The solution is to configure the logs with default syntax and with year, changing the SNORT configuration (/etc/snort/snort.conf), adding this two line to logging section: config show_year output alert_csv: /var/log/snort/alert_metron.csv default  Then, do the same tail to the new file. ... View more

@asubramanian I installed Metron using Ambari. I want to install Yaf as a standalone application on a centos/ubuntu client. How can I transfer generated logs (probably IPFIX logs) to the metron server? Actually, am I configuring Yaf correctly (on a separate machine)? Is it a right architecture? Currently, I have installed bro and snort on a separate machine and I am able to send logs to the metron (using BroKafka Plugin and Nifi Site-to-Site respectively), but regarding the Yaf, I am still unclear about the way of transferring logs to the server. ... View more

I build YAF on node1 and Metron on node2. How to push YAF event to Metron? Can you suggest for me? ... View more

@Lee Adrian i managed to convert timestamp in metron Kibana, what i did was add below Paser config in metron sensor settings. PARSER CONFIG timestampField - timestamp if you need more details feel free to contact me. ... View more