You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@metron.apache.org by Syed Hammad Tahir <ms...@itu.edu.pk> on 2017/10/20 07:32:06 UTC
Snort Installation
I have installed the snort manually. Now I need help with :
1- Capturing the data of my lan and dumping it via snort :Snort cant see
the traffic outside vagrant vm, how do I make it see that traffic?
2- Making a kafka topic to push those saved logs in metron for preprocessing
3- Applying a basic Machine learning algorithm on the captured data.
Regards.
Re: Snort Installation
Posted by Syed Hammad Tahir <ms...@itu.edu.pk>.
Help guys !!!
On Fri, Oct 20, 2017 at 12:32 PM, Syed Hammad Tahir <ms...@itu.edu.pk>
wrote:
> I have installed the snort manually. Now I need help with :
>
> 1- Capturing the data of my lan and dumping it via snort :Snort cant see
> the traffic outside vagrant vm, how do I make it see that traffic?
>
> 2- Making a kafka topic to push those saved logs in metron for
> preprocessing
>
> 3- Applying a basic Machine learning algorithm on the captured data.
>
> Regards.
>
Re: Snort Installation
Posted by Nick Allen <ni...@nickallen.org>.
A quick google search will answer your question.
On Wed, Oct 25, 2017 at 1:30 AM Syed Hammad Tahir <ms...@itu.edu.pk>
wrote:
> Where do I find this file kafka-console-producer.sh?
>
> On Tue, Oct 24, 2017 at 8:27 PM, Nick Allen <ni...@nickallen.org> wrote:
>
>> Take a look at `kafka-console-producer.sh`, which is installed as part of
>> Kafka.
>>
>> On Tue, Oct 24, 2017 at 2:11 AM, Syed Hammad Tahir <ms...@itu.edu.pk>
>> wrote:
>>
>>> Ok, I have fixed everything on my own. Now that I have snort logs saved
>>> in a file, I need to get them to metron. Can anyone help me on that?
>>>
>>> On Mon, Oct 23, 2017 at 3:44 PM, Syed Hammad Tahir <mscs16059@itu.edu.pk
>>> > wrote:
>>>
>>>> yes nut I am a bit confused here. Let me ask them as well then.
>>>>
>>>> On Mon, Oct 23, 2017 at 3:35 PM, Zeolla@GMail.com <ze...@gmail.com>
>>>> wrote:
>>>>
>>>>> Hi Syed,
>>>>>
>>>>> Just to clarify, this a snort issue you are having? If so I suggest
>>>>> looking at their documentation (https://snort.org/documents) or
>>>>> reaching out to their community (https://snort.org/community), as
>>>>> they have more expertise in this area.
>>>>>
>>>>> Jon
>>>>>
>>>>> On Mon, Oct 23, 2017, 03:52 Syed Hammad Tahir <ms...@itu.edu.pk>
>>>>> wrote:
>>>>>
>>>>>> Hi guys,
>>>>>>
>>>>>> I tried to add another network interface in order to bridge it to
>>>>>> LAN. I tried to do it on virtualbox vm settings and when i did vagrant up
>>>>>> after that, there was no bridged interface. Can anyone help me on this?
>>>>>>
>>>>>> On Sun, Oct 22, 2017 at 11:44 AM, Syed Hammad Tahir <
>>>>>> mscs16059@itu.edu.pk> wrote:
>>>>>>
>>>>>>> Ok, thankyou. I will let you know once I make snort sniff the
>>>>>>> traffic in the given configuration, might be helpful for others. I will
>>>>>>> then try to do that kafka topic and will ask if any help is needed.
>>>>>>>
>>>>>>> On Sun, Oct 22, 2017 at 6:10 AM, Laurens Vets <la...@daemon.be>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi Syed,
>>>>>>>>
>>>>>>>> See inline.
>>>>>>>>
>>>>>>>> On 2017-10-20 00:32, Syed Hammad Tahir wrote:
>>>>>>>>
>>>>>>>>> I have installed the snort manually. Now I need help with :
>>>>>>>>>
>>>>>>>>> 1- Capturing the data of my lan and dumping it via snort :Snort
>>>>>>>>> cant see the traffic outside vagrant vm, how do I make it see that traffic?
