THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
When developing new parsers (or making other changes to the parser or enrichment topologies), it's important to be able to troubleshoot problems when things don't act as expected. This blog will cover techniques for troubleshooting the various Metron components. It is assumed that you have followed the last few sections on adding the new data source. Before starting, make sure your IDE is setup by following the instructions here.
| Table of Contents |
|---|
Troubleshooting Parser Topologies
...
The infrastructure for running an integration test can easily be leveraged by extending the base parser integration test. Create a java class called SquidIntegrationTest in /incubator-metron/metron-platform/metron-parsers/src/test/java/org/apache/metron/parsers/integration that extends ParserIntegrationTest. The ParserIntegrationTest is an abstract class that requires a couple of methods to be implemented. These methods should be fairly intuitive (SnortIntegrationTest and YafIntegrationTest can be referenced as examples) and include providing the sensor type and validations that should be performed:
We will use the sample data created in previous steps for validation (can be copied from other parser integration tests, YafIntegrationTest for example). Now you are setup to run an integration test for the Squid parser.
...
Adding break points in the ParserBolt.prepare and ParserBolt.execute methods should provide a good starting point to troubleshooting parser topologies:
Run the test
Now run the integration test in Debug mode by either creating a Run/Debug Configuration:
Or simply right-clicking inside the integration test and selecting "Debug 'SquidIntegrationTest'":
You should now be able to step through the parser topology and see exactly what's going on:
Troubleshooting Enrichment Topologies
Coming soon...