THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
You will need to install Metron first. Today, there are three options to deploy install Metron: Metron Installation Options. Chose any of the options and below instructions should be applicable to all three install options given the following environment variables that you will need to plugin with your own values:
- KAFKA_HOST
- ZOOKEEPER_HOST
How to Parse the Squid Telemetry Data Source to Metron
The following steps guide you through how to add this new telemetry.
Step 1:
...
Prior to going through this tutorial make sure you have Metron properly installed. Please see here for Metron installation and validation instructions. Verify that the project has been built before creating the VM:
cd metron-platform
mvn clean package
We will be using a single VM setup for this exercise. To setup the VM do the following steps:
vagrant plugin install vagrant-hostmanager
cd metron-deployment/vagrant/quick-dev-platform
./launch_dev_image.sh
vagrant ssh
...
Create a Kafka Topic for the New Data Source
Every data source whose events you are streaming into Metron must have its own Kafka topic. The ingestion tool of choice (for example, Apache Nifi) will push events into this Kafka topic. Instructions are the following:
- Log into KAFKA_HOST as root
- Create
- Kafka topic called
- squid
- :
- /
...
- use/hdp/current/kafka-broker/bin/
...
- kafka-topics.sh --zookeeper
...
- $ZOOKEEPER_HOST:2181 --create --topic squid --partitions 1 --replication-factor 1
- List all of the Kafka topics to ensure that the new topic exists:
- /
...
- use/hdp/current/kafka-broker/bin/
...
- kafka-topics.sh --zookeeper
...
- $ZOOKEEPER_HOST:2181 --list
- You should see the following list of Kafka topics:
- bro
- enrichment
- pcap
- snort
- squid
- yaf
...