Analytics
Also available as:
PDF

Starting Topologies and Sending Data

The final step in setting up Model as a Service, is to start the topologies and send some data to test the model.

  1. Start the sensor upon which the Model as a Service will run:

    $METRON_HOME/bin/start_parser_topology.sh -k node1:6667 -z node1:2181 -s $PARSER_NAME
  2. Generate some legitimate data and some malicious data on the sensor.

    For example:

    #Legitimate example:
    squidclient http://yahoo.com
    #Malicious example:
    squidclient http://cnn.com
  3. Send the data to Kafka:

    cat /var/log/squid/access.log | /usr/hdp/current/kafka-broker/bin/kafka-console-producer.sh --broker-list node1:6667 --topic squid
  4. Browse the data in Elasticsearch at http://node1:9100/_plugin/head to verify that it contains the appropriate documents. For the current example, you would see the following:

    • One from yahoo.com which does not have is_alert set and does have is_malicious set to legit.

    • One from cnn.com which does have is_alert set to true, is_malicious set to malicious, and threat:triage:level set to 100.