metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Allen <n...@nickallen.org>
Subject Re: Develop some parsers
Date Sat, 08 Apr 2017 14:41:48 GMT
Nope.  All you need is `vagrant up`.

On Sat, Apr 8, 2017 at 10:37 AM, Mark de Rijk <
mark.derijk@samarkconsulting.co.uk> wrote:

> Hi,
>
> I am trying to follow the dev environment setup instructions but I am
> missing the Vagrant Init steps and it skips right ahead to a vagrant up.
>
> So after Vagrant hostmanager it skips
> to
> cd metron-deployment/vagrant/full-dev-platform
> vagrant up
>
> Doesn’t it miss a vagrant init step there?
> If I am saying something stupid let me know though.
>
> Regards,
> Mark de Rijk
>
> On 07/April/2017 14:37 , "Ali Nazemian" <alinazemian@gmail.com> wrote:
>
>     Mark,
>
>     Have you seen the following pages?
>
>     https://cwiki.apache.org/confluence/display/METRON/
> Development+Guidelines
>     https://cwiki.apache.org/confluence/display/METRON/Metron+Development+
> Environment+Setup+Instructions
>     https://cwiki.apache.org/confluence/display/METRON/Community+Resources
>
>
>     On Fri, Apr 7, 2017 at 11:20 PM, Mark de Rijk <me.derijk@gmail.com>
> wrote:
>
>     > To clarify I have written a lot of parsers for ArcSight over the
> years and
>     > I would like to start contributing by developing parsers for the
> Metron
>     > project.
>     > Is there any documentation that will help me get started so I can
> start
>     > cranking them out?
>     > This is the first open source project I am looking to contribute to
> so
>     > forgive me If I am asking stupid questions.
>     >
>     >
>     >
>     > On Fri, Apr 7, 2017 at 2:13 PM, Otto Fowler <ottobackwards@gmail.com
> >
>     > wrote:
>     >
>     > > I also believe that grok parsers can be added through
> configuration only,
>     > > without having to
>     > > compile a parser.
>     > >
>     > > You can add a parser configuration targeting the basic grok parser
> and
>     > just
>     > > provide the grok
>     > > parser rules.
>     > >
>     > >
>     > > Just as a heads up, I’m currently working on the parsers to allow
> for
>     > > writing and maintaining parsers
>     > > outside the metron code tree, including providing a maven
> archetype.
>     > This
>     > > will allow you to create parsers
>     > > without having to maintain a fork etc.
>     > >
>     > > Keep an eye out for METRON-258 as a PR on the list.
>     > >
>     > >
>     > >
>     > > On April 7, 2017 at 08:54:35, Justin Leet (justinjleet@gmail.com)
> wrote:
>     > >
>     > > My understanding of Grok vs Java is to provide a tradeoff for ease
> of
>     > > implementation vs performance (plus Java can also handle parsing
> that
>     > would
>     > > be too complicated for Grok.
>     > >
>     > > Grok is less performant and handles less complex parsing, but it's
> easy
>     > to
>     > > get things going and potentially maintained without writing and
> compiling
>     > > Java.
>     > >
>     > > The Java implementation will be better for performance and can
> handle
>     > more
>     > > complicated parsing Grok can't.
>     > >
>     > > I believe the preference has generally been for Grok parsers if
>     > > appropriate, otherwise Java parsers.
>     > >
>     > > Justin
>     > >
>     > > On Fri, Apr 7, 2017 at 8:09 AM, Ali Nazemian <
> alinazemian@gmail.com>
>     > > wrote:
>     > >
>     > > > Hi Mark,
>     > > >
>     > > > Yeah, that would be great. Can you please specify which devices
> you
>     > have
>     > > > developed so far?
>     > > >
>     > > > Cheers,
>     > > > Ali
>     > > >
>     > > > On Fri, Apr 7, 2017 at 4:10 PM, Mark De Rijk <
> me.derijk@gmail.com>
>     > > wrote:
>     > > >
>     > > > > Dear all,
>     > > > >
>     > > > > I am a heavy arcsight user and I have written quite a few
> parsers
>     > over
>     > > > > time.
>     > > > > I am new to contributing to open source projects however.
>     > > > > @Ali, would you like to cooperate on development of some
> parsers?
>     > > > >
>     > > > > Kind Regards,
>     > > > > Mark de Rijk
>     > > > >
>     > > > >
>     > > > > > On 7 Apr 2017, at 04:30, Ali Nazemian <alinazemian@gmail.com
> >
>     > wrote:
>     > > > > >
>     > > > > > Hi all,
>     > > > > >
>     > > > > > We are going to develop some parsers and have some
> contribution to
>     > > the
>     > > > > > community as a start point. I was wondering what the reason
> is
>     > behind
>     > > > > > choosing Grok statements for some of the implementations
and
> Java
>     > > regex
>     > > > > for
>     > > > > > other ones? Is there any policy for that? Probably it would
> be
>     > better
>     > > > to
>     > > > > > have the Java regex implementation due to performance
> concerns.
>     > > > However,
>     > > > > I
>     > > > > > am sure there is a reason that some of them have been
> implemented
>     > > with
>     > > > > > using Grok statements.
>     > > > > >
>     > > > > > Regards,
>     > > > > > Ali
>     > > > >
>     > > >
>     > > >
>     > > >
>     > > > --
>     > > > A.Nazemian
>     > > >
>     > >
>     >
>
>
>
>     --
>     A.Nazemian
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message