You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@metron.apache.org by "James Sirota (JIRA)" <ji...@apache.org> on 2016/06/23 21:10:17 UTC

[jira] [Updated] (METRON-242) remove Squid pattern

     [ https://issues.apache.org/jira/browse/METRON-242?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

James Sirota updated METRON-242:
--------------------------------
    Labels: 0.2.1BETA  (was: )

> remove Squid pattern
> --------------------
>
>                 Key: METRON-242
>                 URL: https://issues.apache.org/jira/browse/METRON-242
>             Project: Metron
>          Issue Type: Improvement
>            Reporter: George Vetticaden
>            Priority: Minor
>              Labels: 0.2.1BETA
>
> when deploying metron on AWS, I noticed the following patterns created by default..
> -rw-r--r--   3 hdfs hadoop      13427 2016-06-20 01:52 /apps/metron/patterns/asa
> -rw-r--r--   3 hdfs hadoop       5203 2016-06-20 01:52 /apps/metron/patterns/common
> -rw-r--r--   3 hdfs hadoop        524 2016-06-20 01:52 /apps/metron/patterns/fireeye
> -rw-r--r--   3 hdfs hadoop       2552 2016-06-20 01:52 /apps/metron/patterns/sourcefire
> -rw-r--r--   3 hdfs hadoop        242 2016-06-20 21:04 /apps/metron/patterns/squid
> -rw-r--r--   3 hdfs hadoop       2221 2016-06-20 01:52 /apps/metron/patterns/websphere
> -rw-r--r--   3 hdfs hadoop        879 2016-06-20 01:52 /apps/metron/patterns/yaf
> We need to remove the Squid patterns since that is only for code exercnise. If we are going to keep it, then it needs to be updated to the be the following:
> SQUID_DELIMITED %{NUMBER:timestamp} %{SPACE:UNWANTED}  %{INT:elapsed} %{IPV4:ip_src_addr} %{WORD:action}/%{NUMBER:code} %{NUMBER:bytes} %{WORD:method} %{NOTSPACE:url} - %{WORD:UNWANTED}\/%{IPV4:ip_dst_addr} %{WORD:UNWANTED}\/%{WORD:UNWANTED}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)