>>>>>>>>>
>>>>>>>>
>>>>>>>> To be honest, configuring Snort to work on your LAN is out of scope
>>>>>>>> of the project. Have a look at the documentation at
>>>>>>>> https://www.snort.org/.
>>>>>>>> You will probably have to add a 2nd network interface bridged to
>>>>>>>> your LAN in promiscuous mode. Additionally, I think most of us expect some
>>>>>>>> basic Linux & network administration knowledge when using Metron.
>>>>>>>>
>>>>>>>> 2- Making a kafka topic to push those saved logs in metron for
>>>>>>>>> preprocessing
>>>>>>>>>
>>>>>>>>
>>>>>>>> Have a look at the Metron documentation at
>>>>>>>> https://metron.apache.org/current-book/index.html. Adding a new
>>>>>>>> sensor in the Metron UI will create the Kafka iirc.
>>>>>>>>
>>>>>>>> 3- Applying a basic Machine learning algorithm on the captured data.
>>>>>>>>>
>>>>>>>>
>>>>>>>> I can't help you with this :)
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> --
>>>>>
>>>>> Jon
>>>>>
>>>>
>>>>
>>>
>>
>
Re: Snort Installation
Posted by Syed Hammad Tahir <ms...@itu.edu.pk>.
Where do I find this file kafka-console-producer.sh?
On Tue, Oct 24, 2017 at 8:27 PM, Nick Allen <ni...@nickallen.org> wrote:
> Take a look at `kafka-console-producer.sh`, which is installed as part of
> Kafka.
>
> On Tue, Oct 24, 2017 at 2:11 AM, Syed Hammad Tahir <ms...@itu.edu.pk>
> wrote:
>
>> Ok, I have fixed everything on my own. Now that I have snort logs saved
>> in a file, I need to get them to metron. Can anyone help me on that?
>>
>> On Mon, Oct 23, 2017 at 3:44 PM, Syed Hammad Tahir <ms...@itu.edu.pk>
>> wrote:
>>
>>> yes nut I am a bit confused here. Let me ask them as well then.
>>>
>>> On Mon, Oct 23, 2017 at 3:35 PM, Zeolla@GMail.com <ze...@gmail.com>
>>> wrote:
>>>
>>>> Hi Syed,
>>>>
>>>> Just to clarify, this a snort issue you are having? If so I suggest
>>>> looking at their documentation (https://snort.org/documents) or
>>>> reaching out to their community (https://snort.org/community), as they
>>>> have more expertise in this area.
>>>>
>>>> Jon
>>>>
>>>> On Mon, Oct 23, 2017, 03:52 Syed Hammad Tahir <ms...@itu.edu.pk>
>>>> wrote:
>>>>
>>>>> Hi guys,
>>>>>
>>>>> I tried to add another network interface in order to bridge it to LAN.
>>>>> I tried to do it on virtualbox vm settings and when i did vagrant up after
>>>>> that, there was no bridged interface. Can anyone help me on this?
>>>>>
>>>>> On Sun, Oct 22, 2017 at 11:44 AM, Syed Hammad Tahir <
>>>>> mscs16059@itu.edu.pk> wrote:
>>>>>
>>>>>> Ok, thankyou. I will let you know once I make snort sniff the
>>>>>> traffic in the given configuration, might be helpful for others. I will
>>>>>> then try to do that kafka topic and will ask if any help is needed.
>>>>>>
>>>>>> On Sun, Oct 22, 2017 at 6:10 AM, Laurens Vets <la...@daemon.be>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Syed,
>>>>>>>
>>>>>>> See inline.
>>>>>>>
>>>>>>> On 2017-10-20 00:32, Syed Hammad Tahir wrote:
>>>>>>>
>>>>>>>> I have installed the snort manually. Now I need help with :
>>>>>>>>
>>>>>>>> 1- Capturing the data of my lan and dumping it via snort :Snort
>>>>>>>> cant see the traffic outside vagrant vm, how do I make it see that traffic?
>>>>>>>>
>>>>>>>
>>>>>>> To be honest, configuring Snort to work on your LAN is out of scope
>>>>>>> of the project. Have a look at the documentation at
>>>>>>> https://www.snort.org/.
>>>>>>> You will probably have to add a 2nd network interface bridged to
>>>>>>> your LAN in promiscuous mode. Additionally, I think most of us expect some
>>>>>>> basic Linux & network administration knowledge when using Metron.
