THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Prior to going through this tutorial make sure you have Metron properly installed. Please see here for Metron installation and validation instructions. Verify that the project has been built before creating the VM:
cd
metron-platform
mvn
clean
package
We will be using a single VM setup for this exercise. To setup the VM do the following steps:
vagrant
plugin
install
vagrant-hostmanager
cd
metron-deployment/vagrant/quick-dev-platform
./launch_dev_image.sh
vagrant
ssh
After executing the above commands a Metron VM will be built (called node1) and you will be logged in as user vagrant. There will be 4 topologies running but one must be stopped because the VM only has 4 Storm worker slots available. Leave the enrichment topology running and kill the other parser topologies (bro, snort, or yaf) with either the "storm kill" command or with the Storm UI at http://node1:8744/index.html. Now lets install the Squid sensor.
sudo
yum
install
squid
sudo
service
squid
start
This will run through the install and the Squid sensor will be installed and started. Now lets look at Squid logs.
...