Skip to content

Instantly share code, notes, and snippets.

View nickwallen's full-sized avatar

Nick Allen nickwallen

20 followers · 6 following
View GitHub Profile
@nickwallen
nickwallen / Event Driven Stellar.md
Last active May 14, 2017 22:29

I think we can all agree that the addition of Stellar has given us significant capabilities in Metron that we would not otherwise have. The ability to program in real-time on security telemetry is very powerful.

There are some ways that we can improve it though. Primarily, the way that a user programs with Stellar in Metron has some friction points.

  • It is difficult to understand, especially for beginners.
    • Which JSON element do I need to add this Stellar snippet to?
    • Do I need to escape this quote?
    • Why do I need to fit all of my logic on this single, long line?
@nickwallen
nickwallen / Kafka Notes.md
Last active May 23, 2017 17:29 
kafka-console-consumer.sh  --zookeeper y113:2181 --topic bro --security-protocol SASL_PLAINTEXT

Change configuration for a specific topic.

[root@y136 ~]# kafka-configs.sh \
  --zookeeper $ZOOKEEPER \
@nickwallen
nickwallen / Fastcapa - 256 Partitions, 1 Hour.md
Last active May 11, 2017 14:55

Create the topic.

TOPIC=pcap256-1hour
kafka-topics.sh --create --topic $TOPIC --partitions 256 --replication-factor 1 --zookeeper $ZOOKEEPER

Grant access.

kafka-acls.sh \
@nickwallen
nickwallen / Fastcapa - 1 Hour, 128 Partitions
Created May 11, 2017 00:49
```
Actual: 769479068 packets (501187700553 bytes) sent in 3645.00 seconds.
Rated: 137499900.0 Bps, 1099.99 Mbps, 211105.28 pps
^C User interrupt...
sendpacket_abort
Actual: 772211468 packets (502967509292 bytes) sent in 3657.09 seconds.
Rated: 137499900.0 Bps, 1099.99 Mbps, 211105.23 pps
Flows: 68 flows, 0.01 fps, 772211813 flow packets, 0 non-flow
Statistics for network device: enp129s0f1
@nickwallen
nickwallen / Fastcapa 1 Hour Run for Pcap Topology - 48 Partitions.md
Last active May 11, 2017 00:44

Create a topic with 48 partitions

[root@y136 ~]# kafka-topics.sh --create --topic pcap48-1hour --partitions 48 --replication-factor 1 --zookeeper y113:2181
Created topic "pcap48-1hour".

Grant access

@nickwallen
nickwallen / Fastcapa Test - May 10.md
Last active May 10, 2017 22:14

Test1

Create a new Topic

[root@y136 ~]# kafka-topics.sh --create --topic pcap-nick-v2 --partitions 12 --replication-factor 1 --zookeeper y113:2181
Created topic "pcap-nick-v2".
@nickwallen
nickwallen / pcap topology correctness testing.md
Created May 10, 2017 15:26 


[root@y136 ~]# kafka-topics.sh --create --topic pcap-fastcapa-example-native --partitions 12 --replication-factor 1 --zookeeper y113:2181
Created topic "pcap-fastcapa-example-native".



[root@y136 ~]# kafka-acls.sh --authorizer kafka.security.auth.SimpleAclAuthorizer \
>     -authorizer-properties zookeeper.connect=y113:2181 \
@nickwallen
nickwallen / x520.md
Last active May 8, 2017 19:48

INTEL X520-DA2 10GBE SVR 2PT SFP+

insmod /usr/local/dpdk/lib/modules/3.10.0-514.10.2.el7.x86_64/extra/dpdk/igb_uio.ko
dpdk-devbind --bind=igb_uio "81:00.1"
@nickwallen
nickwallen / PFRING.md
Last active March 27, 2019 02:22

Install

yum install dkms
wget http://packages.ntop.org/rpm7/x64/PF_RING/pfring-6.7.0-1207.x86_64.rpm
wget http://packages.ntop.org/rpm7/noarch/PF_RING-dkms/pfring-dkms-6.7.0-1207.noarch.rpm
rpm -ivh pfring-*rpm
systemctl start pf_ring
@nickwallen
nickwallen / Bro Plugin Problem.md
Last active May 3, 2017 21:49

  1. Deploy Full Dev.

  2. Turn off Monit.

    service monit stop
chkconfig monit off
service sensor-stubs stop