>>>>>>>
>>>>>>> 2- Making a kafka topic to push those saved logs in metron for
>>>>>>>> preprocessing
>>>>>>>>
>>>>>>>
>>>>>>> Have a look at the Metron documentation at
>>>>>>> https://metron.apache.org/current-book/index.html. Adding a new
>>>>>>> sensor in the Metron UI will create the Kafka iirc.
>>>>>>>
>>>>>>> 3- Applying a basic Machine learning algorithm on the captured data.
>>>>>>>>
>>>>>>>
>>>>>>> I can't help you with this :)
>>>>>>>
>>>>>>
>>>>>>
>>>>> --
>>>>
>>>> Jon
>>>>
>>>
>>>
>>
>
Re: Snort Installation
Posted by Syed Hammad Tahir <ms...@itu.edu.pk>.
All I did was install snort separately on vagrant ssh console. The ran it
to collect logs. Now I need to bring those logs to metron.
On Wed, Oct 25, 2017 at 9:50 AM, Farrukh Naveed Anjum <
anjum.farrukh@gmail.com> wrote:
> Hi Syed Hammed,
>
> Can you share the steps how did you connected snort with external source ?
> (Metron Snort ?)
>
> On Tue, Oct 24, 2017 at 8:27 PM, Nick Allen <ni...@nickallen.org> wrote:
>
>> Take a look at `kafka-console-producer.sh`, which is installed as part of
>> Kafka.
>>
>> On Tue, Oct 24, 2017 at 2:11 AM, Syed Hammad Tahir <ms...@itu.edu.pk>
>> wrote:
>>
>>> Ok, I have fixed everything on my own. Now that I have snort logs saved
>>> in a file, I need to get them to metron. Can anyone help me on that?
>>>
>>> On Mon, Oct 23, 2017 at 3:44 PM, Syed Hammad Tahir <mscs16059@itu.edu.pk
>>> > wrote:
>>>
>>>> yes nut I am a bit confused here. Let me ask them as well then.
>>>>
>>>> On Mon, Oct 23, 2017 at 3:35 PM, Zeolla@GMail.com <ze...@gmail.com>
>>>> wrote:
>>>>
>>>>> Hi Syed,
>>>>>
>>>>> Just to clarify, this a snort issue you are having? If so I suggest
>>>>> looking at their documentation (https://snort.org/documents) or
>>>>> reaching out to their community (https://snort.org/community), as
>>>>> they have more expertise in this area.
>>>>>
>>>>> Jon
>>>>>
>>>>> On Mon, Oct 23, 2017, 03:52 Syed Hammad Tahir <ms...@itu.edu.pk>
>>>>> wrote:
>>>>>
>>>>>> Hi guys,
>>>>>>
>>>>>> I tried to add another network interface in order to bridge it to
>>>>>> LAN. I tried to do it on virtualbox vm settings and when i did vagrant up
>>>>>> after that, there was no bridged interface. Can anyone help me on this?
>>>>>>
>>>>>> On Sun, Oct 22, 2017 at 11:44 AM, Syed Hammad Tahir <
>>>>>> mscs16059@itu.edu.pk> wrote:
>>>>>>
>>>>>>> Ok, thankyou. I will let you know once I make snort sniff the
>>>>>>> traffic in the given configuration, might be helpful for others. I will
>>>>>>> then try to do that kafka topic and will ask if any help is needed.
>>>>>>>
>>>>>>> On Sun, Oct 22, 2017 at 6:10 AM, Laurens Vets <la...@daemon.be>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi Syed,
>>>>>>>>
>>>>>>>> See inline.
>>>>>>>>
>>>>>>>> On 2017-10-20 00:32, Syed Hammad Tahir wrote:
>>>>>>>>
>>>>>>>>> I have installed the snort manually. Now I need help with :
>>>>>>>>>
>>>>>>>>> 1- Capturing the data of my lan and dumping it via snort :Snort
>>>>>>>>> cant see the traffic outside vagrant vm, how do I make it see that traffic?
>>>>>>>>>
>>>>>>>>
>>>>>>>> To be honest, configuring Snort to work on your LAN is out of scope
>>>>>>>> of the project. Have a look at the documentation at
>>>>>>>> https://www.snort.org/.
