Member since
08-31-2015
81
Posts
115
Kudos Received
17
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
2703 | 03-22-2017 03:51 PM | |
1643 | 05-04-2016 09:34 AM | |
1327 | 03-24-2016 03:07 PM | |
1469 | 03-24-2016 02:54 PM | |
1376 | 03-24-2016 02:47 PM |
03-28-2016
07:40 PM
8 Kudos
Introduction If you are new to Metron or the Metron Tech Preview 1, the following links should provide some good information to review before walking through the installation:
Intro to Apache Metron What is in Apache Metron Tech Preview 1 Build Instructions The following steps provide instructions on how to install a full working Metron application on a single node VM with Vagrant. This deployment option is ideal for experimenting and playing with the Metron application. While these instructions should work on most development environments, these instructions were tested on Mac OS X El Capitan. Prerequisites On your Macintosh:
Install the latest version of Virtual Box.
Install the latest version of Vagrant.
Install Maven if you don't have it, and define associated environmental variables. For example, add the following to your ~/.bash_profile file: export MAVEN_HOME=/Users/rmckissick/Documents/Files/apache-maven-3.3.9
export PATH=$MAVEN_HOME/bin:$PATH Install JAVA 1.8 if you don't have it, and define associated environment variables. For example, add the following your ~/.bash_profile file. export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk1.8.0_91.jdk/Contents/Home
export PATH=$JAVA_HOME/bin:$PATH If you installed Maven and Java and edited your profile file in steps 2 and 3, reload .bash_profile: source~/.bash_profile Check your Maven installation: mvn–version You
should see information about Maven, Java, and OS X.
Install Ansible, version 2.0 or greater.
For example: sudo su -
easy_install pip
export CFLAGS=-Qunused-arguments
export CPPFLAGS=-Qunused-arguments
pip install ansible
exit
(exit logs off from root and returns to your user account) Build Apache Metron
Download the 0.1 Metron binaries from here (download the .tar.gz file).
Untar the binaries to a location that will be easy to find later: tar -zxvf apache-metron-0.1BETA-RC7-incubating.tar.gz Build the Metron application: cd incubator-metron-Metron_0.1BETA_rc7
mvn apache-rat:check && cd metron-streaming && mvn clean integration-test && cd ..
The mvn command downloads and builds Metron components. It should take about 15 minutes, depending on your hardware configuration. When it finishes, you should see a message similar to the following: [INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] Metron-Streaming ................................... SUCCESS [ 31.437 s]
[INFO] Metron-Common ...................................... SUCCESS [04:58 min]
[INFO] Metron-EnrichmentAdapters .......................... SUCCESS [ 14.185 s]
[INFO] Metron-MessageParsers .............................. SUCCESS [ 2.704 s]
[INFO] Metron-Indexing .................................... SUCCESS [ 26.989 s]
[INFO] Metron-Alerts ...................................... SUCCESS [ 4.651 s]
[INFO] Metron-Testing ..................................... SUCCESS [ 9.167 s]
[INFO] Metron-DataLoads ................................... SUCCESS [04:26 min]
[INFO] Metron-Topologies .................................. SUCCESS [03:05 min]
[INFO] Metron-Pcap_Service ................................ SUCCESS [ 43.666 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 14:43 min
[INFO] Finished at: 2016-04-26T13:11:09-07:00
[INFO] Final Memory: 122M/1649M Deploy Metron as a single VM via Vagrant and Ansible: cd deployment/vagrant/singlenode-vagrant
vagrant plugin install vagrant-hostmanager
vagrant up
The vagrant up process will run through a series of Ansible scripts,
installing Ambari, HDP, and Metron on the single-node VM. The process should
take about 45 - 60 minutes depending on your hardware configuration.
Verify That Apache Metron is Deployed Successfully
Check Ambari to make sure all the services are up by going to Ambari. Sign on with the default login and password "admin". The Ambari dashboard should look like the following: Verify that four Storm topologies have been deployed: bro, enrichment, snort, and yaf. From Ambari, navigate to Storm -> Quick Links -> Storm UI. You should see the four storm topologies deployed. The Metron Storm UI should look something like the following:
Check that the enrichment topology has emitted some data (this could take a few minutes to show up in the Storm UI). The storm enrichment topology UI should look something like the following: Go to the Metron UI (at http://node1:5000). Check indexes to make sure indexing is done correctly and data is visualized. The Metron UI should look something like the following: Check that some data is written into HDFS for at least one of the data sources vagrant ssh node1
sudo su hdfs
hadoop fs -ls /apps/metron/enrichment/indexed Questions/Issues If you have any questions or install issues, post your question to the CyberSecurity HCC Track.
... View more
Labels:
03-24-2016
03:07 PM
1 Kudo
See the following on how to add test alerts via snort: https://cwiki.apache.org/confluence/display/METRON/Adding+Dummy+Snort+Data+for+Load+Testing Once you follow hose instructions, you should now see test snort alerts in the Alerts Panel. See screenshot.
... View more
03-24-2016
03:04 PM
1 Kudo
I ran the Metron Installer for AWS. The Metron UI dashboard shows no alerts How do I generate some test alerts?
