Archives of Support Questions (Read Only)

Hello @asubramanian

I tried your guide. But I don't understand add services for master & slave nodes. Can you help me?

Many thanks.

Hi @Lee Adrian, are you referring to the HCC article or the quick-dev github page? If its the former, can you tell me which step are you having trouble with?

HI @Lee Adrian, were you able to resolve the issue?

Hi @asubramanian, Thanks you. I done configured follow your guide, but I don't pattern Bro log on Kibana. Can you help me?

I find on /usr/metron/0.3.0/patterns path but It's have asa, common, fireeye, sourcefire, squid, websphere, yaf files.

Hi @Lee Adrian,

Metron uses a BasicBroParser and hence you dont see a pattern for bro. As you can see from the output below for bro and squid:

[root@node1 ~]# cat /usr/metron/0.3.1/config/zookeeper/parsers/bro.json
{
  "parserClassName":"org.apache.metron.parsers.bro.BasicBroParser",
  "sensorTopic":"bro",
  "parserConfig": {}
}

[root@node1 ~]# cat /usr/metron/0.3.1/config/zookeeper/parsers/squid.json
{
  "parserClassName": "org.apache.metron.parsers.GrokParser",
  "sensorTopic": "squid",
  "parserConfig": {
    "grokPath": "/patterns/squid",
    "patternLabel": "SQUID_DELIMITED",
    "timestampField": "timestamp"
  },
  "fieldTransformations" : [
    {
      "transformation" : "STELLAR"
    ,"output" : [ "full_hostname", "domain_without_subdomains" ]
    ,"config" : {
      "full_hostname" : "URL_TO_HOST(url)"
      ,"domain_without_subdomains" : "DOMAIN_REMOVE_SUBDOMAINS(full_hostname)"
                }
    }
                           ]
}

If you think that my answer helped you, can you please mark it as accepted? Thank you!