>>>>>>>> You will probably have to add a 2nd network interface bridged to
>>>>>>>> your LAN in promiscuous mode. Additionally, I think most of us expect some
>>>>>>>> basic Linux & network administration knowledge when using Metron.
>>>>>>>>
>>>>>>>> 2- Making a kafka topic to push those saved logs in metron for
>>>>>>>>> preprocessing
>>>>>>>>>
>>>>>>>>
>>>>>>>> Have a look at the Metron documentation at
>>>>>>>> https://metron.apache.org/current-book/index.html. Adding a new
>>>>>>>> sensor in the Metron UI will create the Kafka iirc.
>>>>>>>>
>>>>>>>> 3- Applying a basic Machine learning algorithm on the captured data.
>>>>>>>>>
>>>>>>>>
>>>>>>>> I can't help you with this :)
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> --
>>>>>
>>>>> Jon
>>>>>
>>>>
>>>>
>>>
>>
>
>
> --
> With Regards
> Farrukh Naveed Anjum
>
Re: Snort Installation
Posted by Nick Allen <ni...@nickallen.org>.
Take a look at `kafka-console-producer.sh`, which is installed as part of
Kafka.
On Tue, Oct 24, 2017 at 2:11 AM, Syed Hammad Tahir <ms...@itu.edu.pk>
wrote:
> Ok, I have fixed everything on my own. Now that I have snort logs saved in
> a file, I need to get them to metron. Can anyone help me on that?
>
> On Mon, Oct 23, 2017 at 3:44 PM, Syed Hammad Tahir <ms...@itu.edu.pk>
> wrote:
>
>> yes nut I am a bit confused here. Let me ask them as well then.
>>
>> On Mon, Oct 23, 2017 at 3:35 PM, Zeolla@GMail.com <ze...@gmail.com>
>> wrote:
>>
>>> Hi Syed,
>>>
>>> Just to clarify, this a snort issue you are having? If so I suggest
>>> looking at their documentation (https://snort.org/documents) or
>>> reaching out to their community (https://snort.org/community), as they
>>> have more expertise in this area.
>>>
>>> Jon
>>>
>>> On Mon, Oct 23, 2017, 03:52 Syed Hammad Tahir <ms...@itu.edu.pk>
>>> wrote:
>>>
>>>> Hi guys,
>>>>
>>>> I tried to add another network interface in order to bridge it to LAN.
>>>> I tried to do it on virtualbox vm settings and when i did vagrant up after
>>>> that, there was no bridged interface. Can anyone help me on this?
>>>>
>>>> On Sun, Oct 22, 2017 at 11:44 AM, Syed Hammad Tahir <
>>>> mscs16059@itu.edu.pk> wrote:
>>>>
>>>>> Ok, thankyou. I will let you know once I make snort sniff the traffic
>>>>> in the given configuration, might be helpful for others. I will then try to
>>>>> do that kafka topic and will ask if any help is needed.
>>>>>
>>>>> On Sun, Oct 22, 2017 at 6:10 AM, Laurens Vets <la...@daemon.be>
>>>>> wrote:
>>>>>
>>>>>> Hi Syed,
>>>>>>
>>>>>> See inline.
>>>>>>
>>>>>> On 2017-10-20 00:32, Syed Hammad Tahir wrote:
>>>>>>
>>>>>>> I have installed the snort manually. Now I need help with :
>>>>>>>
>>>>>>> 1- Capturing the data of my lan and dumping it via snort :Snort cant
>>>>>>> see the traffic outside vagrant vm, how do I make it see that traffic?
>>>>>>>
>>>>>>
>>>>>> To be honest, configuring Snort to work on your LAN is out of scope
>>>>>> of the project. Have a look at the documentation at
>>>>>> https://www.snort.org/.
>>>>>> You will probably have to add a 2nd network interface bridged to your
>>>>>> LAN in promiscuous mode. Additionally, I think most of us expect some basic
>>>>>> Linux & network administration knowledge when using Metron.
>>>>>>
>>>>>> 2- Making a kafka topic to push those saved logs in metron for
>>>>>>> preprocessing
>>>>>>>
>>>>>>
>>>>>> Have a look at the Metron documentation at
>>>>>> https://metron.apache.org/current-book/index.html. Adding a new
>>>>>> sensor in the Metron UI will create the Kafka iirc.
