...
- ssh into Host $HOST_WITH_ENRICHMENT_TAG as root.
- Open up the global validation configuration.
- Open the /usr/metron/$METRON_VERSION/config/zookeeper/global.json or another text editing tool:
vi /vi /usr/metron/$METRON_VERSION/config/zookeeper/global.json
- Add the following validation configuration to the file after the es configuration:
"fieldValidations" : [
{
"input" : [ "ip_src_addr", "ip_dst_addr" ],
"validation" : "IP",
"config" : {
"type" : "IPV4"
}
}
]
- Add the following validation configuration to the file after the es configuration:
Push the global configuration to Zookeeper:
/usr/metron/$METRON_VERSION/bin/zk_load_configs.sh -i /usr/metron/$METRON_VERSION/config/zookeeper -m PUSH -z $ZOOKEEPER_HOST:2181
Dump the configs and validate that were persisted:
/usr/metron/$METRON_VERSION/bin/zk_load_configs.sh -m DUMP -z $ZOOKEEPER_HOST:2181
Note: You might receive the following warning messages when you execute the previous command. You can safely ignore these warning messages.
log4j:WARN No appenders could be found for logger (org.apache.curator.framework.imps.CuratorFrameworkImpl).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
...
- ssh into Host $SEARCH_HOST.
- Install the head plugin:
usr/share/elasticsearch/bin/plugin -install mobz/elasticsearch-head/1.x
- Navigate to elastic head UI: http://SEARCH_HOST:9200/_plugin/head/.
- Click on the Browser tab and select squid doc in the left panel, then select one of the sample docs. You should see something like the following:
...