Skip to content

Instantly share code, notes, and snippets.

View nickwallen's full-sized avatar

Nick Allen nickwallen

20 followers · 6 following
View GitHub Profile
@nickwallen
nickwallen / Kibana - Vertical Bar Chart.md
Last active November 23, 2016 18:51
@nickwallen
nickwallen / Metron - Outlier Detection.md
Last active December 1, 2016 23:00

1

Launch "Quick Dev" then stop all sensors and topologies.

service monit stop
service elasticsearch stop
storm kill bro
storm kill snort
@nickwallen
nickwallen / Profiles.md
Last active December 22, 2016 22:43

Number of Alerts by Host

{
  "profile": "alerts-by-host",
  "onlyif": "source.type == 'snort'",
  "foreach": "ip_src_addr",
  "init": {
    "alerts": "0"
@nickwallen
nickwallen / foo.md
Last active January 16, 2017 20:37

Sensor Stubs

A service has been created to simulate the behavior of a sensor by sending canned telemetry data to a Kafka topic. These "Sensor Stubs" consume fewer resources than the actual sensor that they replace.

(Q) How do the sensor stubs work?

The stubs are installed with a set of canned data for each sensor type. A subset of this canned data is randomly selected and sent to the Kafka topic in batches. The timestamp of each message is updated to match current system time.

(Q) How do I configure the message rate?

@nickwallen
nickwallen / foo.md
Last active January 18, 2017 15:06

===Private IPv4 address spaces

RFC1918 name IP address range number of addresses
24-bit block 10.0.0.0 - 10.255.255.255 16,777,216
20-bit block 172.16.0.0 - 172.31.255.255 1,048,576
16-bit block 192.168.0.0 - 192.168.255.255 65,536
@nickwallen
nickwallen / Test METRON-701.md
Last active February 9, 2017 20:36
  • If you are testing in the "Quick Dev" environment, increase the number of slots available to at least 5. This can be done within Ambari by editing Storm's supervisor.slots.ports property.
supervisor.slots.ports = [6700, 6701, 6702, 6703, 6704]
  • Alter the Profiler topology settings at config/profiler.properties to use a 1 minute period duration. This is not necessary, but is useful for the impatient.
profiler.period.duration=1
profiler.period.duration.units=MINUTES
@nickwallen
nickwallen / PR 436.md
Created March 7, 2017 14:00 
TASK [metron-rpms : Copy Metron RPMs] ******************************************
changed: [node1] => (item=/Users/nallen/tmp/incubator-metron/metron-deployment/packaging/docker/rpm-docker/target/RPMS/noarch/metron-common-0.3.1-201703071322.noarch.rpm)
changed: [node1] => (item=/Users/nallen/tmp/incubator-metron/metron-deployment/packaging/docker/rpm-docker/target/RPMS/noarch/metron-data-management-0.3.1-201703071322.noarch.rpm)
changed: [node1] => (item=/Users/nallen/tmp/incubator-metron/metron-deployment/packaging/docker/rpm-docker/target/RPMS/noarch/metron-elasticsearch-0.3.1-201703071322.noarch.rpm)
changed: [node1] => (item=/Users/nallen/tmp/incubator-metron/metron-deployment/packaging/docker/rpm-docker/target/RPMS/noarch/metron-enrichment-0.3.1-201703071322.noarch.rpm)
changed: [node1] => (item=/Users/nallen/tmp/incubator-metron/metron-deployment/packaging/docker/rpm-docker/target/RPMS/noarch/metron-indexing-0.3.1-201703071322.noarch.rpm)
changed: [node1] => (item=/Users/nallen/tmp/incubator-metron/m
@nickwallen
nickwallen / PR 436 Issue 2.md
Created March 8, 2017 19:20

Cluster was up and running. Ansible had previously failed while waiting for the Ambari deployment to complete. Re-ran the script and ran into this issue.

TASK [ambari_gather_facts : Ask Ambari: zookeeper_tag] *************************
ok: [ec2-35-165-60-74.us-west-2.compute.amazonaws.com] => {"_content_encoding": "gzip", "changed": false, "content": "{\n  \"href\" : \"http://ec2-35-165-60-74.us-west-2.compute.amazonaws.com:8080/api/v1/clusters/metron/hosts/ec2-52-42-251-93.us-west-2.compute.amazonaws.com/host_components/ZOOKEEPER_SERVER\",\n  \"HostRoles\" : {\n    \"cluster_name\" : \"metron\",\n    \"component_name\" : \"ZOOKEEPER_SERVER\",\n    \"desired_stack_id\" : \"HDP-2.5\",\n    \"desired_state\" : \"STARTED\",\n    \"display_name\" : \"ZooKeeper Server\",\n    \"hdp_version\" : \"HDP-2.5.3.0-37\",\n    \"host_name\" : \"ec2-52-42-251-93.us-west-2.compute.amazonaws.com\",\n    \"maintenance_state\" : \"OFF\",\n    \"public_host_name\" : \"ec2-52-42-251-93.us-west-2.compute.amazonaws.com\",\n
@nickwallen
nickwallen / Fastcapa.conf
Created March 24, 2017 20:27
#
# kafka global settings
#
[kafka-global]
# Protocol used to communicate with brokers.
# Type: enum value { plaintext, ssl, sasl_plaintext, sasl_ssl }
#security.protocol = PLAINTEXT
# Initial list of brokers as a CSV list of broker host or host:port.
@nickwallen
nickwallen / Fastcapa on YCloud.md
Last active March 31, 2017 22:42