Support Questions

aaron_harris · ‎10-13-2016

Have setup an instance of Metron in a single instance VM, bro and yaf data is flowing through into elastic search indexes, however there seems to be an error with flume starting up to ingest the snort logs.

I am getting the below error in the flume logs, however I cannot see a reference to a /snort folder in the flume-snort.conf file.

13 Oct 2016 14:06:33,238 ERROR [main] (org.apache.flume.node.Application.main:307)  - A fatal error occurred while running. Exception follows.
org.apache.commons.cli.ParseException: The specified configuration file does not exist: /snort

Any help would be greatly appreciated.

aaron_harris · ‎10-14-2016

In case anyone has the same issue I resolved by manually starting flume via shell access to the node;

/usr/hdp/current/flume-server/bin/flume-ng agent -n snort -c /usr/hdp/current/flume-server/conf -f /usr/hdp/current/flume-server/conf/flume-snort.conf

View solution in original post

aaron_harris · ‎10-14-2016

In case anyone has the same issue I resolved by manually starting flume via shell access to the node;

/usr/hdp/current/flume-server/bin/flume-ng agent -n snort -c /usr/hdp/current/flume-server/conf -f /usr/hdp/current/flume-server/conf/flume-snort.conf

Cloudera Community

Support Questions

Error Ingesting Snort data into Metron