I setup a metron cluster with 3 node followed instruction on the metron wiki page and it's being working. I was able to see all data including, yaf, bro, and snort coming in to elasticsearch and made it to the dashboard. Not sure when it started, but I think right around when I was messing with the parser json files to change the timestamp to be human readable format instead of epoch_millis...I do not see error in any of the topology; I only see one error in the enrichment below...Not sure what that meant but I no longer get any data ingesting to Metron. I check each sensor status via monit and all sensor services are up and running. I check kafka topics and no new data is coming. I checked /var/log/snort/alerts.csv and that file hasn't been modified since many days ago. Please let me know if you have any idea how I can troubleshoot this. Much appreciate your time.
[ERROR] Async loop died!
java.lang.IllegalStateException: [Metron] Unable to update MaxMind database
I figured my own problem. I was using the tap0 network switch. tap0 needs to be manually bring up when the server gets restarted. so when tap0 was out of business on the server where I have the sensors installed; i pretty much didn't get any traffic push to metron.