metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "" <>
Subject Re: How to clean Metro 0.3.1 quick-dev-platform box ?
Date Mon, 03 Apr 2017 10:08:28 GMT
Sorry about the brevity, answering on my phone.

1. By default the data comes from the sensor-stubs.  For more details see

2.  The vagrant details come from these two locations - and
and you should be able to use this to change the hard drive size -

3. Do you mean how to set up bro, yaf, and snort independently and then use
them in a Metron cluster?  I can help with that, and we definitely should
have that documented, I agree.  For some immediate information you can look
at the snort yaf and bro roles -

4.  I don't know for sure but if you vagrant SSH then run some du commands
you can find where is using the most data.  My first thought is that you
have a large number of error messages somewhere because the sensor logs
should be rather low volume, although perpetual.


On Mon, Apr 3, 2017, 4:20 AM Farrukh Naveed Anjum <>

> Hi,
> I am working on the Metro 0.3.1 in short span of time. It fills out all
> the space of 67 GB Box. I have few simple questions I hope some will be
> able to answer them.
> 1. From where do we get the Bro, YAF, Snort data ? Does they sniff on eth0
> or they keep running some kind of garbage alerts ?  (Please keep in mind i
> am talking about there default behavior)
> 2. Is there any way I can Increase the HardDrive Space of QuickDevelopment
> Vagrant Machine to 150GB ?
> 3. There is also zero information on how to kick start with Snort,Bro and
> YAF. A small tutorial on it will be appericatate. As Merton classic use
> case is built on the NiFi Log parsing usecase.
> 4. Why my disk space keep filling out
> Disk Usage (Non DFS Used) 51.8 GB / 67.6 GB (76.63%)
> I will like to help crate document + presentation on it. If some one help
> me just kick start on it.
> --
> With Regards
> Farrukh Naveed Anjum


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message