>>>>>>
>>>>>> 3- Applying a basic Machine learning algorithm on the captured data.
>>>>>>>
>>>>>>
>>>>>> I can't help you with this :)
>>>>>>
>>>>>
>>>>>
>>>> --
>>>
>>> Jon
>>>
>>
>>
>
Re: Snort Installation
Posted by Syed Hammad Tahir <ms...@itu.edu.pk>.
Ok, I have fixed everything on my own. Now that I have snort logs saved in
a file, I need to get them to metron. Can anyone help me on that?
On Mon, Oct 23, 2017 at 3:44 PM, Syed Hammad Tahir <ms...@itu.edu.pk>
wrote:
> yes nut I am a bit confused here. Let me ask them as well then.
>
> On Mon, Oct 23, 2017 at 3:35 PM, Zeolla@GMail.com <ze...@gmail.com>
> wrote:
>
>> Hi Syed,
>>
>> Just to clarify, this a snort issue you are having? If so I suggest
>> looking at their documentation (https://snort.org/documents) or reaching
>> out to their community (https://snort.org/community), as they have more
>> expertise in this area.
>>
>> Jon
>>
>> On Mon, Oct 23, 2017, 03:52 Syed Hammad Tahir <ms...@itu.edu.pk>
>> wrote:
>>
>>> Hi guys,
>>>
>>> I tried to add another network interface in order to bridge it to LAN. I
>>> tried to do it on virtualbox vm settings and when i did vagrant up after
>>> that, there was no bridged interface. Can anyone help me on this?
>>>
>>> On Sun, Oct 22, 2017 at 11:44 AM, Syed Hammad Tahir <
>>> mscs16059@itu.edu.pk> wrote:
>>>
>>>> Ok, thankyou. I will let you know once I make snort sniff the traffic
>>>> in the given configuration, might be helpful for others. I will then try to
>>>> do that kafka topic and will ask if any help is needed.
>>>>
>>>> On Sun, Oct 22, 2017 at 6:10 AM, Laurens Vets <la...@daemon.be>
>>>> wrote:
>>>>
>>>>> Hi Syed,
>>>>>
>>>>> See inline.
>>>>>
>>>>> On 2017-10-20 00:32, Syed Hammad Tahir wrote:
>>>>>
>>>>>> I have installed the snort manually. Now I need help with :
>>>>>>
>>>>>> 1- Capturing the data of my lan and dumping it via snort :Snort cant
>>>>>> see the traffic outside vagrant vm, how do I make it see that traffic?
>>>>>>
>>>>>
>>>>> To be honest, configuring Snort to work on your LAN is out of scope of
>>>>> the project. Have a look at the documentation at
>>>>> https://www.snort.org/.
>>>>> You will probably have to add a 2nd network interface bridged to your
>>>>> LAN in promiscuous mode. Additionally, I think most of us expect some basic
>>>>> Linux & network administration knowledge when using Metron.
>>>>>
>>>>> 2- Making a kafka topic to push those saved logs in metron for
>>>>>> preprocessing
>>>>>>
>>>>>
>>>>> Have a look at the Metron documentation at
>>>>> https://metron.apache.org/current-book/index.html. Adding a new
>>>>> sensor in the Metron UI will create the Kafka iirc.
>>>>>
>>>>> 3- Applying a basic Machine learning algorithm on the captured data.
>>>>>>
>>>>>
>>>>> I can't help you with this :)
>>>>>
>>>>
>>>>
>>> --
>>
>> Jon
>>
>
>
Re: Snort Installation
Posted by Syed Hammad Tahir <ms...@itu.edu.pk>.
yes nut I am a bit confused here. Let me ask them as well then.
On Mon, Oct 23, 2017 at 3:35 PM, Zeolla@GMail.com <ze...@gmail.com> wrote:
> Hi Syed,
>
> Just to clarify, this a snort issue you are having? If so I suggest
> looking at their documentation (https://snort.org/documents) or reaching
> out to their community (https://snort.org/community), as they have more
> expertise in this area.
>
> Jon
>
> On Mon, Oct 23, 2017, 03:52 Syed Hammad Tahir <ms...@itu.edu.pk>
> wrote:
>
>> Hi guys,
>>
>> I tried to add another network interface in order to bridge it to LAN. I
>> tried to do it on virtualbox vm settings and when i did vagrant up after
>> that, there was no bridged interface. Can anyone help me on this?
