FYI, for those who want to use the (non-deprecated) python: /var/lib/ambari-server/resources/scripts/configs.py -u admin -p admin -a set -l <ambari-server hostname> -n <clustername> -c cluster-env -k repo_suse_rhel_template -v "[{{repo_id}}] name={{repo_id}} {% if mirror_list %}mirrorlist={{mirror_list}}{% else %}baseurl={{base_url}}{% endif %} path=/ enabled=1 gpgcheck=0 proxy=_none_" ... View more

Realistically, if you have 20 servers sending logs to Metron VM which is intended just for development (and not actual use) you're going to run into resource exhaustion issues (not to mention, full-dev has some insecure defaults because it is not intended for prod use). You should probably consider spinning up a snort VM and getting it to talk to your full-dev VM to get comfortable, and then work on building Metron on some hardware that can actually handle the appropriate load. ... View more

There is some documentation for how to run this in a production capacity here. To get the logs to the right kafka topic, I would suggest using Nifi or something similar. HDP also comes with a `kafka-console-producer.sh` script which you can use for testing (example of use is here). ... View more

The alerts need to be published to the snort kafka topic, then Metron will take it from there. That said, full dev isn't really meant for ingesting high quantities of _real_ data, it is more for testing/poc. ... View more

I only took a quick look into this - it seems that as of Jun 3, 2014 AWS doesn't seem to support VT-x. ... View more

Not 100% sure, but seems like a resource constraints issue. Have you tried running this again, getting the same result? Also, what kind of resources (CPU, RAM, etc.) are you allocating to this? ... View more

I worked on this some more today. Given all of the recent build changes to Metron master and the fact that ansible 2.0.0.2 is broken in numerous ways (pip install is broken, brew install is broken, etc.) I gave up and I'm focusing on the upgrade to ansible 2.2. The centos7 branch of my script does not work and will be abandoned. ... View more

It builds whichever vagrant setup you choose, so the default quick dev, full, etc. Also note that I think some changes will be hitting Metron master today which aren't entirely tested with my script yet, and that also soft requires centos7 (it really requires docker which isn't officially supported on centos6 but you can get it to work if you want. YMMV). If you want to alpha test my centos7 script, checkout the centos7 branch. ... View more

What version of CentOS? If you just have a CentOS VM and want to install quick-dev of full-dev, you can run my script here, but it only works on 6.8. ... View more

What cstella is suggesting should work, but you can also filter upstream in bro using a predicate. I can give more help later if necessary but I first suggest you read and understand the below post and look at my bro script. My script filters IPv6 traffic for Conn, HTTP, and dns, and also filters all non-internet traffic (you can simply remove that part of the logic for your situation) if you are using the Kafka plugin. http://blog.bro.org/2012/02/filtering-logs-with-bro.html https://github.com/JonZeolla/Development/blob/master/bro/logs-to-kafka.bro Hope that helps. ... View more