Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Metron no longer getting new data

Metron no longer getting new data

Contributor

Hi,

I setup a metron cluster with 3 node followed instruction on the metron wiki page and it's being working. I was able to see all data including, yaf, bro, and snort coming in to elasticsearch and made it to the dashboard. Not sure when it started, but I think right around when I was messing with the parser json files to change the timestamp to be human readable format instead of epoch_millis...I do not see error in any of the topology; I only see one error in the enrichment below...Not sure what that meant but I no longer get any data ingesting to Metron. I check each sensor status via monit and all sensor services are up and running. I check kafka topics and no new data is coming. I checked /var/log/snort/alerts.csv and that file hasn't been modified since many days ago. Please let me know if you have any idea how I can troubleshoot this. Much appreciate your time.

[ERROR] Async loop died!

java.lang.IllegalStateException: [Metron] Unable to update MaxMind database

1 REPLY 1

Re: Metron no longer getting new data

Contributor

I figured my own problem. I was using the tap0 network switch. tap0 needs to be manually bring up when the server gets restarted. so when tap0 was out of business on the server where I have the sensors installed; i pretty much didn't get any traffic push to metron.

Don't have an account?
Coming from Hortonworks? Activate your account here