Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ingest snort alert

Highlighted

Ingest snort alert

New Contributor

Hi everyone.,

I install apache flume and Snort on Server. But Kibana don't index snort*. I configured flume.conf file.

snort.channels=memory-channel
snort.channels.memory-channel.capacity=1000
snort.channels.memory-channel.transactionCapacity=100
snort.channels.memory-channel.type=memory
snort.sinks=kafka-sink logger-sink
snort.sinks.kafka-sink.brokerList=node1:6667
snort.sinks.kafka-sink.channel=memory-channel
snort.sinks.kafka-sink.topic=snort
snort.sinks.kafka-sink.type=org.apache.flume.sink.kafka.KafkaSink
snort.sinks.logger-sink.channel=memory-channel
snort.sinks.logger-sink.type=logger
snort.sources=exec-source
snort.sources.exec-source.channels=memory-channel
snort.sources.exec-source.command=tail -F /var/log/snort/alert
snort.sources.exec-source.logStdErr=true
snort.sources.exec-source.restart=true
snort.sources.exec-source.type=exec
1 REPLY 1

Re: Ingest snort alert

New Contributor

When I check storm log, it's show.

2017-04-18 17:44:03.921 o.a.s.d.executor [ERROR] java.lang.IllegalStateException: Unable to parse message: 04/18-17:44:00.620823 [**] [1:999158:0] Sample Metron Message from Snort [**] [Priority: 0]

Don't have an account?
Coming from Hortonworks? Activate your account here