From michal at taborsky.cz Tue Jun 3 08:46:20 2014 From: michal at taborsky.cz (Michal Taborsky) Date: Tue, 3 Jun 2014 10:46:20 +0200 Subject: [Reconnoiter-users] Riemann Message-ID: Hello everyone, is there any info or docs on the Reconnoiter-Riemann integration? I'd like to give it a try, I have Riemann running, but don't know how to proceed. How do I compile reconnoiter with riemann support? What does stracon (I assume it is stratcon) emit to riemann? Are there any examples of streams definition? Thanks, Michal T?borsk? -------------- next part -------------- An HTML attachment was scrubbed... URL: From jesus at omniti.com Tue Jun 3 11:26:07 2014 From: jesus at omniti.com (Theo Schlossnagle) Date: Tue, 3 Jun 2014 07:26:07 -0400 Subject: [Reconnoiter-users] Riemann In-Reply-To: References: Message-ID: Reconnoiter embeds reimann. You don't need to run reimann yourself. There aren't much docs, but the test suite configures and spins up a riemann instance with rules to make sure all the hand off works. On Tue, Jun 3, 2014 at 4:46 AM, Michal Taborsky wrote: > Hello everyone, is there any info or docs on the Reconnoiter-Riemann > integration? I'd like to give it a try, I have Riemann running, but don't > know how to proceed. > > How do I compile reconnoiter with riemann support? > What does stracon (I assume it is stratcon) emit to riemann? > Are there any examples of streams definition? > > Thanks, > Michal T?borsk? > > > _______________________________________________ > Reconnoiter-users mailing list > Reconnoiter-users at lists.omniti.com > http://lists.omniti.com/mailman/listinfo/reconnoiter-users > > -- Theo Schlossnagle http://omniti.com/is/theo-schlossnagle -------------- next part -------------- An HTML attachment was scrubbed... URL: From michal at taborsky.cz Tue Jun 3 11:44:46 2014 From: michal at taborsky.cz (Michal Taborsky) Date: Tue, 3 Jun 2014 13:44:46 +0200 Subject: [Reconnoiter-users] Riemann In-Reply-To: References: Message-ID: Well, I am currently even unable to build it. When I run configure, I get: === Compile-time Configuration === Lua Implementation: LuaJIT == optional noit modules == Postgres module: yes MySQL module: no SNMP module: yes SSH2 module: yes == optional stratcon modules == Postgres ingestor: yes STOMP iep driver: yes FQ iep driver: no == Java bits == Jezebel: yes Reconnoiter: yes Riemann IEP: no I can't seem to decipher what it needs in order to build it with Riemann. Michal T?borsk? 2014-06-03 13:26 GMT+02:00 Theo Schlossnagle : > Reconnoiter embeds reimann. You don't need to run reimann yourself. > > There aren't much docs, but the test suite configures and spins up a > riemann instance with rules to make sure all the hand off works. > > > On Tue, Jun 3, 2014 at 4:46 AM, Michal Taborsky > wrote: > >> Hello everyone, is there any info or docs on the Reconnoiter-Riemann >> integration? I'd like to give it a try, I have Riemann running, but don't >> know how to proceed. >> >> How do I compile reconnoiter with riemann support? >> What does stracon (I assume it is stratcon) emit to riemann? >> Are there any examples of streams definition? >> >> Thanks, >> Michal T?borsk? >> >> >> _______________________________________________ >> Reconnoiter-users mailing list >> Reconnoiter-users at lists.omniti.com >> http://lists.omniti.com/mailman/listinfo/reconnoiter-users >> >> > > > -- > > Theo Schlossnagle > > http://omniti.com/is/theo-schlossnagle > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jesus at omniti.com Tue Jun 3 11:46:16 2014 From: jesus at omniti.com (Theo Schlossnagle) Date: Tue, 3 Jun 2014 07:46:16 -0400 Subject: [Reconnoiter-users] Riemann In-Reply-To: References: Message-ID: Heh.. that's not obvious at all... Make sure Maven (mvn) is installed and in your path at configure time. On Tue, Jun 3, 2014 at 7:44 AM, Michal Taborsky wrote: > Well, I am currently even unable to build it. When I run configure, I get: > > === Compile-time Configuration === > Lua Implementation: LuaJIT > > == optional noit modules == > Postgres module: yes > MySQL module: no > SNMP module: yes > SSH2 module: yes > > == optional stratcon modules == > Postgres ingestor: yes > STOMP iep driver: yes > FQ iep driver: no > > == Java bits == > Jezebel: yes > Reconnoiter: yes > Riemann IEP: no > > I can't seem to decipher what it needs in order to build it with Riemann. > > Michal T?borsk? > > > > 2014-06-03 13:26 GMT+02:00 Theo Schlossnagle : > > Reconnoiter embeds reimann. You don't need to run reimann yourself. >> >> There aren't much docs, but the test suite configures and spins up a >> riemann instance with rules to make sure all the hand off works. >> >> >> On Tue, Jun 3, 2014 at 4:46 AM, Michal Taborsky >> wrote: >> >>> Hello everyone, is there any info or docs on the Reconnoiter-Riemann >>> integration? I'd like to give it a try, I have Riemann running, but don't >>> know how to proceed. >>> >>> How do I compile reconnoiter with riemann support? >>> What does stracon (I assume it is stratcon) emit to riemann? >>> Are there any examples of streams definition? >>> >>> Thanks, >>> Michal T?borsk? >>> >>> >>> _______________________________________________ >>> Reconnoiter-users mailing list >>> Reconnoiter-users at lists.omniti.com >>> http://lists.omniti.com/mailman/listinfo/reconnoiter-users >>> >>> >> >> >> -- >> >> Theo Schlossnagle >> >> http://omniti.com/is/theo-schlossnagle >> > > -- Theo Schlossnagle http://omniti.com/is/theo-schlossnagle -------------- next part -------------- An HTML attachment was scrubbed... URL: From borising at gmail.com Tue Jun 3 12:23:30 2014 From: borising at gmail.com (Bo Agerskov Rising) Date: Tue, 03 Jun 2014 14:23:30 +0200 Subject: [Reconnoiter-users] Riemann In-Reply-To: References: Message-ID: <538DBE42.4010907@gmail.com> Hi Michal, FWIW I use the following commands to setup maven: $ mkdir ~/work && cd work $ wget http://mirrors.dotsrc.org/apache/maven/maven-3/3.1.1/binaries/apache-maven-3.1.1-bin.tar.gz $ sudo mkdir /opt/local && sudo tar xvzf apache-maven-3.1.1-bin.tar.gz -C /opt/local/ $ cd /opt/local && sudo ln -s /opt/local/apache-maven-3.1.1 ./apache-maven $ cd /opt && sudo ln -s /opt/gcc-4.8.1 ./gcc $ vi ~/.cshrc setenv M2_HOME /opt/local/apache-maven setenv PATH /opt/local/apache-maven/bin:/opt/local/sbin:/opt/local/bin:/usr/sbin/:/bin:/usr/bin:/usr/ucb:/etc:/opt/local/sbin:/opt/local/bin:/opt/omni/bin:/opt/gcc/bin:$PATH $ source ~/.cshrc Test mvn availability: $ mvn --version Regards, Bo Theo Schlossnagle wrote: > Heh.. that's not obvious at all... Make sure Maven (mvn) is installed and > in your path at configure time. > > > On Tue, Jun 3, 2014 at 7:44 AM, Michal Taborsky wrote: > >> Well, I am currently even unable to build it. When I run configure, I get: >> >> === Compile-time Configuration === >> Lua Implementation: LuaJIT >> >> == optional noit modules == >> Postgres module: yes >> MySQL module: no >> SNMP module: yes >> SSH2 module: yes >> >> == optional stratcon modules == >> Postgres ingestor: yes >> STOMP iep driver: yes >> FQ iep driver: no >> >> == Java bits == >> Jezebel: yes >> Reconnoiter: yes >> Riemann IEP: no >> >> I can't seem to decipher what it needs in order to build it with Riemann. >> >> Michal T?borsk? >> >> >> >> 2014-06-03 13:26 GMT+02:00 Theo Schlossnagle : >> >> Reconnoiter embeds reimann. You don't need to run reimann yourself. >>> There aren't much docs, but the test suite configures and spins up a >>> riemann instance with rules to make sure all the hand off works. >>> >>> >>> On Tue, Jun 3, 2014 at 4:46 AM, Michal Taborsky >>> wrote: >>> >>>> Hello everyone, is there any info or docs on the Reconnoiter-Riemann >>>> integration? I'd like to give it a try, I have