>>
>> On Sun, Oct 22, 2017 at 11:44 AM, Syed Hammad Tahir <mscs16059@itu.edu.pk
>> > wrote:
>>
>>> Ok, thankyou. I will let you know once I make snort sniff the traffic
>>> in the given configuration, might be helpful for others. I will then try to
>>> do that kafka topic and will ask if any help is needed.
>>>
>>> On Sun, Oct 22, 2017 at 6:10 AM, Laurens Vets <la...@daemon.be> wrote:
>>>
>>>> Hi Syed,
>>>>
>>>> See inline.
>>>>
>>>> On 2017-10-20 00:32, Syed Hammad Tahir wrote:
>>>>
>>>>> I have installed the snort manually. Now I need help with :
>>>>>
>>>>> 1- Capturing the data of my lan and dumping it via snort :Snort cant
>>>>> see the traffic outside vagrant vm, how do I make it see that traffic?
>>>>>
>>>>
>>>> To be honest, configuring Snort to work on your LAN is out of scope of
>>>> the project. Have a look at the documentation at https://www.snort.org/
>>>> .
>>>> You will probably have to add a 2nd network interface bridged to your
>>>> LAN in promiscuous mode. Additionally, I think most of us expect some basic
>>>> Linux & network administration knowledge when using Metron.
>>>>
>>>> 2- Making a kafka topic to push those saved logs in metron for
>>>>> preprocessing
>>>>>
>>>>
>>>> Have a look at the Metron documentation at https://metron.apache.org/
>>>> current-book/index.html. Adding a new sensor in the Metron UI will
>>>> create the Kafka iirc.
>>>>
>>>> 3- Applying a basic Machine learning algorithm on the captured data.
>>>>>
>>>>
>>>> I can't help you with this :)
>>>>
>>>
>>>
>> --
>
> Jon
>
Re: Snort Installation
Posted by "Zeolla@GMail.com" <ze...@gmail.com>.
Hi Syed,
Just to clarify, this a snort issue you are having? If so I suggest
looking at their documentation (https://snort.org/documents) or reaching
out to their community (https://snort.org/community), as they have more
expertise in this area.
Jon
On Mon, Oct 23, 2017, 03:52 Syed Hammad Tahir <ms...@itu.edu.pk> wrote:
> Hi guys,
>
> I tried to add another network interface in order to bridge it to LAN. I
> tried to do it on virtualbox vm settings and when i did vagrant up after
> that, there was no bridged interface. Can anyone help me on this?
>
> On Sun, Oct 22, 2017 at 11:44 AM, Syed Hammad Tahir <ms...@itu.edu.pk>
> wrote:
>
>> Ok, thankyou. I will let you know once I make snort sniff the traffic in
>> the given configuration, might be helpful for others. I will then try to do
>> that kafka topic and will ask if any help is needed.
>>
>> On Sun, Oct 22, 2017 at 6:10 AM, Laurens Vets <la...@daemon.be> wrote:
>>
>>> Hi Syed,
>>>
>>> See inline.
>>>
>>> On 2017-10-20 00:32, Syed Hammad Tahir wrote:
>>>
>>>> I have installed the snort manually. Now I need help with :
>>>>
>>>> 1- Capturing the data of my lan and dumping it via snort :Snort cant
>>>> see the traffic outside vagrant vm, how do I make it see that traffic?
>>>>
>>>
>>> To be honest, configuring Snort to work on your LAN is out of scope of
>>> the project. Have a look at the documentation at https://www.snort.org/.
>>> You will probably have to add a 2nd network interface bridged to your
>>> LAN in promiscuous mode. Additionally, I think most of us expect some basic
>>> Linux & network administration knowledge when using Metron.
>>>
>>> 2- Making a kafka topic to push those saved logs in metron for
>>>> preprocessing
>>>>
>>>
>>> Have a look at the Metron documentation at
>>> https://metron.apache.org/current-book/index.html. Adding a new sensor
>>> in the Metron UI will create the Kafka iirc.
>>>
>>> 3- Applying a basic Machine learning algorithm on the captured data.
