Support Questions
Find answers, ask questions, and share your expertise

I installed Metron using Ambari. How do I configure bro, snort, pcap and others and push data to Metron ?

I installed Metron using Ambari. How do I configure bro, snort, pcap and others and push data to Metron ?

 
7 REPLIES 7

Re: I installed Metron using Ambari. How do I configure bro, snort, pcap and others and push data to Metron ?

Explorer

Re: I installed Metron using Ambari. How do I configure bro, snort, pcap and others and push data to Metron ?

Rising Star

Have you installed the Bro plugin into your bro install? That's how you push the Bro output into Kafka so Metron can consume. Take a look at this:

https://github.com/apache/metron/tree/master/metron-sensors/bro-plugin-kafka

Re: I installed Metron using Ambari. How do I configure bro, snort, pcap and others and push data to Metron ?

Explorer

Re: I installed Metron using Ambari. How do I configure bro, snort, pcap and others and push data to Metron ?

Expert Contributor

Hi Guys, All of your reply is for the "normal" apache metron installation. Here we have installed everything with HCP (ambari installation) which seams to be not installed in the "same manner". All the path that are mention in your links doesn't exist with hcp installation. DO you have any other link or tuto to install the plugin that will pull event from pcap or bro to kafka?

Thanks,

Michel

Re: I installed Metron using Ambari. How do I configure bro, snort, pcap and others and push data to Metron ?

Explorer

Michel,

I have the same issues with the new HCP package. it seems it's missing a lot more that the previous way on installing Metron. I did rebuild my Metron installation with HCP and now I regret it!

I cannot even login to Metron UI: it gives: "Login Failed for metron"

all the Ambari "quick links" are not there obviously since you need to install them manually AFTER installing HCP.

isn't HCP stands for the whole Cyber package??

Frank

Re: I installed Metron using Ambari. How do I configure bro, snort, pcap and others and push data to Metron ?

Super Collaborator

Hi @msumbul, on a HCP setup, you can find the metron binaries located under /usr/hcp/current/... from there on, the path locations should be same as that of Apache Metron community install. Let me know if there is any specific path that you are not able to find.

The HCP documentation link below has some generic info related to the canned sensors. Please see if this helps.

https://docs.hortonworks.com/HDPDocuments/HCP1/HCP-1.1.0/bk_administration/content/telemetry_data_so...

Re: I installed Metron using Ambari. How do I configure bro, snort, pcap and others and push data to Metron ?

Explorer

hi @asubramanian

do you know how to troubleshoot the metron UI? because as I mention in my earlier comment to Michel, that I cannot login to my metron UI. I get the login page but when I punch metron metron as username and pass it says "Login failed for metron"

Any help would be appreciated.

Frank