alexis_eurec_23
alexis_eurec_23
Explorer
My Accepted Solutions
Show All

Metron 0.7.2 upgrade with ElasticSearch 6.X

by Explorer alexis_eurec_23 in Support Questions
‎07-22-2020 06:02 AM
‎07-22-2020 06:02 AM
Hello, I have installed Apache Metron in a cluster created with Ambari 2.6.2.2 and HDP 2.6.5.1175, ES (Elasticsearch) 5.6.14 and K (Kibana) 5.6.14. I followed this guides: Github community.cloudera.com Later, I tried to upgrade ES & K to 6.X, knowing about the breaking changes. I followed this guide and all went as expected. I reindexed and changed the templates so they are compliant with new changes of 6.X version, but the problem is:   I am not able to index anything to ES when I use the kafka queue.   It was working when 5.X, and ES is working great alone. I guess the problem is due to strict content-type checking introduced in ElasticSearch 6.0, as explained in this post, but I do not know how to include the 'Content-Type: application/json' header in the ES writing bolt in the STORM topology. Anyone knows what file I should change?   My environment specs are: Java JDK 1.8 in all hosts Metron RPM packages in /localrepo in all hosts root user in all hosts Ambari server 2.7.5.0 6 Centos 7 host : metron1 (9.6 GB, 4 cores, 100G SSD) NameNode ZooKeeper Server Kafka Broker Zeppelin Notebook metron2 (9.6 GB, 4 cores, 100G SSD) SNameNode App Timeline Server ResourceManager History Server ZooKeeper Server Nimbus Kafka Broker metron3 (15.5 GB, 4 cores, 500G SSD) HBase Master Kafka Broker Elasticsearch Master metron4 (11.6 GB, 3 cores, 50G SSD) HBase Master Oozie Server Nimbus DRPC Server Storm UI Server Kafka Broker metron5 (11.6 GB, 3 cores, 50G SSD) Kafka Broker metron6 (15.5 GB, 6 cores, 100G SSD) HBase Master ZooKeeper Server Kafka Broker Kibana Server ... View more

Re: Apache Metron 0.7.2 on Centos 7 cluster not in...

by Explorer alexis_eurec_23 in Support Questions
‎07-22-2020 05:44 AM
‎07-22-2020 05:44 AM
The real problem was the Ambari version, that is not compatible with Metron.   From Ambari 2.7 onwards, all this problems arise, so the maximum compatible version for now is Ambari 2.6.X ... View more

Re: Ingest snort alert

by Explorer alexis_eurec_23 in Support Questions
‎06-08-2020 01:13 AM
‎06-08-2020 01:13 AM
The solution is to configure the logs with default syntax and with year, changing the SNORT configuration (/etc/snort/snort.conf), adding this two line to logging section: config show_year output alert_csv: /var/log/snort/alert_metron.csv default  Then, do the same tail to the new file. ... View more

Re: Maxmind Geolite unknown host when trying to st...

by Explorer alexis_eurec_23 in Support Questions
‎05-29-2020 12:31 AM
‎05-29-2020 12:31 AM
Long story, but in short: Maxmind Databases were removed from public license, so now you need an account and download them "for free". I downloaded the latest with public license (links attached) and located them in the server were Metron is installed. Then, change this values in metron config: 1. ASN Load Datafile URL: `file:///{maxmindDBs_location_path}/GeoLite2-ASN.tar.gz` 2. GEOIP Load Datafile URL: `file:///{maxmindDBs_location_path}/GeoLite2-City.tar.gz`   Lastest release with public license links can be found in this post: https://forum.matomo.org/t/maxmind-is-changing-access-to-free-geolite2-databases/35439/2 ... View more

Metron management UI, Indexing, REST and other ser...

by Explorer alexis_eurec_23 in Support Questions
‎05-29-2020 12:20 AM
‎05-29-2020 12:20 AM
Hello, I am trying to install Apache Metron 0.7.2 on Centos 7 in a cluster created with Ambari and HDP 2.6.5.0. When I select Metron as a service to install, I only get three services: - PCAP - Profiler - Enrichment   In the guides I followed, it is supposed that more services should be installed. What happened with those services (REST, management UI, indexing, Alerts UI...)   I followed this guides: Github community.cloudera.com My environment specs are: Java JDK 1.8 in all hosts Metron RPM packages in /localrepo in all hosts root user in all hosts Ambari server 2.7.5.0 6 Centos 7 host : metron1 (9.6 GB, 4 cores, 100G SSD) NameNode ZooKeeper Server Kafka Broker Zeppelin Notebook metron2 (9.6 GB, 4 cores, 100G SSD) SNameNode App Timeline Server ResourceManager History Server ZooKeeper Server Nimbus Kafka Broker metron3 (15.5 GB, 4 cores, 500G SSD) HBase Master Kafka Broker Elasticsearch Master metron4 (11.6 GB, 3 cores, 50G SSD) HBase Master Oozie Server Nimbus DRPC Server Storm UI Server Kafka Broker metron5 (11.6 GB, 3 cores, 50G SSD) Kafka Broker metron6 (15.5 GB, 6 cores, 100G SSD) HBase Master ZooKeeper Server Kafka Broker Kibana Server ... View more
Contact Me
Online
Offline
Last Visited
‎08-19-2020 02:32 AM
Public Statistics
Date Registered ‎05-21-2020 06:33 AM
Last Visited ‎08-19-2020 02:32 AM
Total Messages Posted 9