You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@metron.apache.org by Hema malini <nh...@gmail.com> on 2019/02/28 13:16:23 UTC

Metron help on setting up logs

I have installed Metron 0.7 in centos7. After installing the metron i am
able to send some messages to the kafka topic for syslog. I have also
checked the kafka console and verified that the messages are received.
After that I am not able to see those messages in the storm logs or in the
console . When i checked the storm topology we have the kafkaspout and a
parser bolt which writes to errormessagewriter. I am not able to find any
connections for enrichment. Can you please guide me on the steps how to see
the end to end flow in metron.

I want to see bro, snort yaf and syslog . I followed the readme and
installed snort and yaf but nothing is getting published in
/var/log/yaf/alerts.csv. Can you pls guide me to see snort/yaf logs .

Re: Metron help on setting up logs

Posted by Srikanth Nagarajan <sr...@gandivanetworks.com>.

Find below link which has steps to troubleshoot message flow with squid example. You may apply same logic for other sources . 

https://cwiki.apache.org/confluence/display/METRON/2016/04/25/Metron+Tutorial+-+Fundamentals+Part+1%3A+Creating+a+New+Telemetry

Hope this helps
Srikanth 

______________________
Srikanth Nagarajan 
President 
Gandiva Networks Inc
732.690.1884 Mobile
sri@gandivanetworks.com
www.gandivanetworks.com

> On Feb 28, 2019, at 6:46 PM, Hema malini <nh...@gmail.com> wrote:
> 
> 
> I have installed Metron 0.7 in centos7. After installing the metron i am able to send some messages to the kafka topic for syslog. I have also checked the kafka console and verified that the messages are received. After that I am not able to see those messages in the storm logs or in the console . When i checked the storm topology we have the kafkaspout and a parser bolt which writes to errormessagewriter. I am not able to find any connections for enrichment. Can you please guide me on the steps how to see the end to end flow in metron.
> 
> I want to see bro, snort yaf and syslog . I followed the readme and installed snort and yaf but nothing is getting published in /var/log/yaf/alerts.csv. Can you pls guide me to see snort/yaf logs .