You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@metron.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/06/16 20:32:05 UTC
[jira] [Commented] (METRON-235) Expose filtering capability for
PCAP via CLI tool
[ https://issues.apache.org/jira/browse/METRON-235?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15334624#comment-15334624 ]
ASF GitHub Bot commented on METRON-235:
---------------------------------------
GitHub user mmiklavc opened a pull request:
https://github.com/apache/incubator-metron/pull/156
METRON-235 Expose filtering capability for PCAP via CLI tool
In the process of testing with Vagrant, but wanted to get this in front of people for review.
Relevant Jira:
https://issues.apache.org/jira/browse/METRON-235
In the process of upgrading to Kibana 4, we lost our about to query/filter pcap results. This PR exposes the 2 methods for filtering PCAP data, fixed parameters and the "Stellar" query language, via a command line tool. The tool is executed via ${metron_home}/bin/pcap_query.sh
**Note**: I also tweaked the mem settings for Ambari mapreduce to get around persistent OOO errors - mapreduce container sizes (mapreduce.[map | reduce].memory.mb) have been increased to 1.2 GiB, mapreduce.[map | reduce].java.opts have been increased to 1 GiB.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/mmiklavc/incubator-metron METRON-235
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-metron/pull/156.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #156
----
commit 9d0b83febcd7b8f7e43fdf114a99770436415cf3
Author: Michael Miklavcic <mi...@gmail.com>
Date: 2016-06-16T20:18:10Z
METRON-235 Expose filtering capability for PCAP via CLI tool
----
> Expose filtering capability for PCAP via CLI tool
> -------------------------------------------------
>
> Key: METRON-235
> URL: https://issues.apache.org/jira/browse/METRON-235
> Project: Metron
> Issue Type: Improvement
> Reporter: Michael Miklavcic
>
> Query filtering capabilities were recently added to metron-common and used as part of the threat triage infrastructure. This Jira tracks exposing the PCAP query functionality via the CLI to expose filtering the packet data similar to the existing REST API. This will expose both the legacy ability to filter by src/dest ip/port as well as the new query filtering feature.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)