... View more
Labels:
- Labels:
-
Apache Metron
03-24-2016
02:54 PM
I logged into one of the ec2 nodes where an hdp client was installed and after switching to hdfs I deleted the following folder in HDFS and re-ran the installer. This fixed the issue for me. hadoop fs -rmr /apps/metron/patterns hadoop fs -rmr /apps/metron/enrichments
... View more
03-24-2016
02:52 PM
1 Kudo
I ran into an issue when i ran the Metron Installer on AWS based on these instructions: https://github.com/apache/incubator-metron/tree/Metron_0.1BETA_rc5/deployment/amazon-ec2 I fixed that issue and I re-ran the installer via the command: ansible-playbook -i ec2.py playbook.yml --skip-tags="wait" However, then I ran into the following error: 03-24 06:22:36,900 p=68310 u=gvetticaden | fatal: [ec2-54-186-178-244.us-west-2.compute.amazonaws.com]: FAILED! => {"changed": true, "cmd": ["hdfs", "dfs", "-put", "/usr/metron/0.1BETA/config/patterns", "/apps/metron"], "delta": "0:00:02.300088", "end": "2016-03-24 11:22:36.562397", "failed": true, "rc": 1, "start": "2016-03-24 11:22:34.262309", "stderr": "put: `/apps/metron/patterns/asa': File exists\nput: `/apps/metron/patterns/common': File exists\nput: `/apps/metron/patterns/fireeye': File exists\nput: `/apps/metron/patterns/sourcefire': File exists\nput: `/apps/metron/patterns/yaf': File exists", "stdout": "", "stdout_lines": [], "warnings": []}
2016-03-24 06:22:36,904 p=68310 u=gvetticaden | to retry, use: --limit @playbook.retry
... View more
Labels:
- Labels:
-
Apache Metron
03-24-2016
02:47 PM
1 Kudo
I solved the problem by upgrading my virtual box from 4.2.4 to 5.0.16. Ensure that you have the latest virtual box.
... View more
03-24-2016
02:46 PM
I'm trying to install the single node vagrant installer. https://github.com/apache/incubator-metron/tree/Metron_0.1BETA_rc5/deployment/vagrant/singlenode-vagrant Steps that I ran were the following: Downloaded the RC_5 tech preview candiate here; http://home.apache.org/~jsirota/metron/Metron_0.1BETA_RC/RC_5/ cd incubator-metron Built source: mvn apache-rat:check && cd metron-streaming && mvn clean integration-test
&& cd .. cd deployment/vagrant/singlenode-vagrant
Ran vagrant scripts: vagrant plugin install vagrant-hostmanager vagrant up The error that I'm getting when running vagrant up is the following Georges-MacBook-Pro-3:singlenode-vagrant gvetticaden$ vagrant up
Bringing machine 'node1' up with 'virtualbox' provider...
==> node1: Box 'bento/centos-6.7' could not be found. Attempting to find and install...
node1: Box Provider: virtualbox
node1: Box Version: >= 0
==> node1: Loading metadata for box 'bento/centos-6.7'
node1: URL: https://atlas.hashicorp.com/bento/centos-6.7
==> node1: Adding box 'bento/centos-6.7' (v2.2.3) for provider: virtualbox
node1: Downloading: https://atlas.hashicorp.com/bento/boxes/centos-6.7/versions/2.2.3/providers/virtualbox.box
==> node1: Successfully added box 'bento/centos-6.7' (v2.2.3) for 'virtualbox'!
==> node1: Importing base box 'bento/centos-6.7'...
==> node1: Matching MAC address for NAT networking...
==> node1: Checking if box 'bento/centos-6.7' is up to date...
==> node1: Setting the name of the VM: singlenode-vagrant_node1_1458751896067_60751
==> node1: Clearing any previously set network interfaces...
There was an error while executing `VBoxManage`, a CLI used by Vagrant
for controlling VirtualBox. The command and stderr is shown below.
Command: ["hostonlyif", "create"]
Stderr: 0%...
Progress state: NS_ERROR_FAILURE
VBoxManage: error: Failed to create the host-only adapter
VBoxManage: error: VBoxNetAdpCtl: Error while adding new interface: failed to open /dev/vboxnetctl: No such file or directory
VBoxManage: error: Details: code NS_ERROR_FAILURE (0x80004005), component HostNetworkInterface, interface IHostNetworkInterface
VBoxManage: error: Context: "int handleCreate(HandlerArg*, int, int*)" at line 68 of file VBoxManageHostonly.cpp
... View more
Labels:
- Labels:
-
Apache Metron
03-24-2016
02:18 PM
1 Kudo
To re-run an installer faster add --skip-tags attribute to the ansible command like the following: ansible-playbook -i ec2.py playbook.yml --skip-tags="wait"
... View more
03-24-2016
02:17 PM
I ran the Metron Installer and one of the last tasks errored out (Metron UI task). How do i re-rerun the installer so that it runs faster..(doesn't do unecessary waits for aws instances to come up, etc since they are already up)
... View more
Labels:
- Labels:
-
Apache Metron
03-24-2016
09:00 AM
2 Kudos
This is primarly caused because the path to the metron code is too long. You can solve this problem by shortening the path or changing the control_path from control_path = %(directory)s/%%h-%%p-%%r to control_path = %(directory)s/%%C
... View more