...
You will need to install Metron first. Today, there are three options to deploy install Metron: Metron Installation Options. Chose any of the options and below instructions should be applicable to all three install options given the following environment variables that you will need to plugin with your own values:
- KAFKA_HOST
- ZOOKEEPER_HOST
How to Parse the Squid Telemetry Data Source to Metron
The following steps guide you through how to add this new telemetry.
Step 1:
...
Prior to going through this tutorial make sure you have Metron properly installed. Please see here for Metron installation and validation instructions. Verify that the project has been built before creating the VM:
cd metron-platform
mvn clean package
We will be using a single VM setup for this exercise. To setup the VM do the following steps:
vagrant plugin install vagrant-hostmanager
cd metron-deployment/vagrant/quick-dev-platform
./launch_dev_image.sh
vagrant ssh
...
Create a Kafka Topic for the New Data Source
- Log into KAFKA_HOST as root
- Create
- Kafka topic called
- squid
- :
- /
...
- use/hdp/current/kafka-broker/bin/
...
- kafka-topics.sh --zookeeper
...
- $ZOOKEEPER_HOST:2181 --create --topic squid --partitions 1 --replication-factor 1
- List all of the Kafka topics to ensure that the new topic exists:
- /
...
- use/hdp/current/kafka-broker/bin/
...
- kafka-topics.sh --zookeeper
...
- $ZOOKEEPER_HOST:2181 --list
- You should see the following list of Kafka topics:
- bro
- enrichment
- pcap
- snort
- squid
- yaf
...