Date: Wed, 3 Aug 2005 13:00:24 -0700 (PDT) From: Charlie Schluting <charlie@schluting.com> To: FreeBSD-gnats-submit@FreeBSD.org Cc: jrb@cs.pdx.edu Subject: ports/84530: [New Port] net-mgmt/ourmon: Network Monitoring and Anomaly Detection System Message-ID: <20050803200024.8A90A246D@mailhost.schluting.com> Resent-Message-ID: <200508032010.j73KAHKs060469@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 84530 >Category: ports >Synopsis: [New Port] net-mgmt/ourmon: Network Monitoring and Anomaly Detection System >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Aug 03 20:10:17 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Charlie Schluting >Release: FreeBSD 5.4-RELEASE i386 >Organization: Portland State University >Environment: System: FreeBSD schluting.com 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Thu May 12 23:39:29 PDT 2005 charlie@schluting.com:/usr/obj/usr/src/sys/BLOATED_FW_Q i386 --- ourmon25.shar begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # ourmon25/ # ourmon25/Makefile # ourmon25/distinfo # ourmon25/pkg-descr # ourmon25/pkg-message # echo c - ourmon25/ mkdir -p ourmon25/ > /dev/null 2>&1 echo x - ourmon25/Makefile sed 's/^X//' >ourmon25/Makefile << 'END-of-ourmon25/Makefile' X# New ports collection makefile for: ourmon X# Date created: 01 May 2005 X# Whom: Charlie Schluting <manos@cs.pdx.edu> X# X# $FreeBSD$ X XPORTNAME= ourmon XPORTVERSION= 2.5 XCATEGORIES= net-mgmt XMASTER_SITES= http://ourmon.cat.pdx.edu/ourmon/ XDISTNAME= ourmon25 X XMAINTAINER= ports@freebsd.org XCOMMENT= A libpcap-based network monitoring and anomaly detection system X XBUILD_DEPENDS= ${LOCALBASE}/lib/libpcap.a:${PORTSDIR}/net/libpcap XLIB_DEPENDS= pcap:${PORTSDIR}/net/libpcap XLIB_DEPENDS+= gd:$(PORTSDIR)/graphics/gd XRUN_DEPENDS= rrdtool:$(PORTSDIR)/net/rrdtool X#RUN_DEPENDS+= wget:$(PORTSDIR)/ftp/wget X XPLIST_DIRS= X XIS_INTERACTIVE= yes XUSE_PERL5= X#USE_APACHE= XWRKSRC= ${WRKDIR}/mrourmon XNO_INSTALL_MANPAGES= XNO_PACKAGE= X# where to install ourmon and also X# where we build the ourmon runtime-script with configure.pl X# note: we use the work directory simply for unpacking X X# make simply states assumptions, unpacks the system, and puts it in PREFIX Xpre-build: X @${ECHO_MSG} "install dir is PREFIX=\"${PREFIX}/mrourmon\"" X @${ECHO_MSG} "We do not install apache or some other web server for you. X @${ECHO_MSG} "You should know where your apache docs directory is before make install." X @${ECHO_MSG} "You should also know which network interface you want ourmon to use." X @${ECHO_MSG} X @${ECHO_MSG} "Ourmon may be installed on one CPU or two. If you" X @${ECHO_MSG} "are only installing the front-end probe, you do" X @${ECHO_MSG} "not need Apache, hence we do not install it." X @${ECHO_MSG} "If you are installing the back-end graphics engine" X @${ECHO_MSG} "(which needs a web server) do install Apache first, and note" X @${ECHO_MSG} "where the htdocs web directory lives. You will need" X @${ECHO_MSG} "that for ourmon configuration. If you simply" X @${ECHO_MSG} "want to install ourmon with both front-end and back-end" X @${ECHO_MSG} "on one CPU, then install Apache first on that machine." X @${ECHO_MSG} X Xpost-patch: patch-startup-files X Xpatch-startup-files: X Xdo-build: X.if exists(${PREFIX}/etc/ourmon.conf) X ${MV} ${PREFIX}/etc/ourmon.conf ${PREFIX}/etc/ourmon.conf.old X.endif X $(CP) -R ${WRKSRC} ${PREFIX} X X# make install compiles and configures the system installing X# all binaries in the local PREFIX/bin as well as asking X# the user if he/she wants to install system start scripts X# and modify /etc/crontab X Xpre-install: Xdo-install: X cd ${PREFIX}/mrourmon && ${PERL5} configure.pl ${PREFIX} X Xpost-install: display-message X Xdisplay-message: X @${ECHO_MSG} "Ourmon is installed in ${PREFIX}" X @${ECHO_MSG} X @${CAT} ${PKGMESSAGE} X @${ECHO_MSG} X X.include <bsd.port.mk> END-of-ourmon25/Makefile echo x - ourmon25/distinfo sed 's/^X//' >ourmon25/distinfo << 'END-of-ourmon25/distinfo' XMD5 (ourmon25.tar.gz) = 23353c42d2432793345b19ac0a77dfdb XSIZE (ourmon25.tar.gz) =330622 END-of-ourmon25/distinfo echo x - ourmon25/pkg-descr sed 's/^X//' >ourmon25/pkg-descr << 'END-of-ourmon25/pkg-descr' XOurmon is a network management and anomaly detection system for Xperforming various SNMP RMON-like network analysis tasks. It uses Xthe BSD bpf in combination with RRDTOOL as well as various "top Xtalker" style tuples including: top-N flows which include IP, TCP, XUDP, and ICMP flows, top SYN senders, top TCP/UDP ports, top single XIP src to many IP dst senders, top single IP src to L4 (TCP/UDP), Xtop ICMP errors which includes UDP creators of ICMP errors and other Xtools for both network management and anomaly detection. RRDTOOL Xgraphs include a year of baselined information. New RRDTOOL graphs Xmay be designed with user-configured BPF expressions a la tcpdump. XReports and logging for top talkers are also included. X XWWW: http://ourmon.cat.pdx.edu/ourmon/ X XCreated by: Jim Binkley <jrb@cs.pdx.edu> XFreeBSD Port by: Charlie Schluting <charlie@schluting.com> END-of-ourmon25/pkg-descr echo x - ourmon25/pkg-message sed 's/^X//' >ourmon25/pkg-message << 'END-of-ourmon25/pkg-message' XFor the FreeBSD port, we assume X X/usr/local/mrourmon X Xis the base directory, although that can be overridden with Xthe port Makefile. X XRead the INSTALL file in the ourmon base directory. X************************************************** X XIf you want to uninstall ourmon, read "uninstall.txt" in Xthe base directory. X XBe sure and inspect and modify the basic config file, Xat /usr/local/mrourmon/etc/ourmon.conf. In particular Xset the notion of topn_syn home IP in the config file X Xtopn_syn_homeip 10.1.0.0 255.255.0.0 X Xto your home subnet and netmask. X XAfter setting the config file up properly, Xin order to start the front-end probe process, Xnamed "ourmon", you must cd to the base directory Xand run the ourmon probe from the start shellscript. X X# cd /usr/local/mrourmon/bin X# ./ourmon.sh start END-of-ourmon25/pkg-message exit --- ourmon25.shar ends here --- >Description: >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050803200024.8A90A246D>