From owner-freebsd-ports-bugs@FreeBSD.ORG Wed Aug 3 20:10:23 2005 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7FDC216A41F for ; Wed, 3 Aug 2005 20:10:23 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 17B0D43D6B for ; Wed, 3 Aug 2005 20:10:18 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j73KAHGs060470 for ; Wed, 3 Aug 2005 20:10:17 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j73KAHKs060469; Wed, 3 Aug 2005 20:10:17 GMT (envelope-from gnats) Resent-Date: Wed, 3 Aug 2005 20:10:17 GMT Resent-Message-Id: <200508032010.j73KAHKs060469@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Charlie Schluting Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 61C6016A41F for ; Wed, 3 Aug 2005 20:00:35 +0000 (GMT) (envelope-from charlie@schluting.com) Received: from mailhost.schluting.com (schluting.com [131.252.214.57]) by mx1.FreeBSD.org (Postfix) with ESMTP id 150F243D45 for ; Wed, 3 Aug 2005 20:00:32 +0000 (GMT) (envelope-from charlie@schluting.com) Received: from localhost (localhost.cat.pdx.edu [127.0.0.1]) by mailhost.schluting.com (Postfix) with ESMTP id 6729E25C1; Wed, 3 Aug 2005 13:00:32 -0700 (PDT) Received: from mailhost.schluting.com ([127.0.0.1]) by localhost (schluting.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26793-07; Wed, 3 Aug 2005 13:00:24 -0700 (PDT) Received: by mailhost.schluting.com (Postfix, from userid 1001) id 8A90A246D; Wed, 3 Aug 2005 13:00:24 -0700 (PDT) Message-Id: <20050803200024.8A90A246D@mailhost.schluting.com> Date: Wed, 3 Aug 2005 13:00:24 -0700 (PDT) From: Charlie Schluting To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: jrb@cs.pdx.edu Subject: ports/84530: [New Port] net-mgmt/ourmon: Network Monitoring and Anomaly Detection System X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Charlie Schluting List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Aug 2005 20:10:23 -0000 >Number: 84530 >Category: ports >Synopsis: [New Port] net-mgmt/ourmon: Network Monitoring and Anomaly Detection System >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Aug 03 20:10:17 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Charlie Schluting >Release: FreeBSD 5.4-RELEASE i386 >Organization: Portland State University >Environment: System: FreeBSD schluting.com 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Thu May 12 23:39:29 PDT 2005 charlie@schluting.com:/usr/obj/usr/src/sys/BLOATED_FW_Q i386 --- ourmon25.shar begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # ourmon25/ # ourmon25/Makefile # ourmon25/distinfo # ourmon25/pkg-descr # ourmon25/pkg-message # echo c - ourmon25/ mkdir -p ourmon25/ > /dev/null 2>&1 echo x - ourmon25/Makefile sed 's/^X//' >ourmon25/Makefile << 'END-of-ourmon25/Makefile' X# New ports collection makefile for: ourmon X# Date created: 01 May 2005 X# Whom: Charlie Schluting X# X# $FreeBSD$ X XPORTNAME= ourmon XPORTVERSION= 2.5 XCATEGORIES= net-mgmt XMASTER_SITES= http://ourmon.cat.pdx.edu/ourmon/ XDISTNAME= ourmon25 X XMAINTAINER= ports@freebsd.org XCOMMENT= A libpcap-based network monitoring and anomaly detection system X XBUILD_DEPENDS= ${LOCALBASE}/lib/libpcap.a:${PORTSDIR}/net/libpcap XLIB_DEPENDS= pcap:${PORTSDIR}/net/libpcap XLIB_DEPENDS+= gd:$(PORTSDIR)/graphics/gd XRUN_DEPENDS= rrdtool:$(PORTSDIR)/net/rrdtool X#RUN_DEPENDS+= wget:$(PORTSDIR)/ftp/wget X XPLIST_DIRS= X XIS_INTERACTIVE= yes XUSE_PERL5= X#USE_APACHE= XWRKSRC= ${WRKDIR}/mrourmon XNO_INSTALL_MANPAGES= XNO_PACKAGE= X# where to install ourmon and also X# where we build the ourmon runtime-script with configure.pl X# note: we use the work directory simply for unpacking X X# make simply states assumptions, unpacks the system, and puts it in PREFIX Xpre-build: X @${ECHO_MSG} "install dir is PREFIX=\"${PREFIX}/mrourmon\"" X @${ECHO_MSG} "We do not