the Apache Metron,
but i found the the pcap service could not work well , i run the pcap service in the machine
by 
"java -jar OpenSOC-Pcap_Service-0.6BETA-jar-with-dependencies.jar"  and it start the web service
with a port of 8081 and uri is "/pcapGetter", but when i visit this service with  http://192.168.10.121:8081/pcapGetter
through the web browser, but it  display nothing. then i try to write it into opensoc-ui
config and try to visit it in the opensoc-ui service,  and the pcap search service not work
still, opensoc-ui config can be seen as below, i have tried to find more  material about it
in github website, but failed, ==!
    Someone can tell me how to run the PCAP service so that i can see the pcap data in opensoc
web ui in right way ?  i have already own the pcap data in hbase  and  index  in ES. Just
want to see the function about it in my environment.
    Some information could be seen as below:


Thanks && Best Regards
Fei Chen






【Pcap in Hbase】
【Pcap In ES】
【PIC】

【opensoc-ui config】
__________________
{
  "auth": true,
  "secret": "b^~BN-IdQ9gdp5sa2K$N=d5DV06eN7Y",
  "elasticsearch": {
    "url": "http://192.168.10.124:9200"
  },
  "ldap": {
    "url": "ldap://192.168.10.124:389",
    "searchBase": "dc=opensoc,dc=dev",
    "searchFilter": "(mail={{username}})",
    "searchAttributes": ["cn", "uid", "mail", "givenName", "sn", "memberOf"],
    "adminDn": "cn=admin,dc=opensoc,dc=dev",
    "adminPassword": "opensoc"
  },
  "pcap": {
    "url": "http://192.168.10.121:8081/pcapGetter",
    "mock": false
  },
  "permissions": {
    "pcap": ["cn=investigators,ou=groups,dc=opensoc,dc=dev"]
  }
}
______________________


    






At 2016-04-19 14:17:04, "James Sirota" <jsirota@hortonworks.com> wrote:

Yeah, we see you


From: 陈飞 <c_chenfei@163.com>
Reply-To: "user@metron.incubator.apache.org" <user@metron.incubator.apache.org>
Date: Monday, April 18, 2016 at 11:16 PM
To: "user@metron.incubator.apache.org" <user@metron.incubator.apache.org>
Subject: Re:Re: Dev List as Well?




anyone can see me?  just test if it is ok ! thanks!





At 2016-04-17 02:15:46, "James Sirota" <jsirota@hortonworks.com> wrote:

Hi John,


Yeah please subscribe to 


dev@metron.incubator.apache.org


Thanks,
James 


From: John Omernik <john@omernik.com>
Reply-To: "user@metron.incubator.apache.org" <user@metron.incubator.apache.org>
Date: Friday, April 15, 2016 at 5:25 PM
To: "user@metron.incubator.apache.org" <user@metron.incubator.apache.org>
Subject: Dev List as Well?



Is there a dev list one can subscribe to as well? Looking forward to discussions!


John




 





 
Mime
View raw message