Versions Compared

Old Version 48

changes.mady.by.user Rita McKissick

Saved on

compared with

New Version 49

changes.mady.by.user Michael Miklavcic

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: minor typos/fixes

...

  1. ssh into Host $HOST_WITH_ENRICHMENT_TAG as root.
  2. Open up the global validation configuration.
    1. Open the /usr/metron/$METRON_VERSION/config/zookeeper/global.json or another text editing tool:
          vi /vi /usr/metron/$METRON_VERSION/config/zookeeper/global.json
    1. Add the following validation configuration to the file after the es configuration:

        "fieldValidations" : [
         {
            "input" : [ "ip_src_addr", "ip_dst_addr" ],
            "validation" : "IP",
            "config" : {
            "type" : "IPV4"
             }
         }
        ]
       

  2. Push the global configuration to Zookeeper:

    /usr/metron/$METRON_VERSION/bin/zk_load_configs.sh -i /usr/metron/$METRON_VERSION/config/zookeeper -m PUSH -z $ZOOKEEPER_HOST:2181

  3. Dump the configs and validate that were persisted:

    /usr/metron/$METRON_VERSION/bin/zk_load_configs.sh -m DUMP -z $ZOOKEEPER_HOST:2181

    Note: You might receive the following warning messages when you execute the previous command. You can safely ignore these warning messages.

    log4j:WARN No appenders could be found for logger (org.apache.curator.framework.imps.CuratorFrameworkImpl).
    log4j:WARN Please initialize the log4j system properly.
    log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.

...

  1. ssh into Host $SEARCH_HOST.
  2. Install the head plugin:
    usr/share/elasticsearch/bin/plugin -install mobz/elasticsearch-head/1.x
  3. Navigate to elastic head UI: http://SEARCH_HOST:9200/_plugin/head/.
  4. Click on the Browser tab and select squid doc in the left panel, then select one of the sample docs. You should see something like the following:

...