install apache or some other web server for you. X @${ECHO_MSG} "You should know where your apache docs directory is before make install." X @${ECHO_MSG} "You should also know which network interface you want ourmon to use." X @${ECHO_MSG} X @${ECHO_MSG} "Ourmon may be installed on one CPU or two. If you" X @${ECHO_MSG} "are only installing the front-end probe, you do" X @${ECHO_MSG} "not need Apache, hence we do not install it." X @${ECHO_MSG} "If you are installing the back-end graphics engine" X @${ECHO_MSG} "(which needs a web server) do install Apache first, and note" X @${ECHO_MSG} "where the htdocs web directory lives. You will need" X @${ECHO_MSG} "that for ourmon configuration. If you simply" X @${ECHO_MSG} "want to install ourmon with both front-end and back-end" X @${ECHO_MSG} "on one CPU, then install Apache first on that machine." X @${ECHO_MSG} X Xpost-patch: patch-startup-files X Xpatch-startup-files: X Xdo-build: X.if exists(${PREFIX}/etc/ourmon.conf) X ${MV} ${PREFIX}/etc/ourmon.conf ${PREFIX}/etc/ourmon.conf.old X.endif X $(CP) -R ${WRKSRC} ${PREFIX} X X# make install compiles and configures the system installing X# all binaries in the local PREFIX/bin as well as asking X# the user if he/she wants to install system start scripts X# and modify /etc/crontab X Xpre-install: Xdo-install: X cd ${PREFIX}/mrourmon && ${PERL5} configure.pl ${PREFIX} X Xpost-install: display-message X Xdisplay-message: X @${ECHO_MSG} "Ourmon is installed in ${PREFIX}" X @${ECHO_MSG} X @${CAT} ${PKGMESSAGE} X @${ECHO_MSG} X X.include END-of-ourmon25/Makefile echo x - ourmon25/distinfo sed 's/^X//' >ourmon25/distinfo << 'END-of-ourmon25/distinfo' XMD5 (ourmon25.tar.gz) = 23353c42d2432793345b19ac0a77dfdb XSIZE (ourmon25.tar.gz) =330622 END-of-ourmon25/distinfo echo x - ourmon25/pkg-descr sed 's/^X//' >ourmon25/pkg-descr << 'END-of-ourmon25/pkg-descr' XOurmon is a network management and anomaly detection system for Xperforming various SNMP RMON-like network analysis tasks. It uses Xthe BSD bpf in combination with RRDTOOL as well as various "top Xtalker" style tuples including: top-N flows which include IP, TCP, XUDP, and ICMP flows, top SYN senders, top TCP/UDP ports, top single XIP src to many IP dst senders, top single IP src to L4 (TCP/UDP), Xtop ICMP errors which includes UDP creators of ICMP errors and other Xtools for both network management and anomaly detection. RRDTOOL Xgraphs include a year of baselined information. New RRDTOOL graphs Xmay be designed with user-configured BPF expressions a la tcpdump. XReports and logging for top talkers are also included. X XWWW: http://ourmon.cat.pdx.edu/ourmon/ X XCreated by: Jim Binkley XFreeBSD Port by: Charlie Schluting END-of-ourmon25/pkg-descr echo x - ourmon25/pkg-message sed 's/^X//' >ourmon25/pkg-message << 'END-of-ourmon25/pkg-message' XFor the FreeBSD port, we assume X X/usr/local/mrourmon X Xis the base directory, although that can be overridden with Xthe port Makefile. X XRead the INSTALL file in the ourmon base directory. X************************************************** X XIf you want to uninstall ourmon, read "uninstall.txt" in Xthe base directory. X XBe sure and inspect and modify the basic config file, Xat /usr/local/mrourmon/etc/ourmon.conf. In particular Xset the notion of topn_syn home IP in the config file X Xtopn_syn_homeip 10.1.0.0 255.255.0.0 X Xto your home subnet and netmask. X XAfter setting the config file up properly, Xin order to start the front-end probe process, Xnamed "ourmon", you must cd to the base directory Xand run the ourmon probe from the start shellscript. X X# cd /usr/local/mrourmon/bin X# ./ourmon.sh start END-of-ourmon25/pkg-message exit --- ourmon25.shar ends here --- >Description: >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted: