You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@metron.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/04/11 21:56:25 UTC

[jira] [Commented] (METRON-108) Create Fast Packet Capture Process

    [ https://issues.apache.org/jira/browse/METRON-108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15235849#comment-15235849 ] 

ASF GitHub Bot commented on METRON-108:
---------------------------------------

GitHub user nickwallen opened a pull request:

    https://github.com/apache/incubator-metron/pull/73

    METRON-108 Created fast packet capture process

    Changes
    -------
    - Created top-level `metron-sensors` directory to contain Metron probes and sensors.
    - Created fast packet capture process leveraging [DPDK](http://dpdk.org/) at `metron-sensors/packet-capture`.
    - Moved Bro plugin to `metron-sensors/bro-plugin-kafka`.
    - Created Ansible role to manage deployment of packet capture at `deployment/roles/packet-capture`.
    - Created separate role for librdkafka installation since this is required by both Bro and Packet Capture.
    - Created `deployment/vagrant/packet-capture` for launching packet capture process.  CentOS 7 is required which prevents this from being used in `deployment/vagrant/singlenode-vagrant`.


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/nickwallen/incubator-metron packet-capture-with-dpdk

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-metron/pull/73.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #73
    
----
commit aef87286bf0295a39a74daf269484844a19c8d23
Author: Nick Allen <ni...@nickallen.org>
Date:   2016-04-11T14:21:27Z

    METRON-108 Created fast packet capture process
    - Created top-level `metron-sensors` directory to contain Metron probes and sensors.
    - Created fast packet capture process leveraging [DPDK](http://dpdk.org/) at `metron-sensors/packet-capture`.
    - Moved Bro plugin to `metron-sensors/bro-plugin-kafka`.
    - Created Ansible role to manage deployment of packet capture at `deployment/roles/packet-capture`.
    - Created separate role for librdkafka installation since this is required by both Bro and Packet Capture.
    - Created `deployment/vagrant/packet-capture` for launching packet capture process.

----


> Create Fast Packet Capture Process
> ----------------------------------
>
>                 Key: METRON-108
>                 URL: https://issues.apache.org/jira/browse/METRON-108
>             Project: Metron
>          Issue Type: Bug
>            Reporter: Nick Allen
>
> Metron does not provide a means to capture network packets off the wire in a production environment.  Metron deploys the Python-based pycapa that is a part of the legacy OpenSOC project.  Pycapa is intended only for testing and cannot be used in a production environment. A more robust and scalable solution is requirede.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)