>>>>
>>>
>>> I can't help you with this :)
>>>
>>
>>
> --
Jon
Re: Snort Installation
Posted by Syed Hammad Tahir <ms...@itu.edu.pk>.
Hi guys,
I tried to add another network interface in order to bridge it to LAN. I
tried to do it on virtualbox vm settings and when i did vagrant up after
that, there was no bridged interface. Can anyone help me on this?
On Sun, Oct 22, 2017 at 11:44 AM, Syed Hammad Tahir <ms...@itu.edu.pk>
wrote:
> Ok, thankyou. I will let you know once I make snort sniff the traffic in
> the given configuration, might be helpful for others. I will then try to do
> that kafka topic and will ask if any help is needed.
>
> On Sun, Oct 22, 2017 at 6:10 AM, Laurens Vets <la...@daemon.be> wrote:
>
>> Hi Syed,
>>
>> See inline.
>>
>> On 2017-10-20 00:32, Syed Hammad Tahir wrote:
>>
>>> I have installed the snort manually. Now I need help with :
>>>
>>> 1- Capturing the data of my lan and dumping it via snort :Snort cant see
>>> the traffic outside vagrant vm, how do I make it see that traffic?
>>>
>>
>> To be honest, configuring Snort to work on your LAN is out of scope of
>> the project. Have a look at the documentation at https://www.snort.org/.
>> You will probably have to add a 2nd network interface bridged to your LAN
>> in promiscuous mode. Additionally, I think most of us expect some basic
>> Linux & network administration knowledge when using Metron.
>>
>> 2- Making a kafka topic to push those saved logs in metron for
>>> preprocessing
>>>
>>
>> Have a look at the Metron documentation at https://metron.apache.org/curr
>> ent-book/index.html. Adding a new sensor in the Metron UI will create
>> the Kafka iirc.
>>
>> 3- Applying a basic Machine learning algorithm on the captured data.
>>>
>>
>> I can't help you with this :)
>>
>
>
Re: Snort Installation
Posted by Syed Hammad Tahir <ms...@itu.edu.pk>.
Ok, thankyou. I will let you know once I make snort sniff the traffic in
the given configuration, might be helpful for others. I will then try to do
that kafka topic and will ask if any help is needed.
On Sun, Oct 22, 2017 at 6:10 AM, Laurens Vets <la...@daemon.be> wrote:
> Hi Syed,
>
> See inline.
>
> On 2017-10-20 00:32, Syed Hammad Tahir wrote:
>
>> I have installed the snort manually. Now I need help with :
>>
>> 1- Capturing the data of my lan and dumping it via snort :Snort cant see
>> the traffic outside vagrant vm, how do I make it see that traffic?
>>
>
> To be honest, configuring Snort to work on your LAN is out of scope of the
> project. Have a look at the documentation at https://www.snort.org/.
> You will probably have to add a 2nd network interface bridged to your LAN
> in promiscuous mode. Additionally, I think most of us expect some basic
> Linux & network administration knowledge when using Metron.
>
> 2- Making a kafka topic to push those saved logs in metron for
>> preprocessing
>>
>
> Have a look at the Metron documentation at https://metron.apache.org/curr
> ent-book/index.html. Adding a new sensor in the Metron UI will create the
> Kafka iirc.
>
> 3- Applying a basic Machine learning algorithm on the captured data.
>>
>
> I can't help you with this :)
>
Re: Snort Installation
Posted by Laurens Vets <la...@daemon.be>.
Hi Syed,
See inline.
On 2017-10-20 00:32, Syed Hammad Tahir wrote:
> I have installed the snort manually. Now I need help with :
>
> 1- Capturing the data of my lan and dumping it via snort :Snort cant
> see the traffic outside vagrant vm, how do I make it see that traffic?
To be honest, configuring Snort to work on your LAN is out of scope of
the project. Have a look at the documentation at https://www.snort.org/.
You will probably have to add a 2nd network interface bridged to your
LAN in promiscuous mode. Additionally, I think most of us expect some
basic Linux & network administration knowledge when using Metron.
> 2- Making a kafka topic to push those saved logs in metron for
> preprocessing
Have a look at the Metron documentation at
https://metron.apache.org/current-book/index.html. Adding a new sensor
in the Metron UI will create the Kafka iirc.
> 3- Applying a basic Machine learning algorithm on the captured data.
I can't help you with this :)