Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to extend Java codes in Snort topology?

How to extend Java codes in Snort topology?

New Contributor

We are using Snort to send network packets to Apache Metron, and we want to calculate the average delay between packets (do a statistical analysis). Our solution is to write a java program by changing existing Snort topology inside Apache Storm (we want to make the least changes inside prepared java codes by Metron's team). First of all, is it a right solution?!

Currently, we are able to send packets via Nifi Site-to-Site from a remote machine to the Metron server and see the results in Elasticsearch. To do the job, which file(s) in Metron should be changed, and where should I save the output(s), HDFS for instance?

In the second step, we need to consider windowing to calculate the average value in specific periods. Any advice would be appreciated.

1 REPLY 1

Re: How to extend Java codes in Snort topology?

Contributor