Metron has a lot of moving parts.  Getting all of these components running on a single node, especially a virtualized one, is quite painful.  If you have spun-up Metron, but find that many of the components crash while you are trying to work, here are some tips to help.
First off, you can use Monit to determine what services are running. Navigate to http://node1:2812 and login with admin/monit.  You can also do the same from the command line by executing the following.
monit summary
Once you know what's running, here are steps to take to stop components that you don't need running.
(1) Shut down all of the unnecessary sensors and topologies.
monit stop all
Then to start only the components that are required to consume 'yaf' data, for example, run the following.
monit -g yaf start
(2) Prior to a deployment, update the configuration to start only the desired components.  
If working with Quick Dev Platform, edit `metron-deployment/inventory/full-dev-platform/group_vars/all` and edit the `services_to_start` parameter.  For example, you could choose to start only these services.
services_to_start:
  - mysql
  - elasticsearch
  - pcap-service
  - metron-ui
In the near future, I'd like to make it so that a minimal set of services are started for the Quick Dev and Full Dev Platforms to make this less painful.
  • No labels