metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nickwallen <...@git.apache.org>
Subject [GitHub] incubator-metron pull request #417: METRON-659 Emulate Sensors in Developmen...
Date Mon, 16 Jan 2017 20:50:08 GMT
GitHub user nickwallen opened a pull request:

    https://github.com/apache/incubator-metron/pull/417

    METRON-659 Emulate Sensors in Development Environments

    A service has been created to simulate the behavior of a sensor by sending canned telemetry
data to a Kafka topic.  These "Sensor Stubs" consume fewer resources than the actual sensor
that they replace.  
    
    ## Testing
    
    I have tested this change by deploying and validating the following environments.  For
each environment I manually validated it and ensured that data flowed end-to-end and was visible
within the Metron dashboard.
      * Quick Dev - Default with Sensor Stubs
      * Quick Dev - Modified to install Sensors
      * Full Dev - Default with Sensor Stubs
      * Full Dev - Modified to install Sensors
      * Amazon EC2 - Default with Sensors (behavior not changed)
    
    ## Q&A
     
    ### (Q) How do the sensor stubs work?
    
    The stubs are installed with a set of canned data for each sensor type.  A subset of this
canned data is randomly selected and sent to the Kafka topic in batches.  The timestamp of
each message is updated to match current system time.  
    
    ### (Q) How do I configure the message rate?
    
    The number of telemetry messages sent in each batch, along with the time delay between
batches is configurable.  Before installation, these values can be configured by redefining
`sensor_stubs_delay` and `sensor_stubs_count`.  The values can also be configured by altering
the deployed system service script at `/etc/init.d/sensor-stubs`.
    
    ### (Q) How do I install the sensor stubs?
    
    Using the default playbooks, this role can be installed by using the Ansible tag `sensor-stubs`.
 This service is installed on the same hosts where the sensors would be; defined by the `sensors`
host group.
    
    The defaults for the "Quick Dev" and "Full Dev" environments have been changed so that
 the Sensor Stubs are installed by default, rather than the sensors themselves.  The Amazon
EC2 environment continues to install the original sensors by default.
    
    ### (Q) How do I use the sensor stubs?
    
    Start all sensor stubs.  The output includes the PID for each running sensor stub.
    ```
    $ service sensor-stubs start
    Starting sensor-stubs...
           bro: Ok [26505]
           yaf: Ok [26507]
         snort: Ok [26509]
    ```
    
    Stop all sensor stubs.
    ```
    $ service sensor-stubs stop
    Stopping sensor-stubs...
    ..       bro: Ok [26505]
    ..       yaf: Ok [26507]
    ..     snort: Ok [26509]
    ```
    
    Start only the Bro sensor stub.
    ```
    $ service sensor-stubs start bro
    Starting sensor-stubs...
           bro: OK [11616]
    ```
    
    ### (Q) How do I install the original sensors?
    
    The default behavior can be changed by skipping the `sensor-stubs` flag and including
the `sensors` flag. For example, to deploy "Quick Dev" with the original sensors run the following
command.
    
    ```
    cd metron-deployment/vagrant/quick-dev-platform
    vagrant --ansible-skip-tags="sensor-stubs,solr" up
    ```
    
    


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/nickwallen/incubator-metron METRON-659

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-metron/pull/417.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #417
    
----
commit c155e089c981a786e6874b7f6c5f5d44d3d436dd
Author: Nick Allen <nick@nickallen.org>
Date:   2017-01-13T22:02:39Z

    METRON-659 Emulate Sensors in Development Environments

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message