Riemann running, but don't >>>> know how to proceed. >>>> >>>> How do I compile reconnoiter with riemann support? >>>> What does stracon (I assume it is stratcon) emit to riemann? >>>> Are there any examples of streams definition? >>>> >>>> Thanks, >>>> Michal T?borsk? >>>> >>>> >>>> _______________________________________________ >>>> Reconnoiter-users mailing list >>>> Reconnoiter-users at lists.omniti.com >>>> http://lists.omniti.com/mailman/listinfo/reconnoiter-users >>>> >>>> >>> >>> -- >>> >>> Theo Schlossnagle >>> >>> http://omniti.com/is/theo-schlossnagle >>> >> > > > _______________________________________________ > Reconnoiter-users mailing list > Reconnoiter-users at lists.omniti.com > http://lists.omniti.com/mailman/listinfo/reconnoiter-users From michal at taborsky.cz Fri Jun 6 11:19:14 2014 From: michal at taborsky.cz (Michal Taborsky) Date: Fri, 6 Jun 2014 13:19:14 +0200 Subject: [Reconnoiter-users] Riemann In-Reply-To: References: Message-ID: OK, so I got it to build, apparently it runs but what now. I see there is a /usr/local/var/db/noit-iep/riemann.config. I tried to modify it to do two things, log to a file and expose API over the standard port 5555 so I can query the index. However, it does not log to a file and the port is not open, so I am thinking the file is ignored. Do you have any more pointers? I will write a blog post later to sum it up. my stratcon.conf IEP part: myhost *** *** myhost noit.firehose topic check.# *** *** riemann.config my riemann.conf: (def noit-alert fn [e] e) (logging/init :file "/var/log/riemann.log") (let [host "0.0.0.0"] (tcp-server {:host host}) (udp-server {:host host}) (ws-server {:host host})) (instrumentation {:interval 1}) (periodically-expire 1) (let [index (default :ttl 3 (update-index (index)))] (streams (expired prn) index)) (streams noit-alert) Michal T?borsk? 2014-06-03 13:46 GMT+02:00 Theo Schlossnagle : > Heh.. that's not obvious at all... Make sure Maven (mvn) is installed and > in your path at configure time. > > > On Tue, Jun 3, 2014 at 7:44 AM, Michal Taborsky > wrote: > >> Well, I am currently even unable to build it. When I run configure, I get: >> >> === Compile-time Configuration === >> Lua Implementation: LuaJIT >> >> == optional noit modules == >> Postgres module: yes >> MySQL module: no >> SNMP module: yes >> SSH2 module: yes >> >> == optional stratcon modules == >> Postgres ingestor: yes >> STOMP iep driver: yes >> FQ iep driver: no >> >> == Java bits == >> Jezebel: yes >> Reconnoiter: yes >> Riemann IEP: no >> >> I can't seem to decipher what it needs in order to build it with Riemann. >> >> Michal T?borsk? >> >> >> >> 2014-06-03 13:26 GMT+02:00 Theo Schlossnagle : >> >> Reconnoiter embeds reimann. You don't need to run reimann yourself. >>> >>> There aren't much docs, but the test suite configures and spins up a >>> riemann instance with rules to make sure all the hand off works. >>> >>> >>> On Tue, Jun 3, 2014 at 4:46 AM, Michal Taborsky >>> wrote: >>> >>>> Hello everyone, is there any info or docs on the Reconnoiter-Riemann >>>> integration? I'd like to give it a try, I have Riemann running, but don't >>>> know how to proceed. >>>> >>>> How do I compile reconnoiter with riemann support? >>>> What does stracon (I assume it is stratcon) emit to riemann? >>>> Are there any examples of streams definition? >>>> >>>> Thanks, >>>> Michal T?borsk? >>>> >>>> >>>> _______________________________________________ >>>> Reconnoiter-users mailing list >>>> Reconnoiter-users at lists.omniti.com >>>> http://lists.omniti.com/mailman/listinfo/reconnoiter-users >>>> >>>> >>> >>> >>> -- >>> >>> Theo Schlossnagle >>> >>> http://omniti.com/is/theo-schlossnagle >>> >> >> > > > -- > > Theo Schlossnagle > > http://omniti.com/is/theo-schlossnagle > -------------- next part -------------- An HTML attachment was scrubbed... URL: