metron-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Otto Fowler <ottobackwa...@gmail.com>
Subject Re: how to using snort as a sensor on metron
Date Mon, 20 Feb 2017 02:23:08 GMT
If you deploy the snort sensor and topology through metron it gets set up.
Did you do that?


On February 18, 2017 at 22:28:19, Youzha (yuza.rasfar@gmail.com) wrote:

is flume automatically read the snort logs.? can i see your flume agent
configuration sample?

On Sun, Feb 19, 2017 at 12:50 AM Otto Fowler <ottobackwards@gmail.com>
wrote:

> I don’t have it setup right now, but if you go into var/log on the snort
> machine, look for the flume agent logs and make sure there are not errors
> there.
>
>
>
> On February 18, 2017 at 12:39:48, Youzha (yuza.rasfar@gmail.com) wrote:
>
>
>
>
>
>
>
>
>
>
>
>
>
> no i'm not using vagrant setup. i'm using ansible playbook
>
> setup. i'm using ambari environtment
>
>
>
>
>
>
>
> On Sat, Feb 18, 2017 at 8:53 PM Otto Fowler <ottobackwards@gmail.com>
>
> wrote:
>
>
>
>
>
>
> Are you using one of the vagrant setups?
>
> What is your environment?
>
>
>
>
>
>
>
>
>
>
>
>
> On February
>
> 18, 2017 at 04:55:54, Youzha (yuza.rasfar@gmail.com) wrote:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> hi. anyone can
>
> explained to me how to using snort as
>
>
>
>
>
> a metron sensor?
>
>
>
>
>
> i've try this link
>
> :
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> https://cwiki.apache.org/confluence/display/METRON/Adding+Dummy+Snort+Data+for+Load+Testing
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> but i don't see
>
> anything work on my snort topology or my
>
>
>
>
>
> metron UI dashboard. there is no data emitted on my snort
>
>
>
>
>
> topology.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> is there any
>
> topology that i need to make this work? pls tell
>
>
>
>
>
> me step by step to using this sensor.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ​
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

Mime
View raw message