Date: Mon, 3 Mar 2014 19:29:47 -0500 From: Chad Gross <avatar4d@gmail.com> To: Muhammad Moinur Rahman <5u623l20@gmail.com> Cc: Alex Samorukov <samm@os2.kiev.ua>, lx@freebsd.org, FreeBSD Ports <freebsd-ports@freebsd.org> Subject: Re: [patch] net-mgmt/flowviewer and security/silktools patches Message-ID: <CAHP1p-VD_RZpWd31424%2BRrRXWbY6QVOqVVJbBTK4=vXbDB2=ag@mail.gmail.com> In-Reply-To: <CA%2BnPUkyDyph9HSV3M1XBgFvT6M3XY4nhxDwZPeE-uM64MWwAqw@mail.gmail.com> References: <CAHP1p-Xq_Kct7=U3nXsPO_ariQZ7x=vc3ybXj7ekMjmG_iR4uA@mail.gmail.com> <CAHP1p-UDykoxtVpuTq6gMPw3AGNe0kgsgod9wqWee4zEE29pKA@mail.gmail.com> <CA%2BnPUkyDyph9HSV3M1XBgFvT6M3XY4nhxDwZPeE-uM64MWwAqw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Sun, Mar 2, 2014 at 11:42 PM, Muhammad Moinur Rahman <5u623l20@gmail.com>wrote: > Hi, > > Can you please send me the patches as attachment rather than inline. I > will try to rebuild it from scratch and check it out again with Silktools. > > Regards, > Muhammad > > > On Wed, Feb 19, 2014 at 12:57 AM, Chad Gross <avatar4d@gmail.com> wrote: > >> On Tue, Feb 18, 2014 at 10:33 AM, Chad Gross <avatar4d@gmail.com> wrote: >> >> > I managed to configure net-mgmt/flowviewer with security/silktools, but >> > had to make some modifications to get it working. FlowViewer is >> configured >> > by defaut to pass the $silk_data_dir + $device_name as the root data >> > directory to the rwfilter tool, when the root directory should be the >> same >> > as $silk_data_dir. I've confirmed it is still the configured this way in >> > the latest version (4.3, released 2/11/14) so I could be misconfiguring >> > something, but I don't see how since I following the documentation ( >> > >> http://sourceforge.net/projects/flowviewer/files/FlowViewer.pdf/download >> ). >> > I also manually ran the commands out of working/DEBUG_VIEWER and it >> > produced nothing until I updated --data-rootdir=/data/flows/S0 to >> > --data-rootdir=/data/flows. >> > >> > Here are patches for the 4 affected files: >> > >> > >> > --- FlowGrapher_Main.cgi.orig 2014-02-18 08:49:42.000000000 -0500 >> > >> > +++ FlowGrapher_Main.cgi 2014-02-18 09:09:58.000000000 -0500 >> > >> > @@ -535,7 +535,7 @@ >> > >> > $silk_flow_type =~ s/\s+//g; >> > >> > } >> > >> > >> > >> > - $data_root_dir = $silk_data_directory ."/". $device_name; >> > >> > + $data_root_dir = $silk_data_directory; >> > >> > >> > >> > # Prepare rwfilter start and end time parameters, filter >> criteria >> > and window type >> > >> > >> > --- FlowTracker_Recreate.orig 2014-02-16 15:50:35.000000000 -0500 >> > >> > +++ FlowTracker_Recreate 2014-02-18 09:09:58.000000000 -0500 >> > >> > @@ -245,7 +245,7 @@ >> > >> > $cat_start = >> > epoch_to_date($cat_start_epoch,"LOCAL"); >> > >> > $cat_end = >> epoch_to_date($cat_end_epoch,"LOCAL"); >> > >> > >> > >> > - $data_root_dir = $silk_data_directory ."/". >> > $device_name; >> > >> > + $data_root_dir = $silk_data_directory; >> > >> > >> > >> > $silk_flow_type = ""; >> > >> > >> > >> > --- FlowTracker_Collector.orig 2014-02-18 08:48:54.000000000 -0500 >> > >> > +++ FlowTracker_Collector 2014-02-18 09:09:58.000000000 -0500 >> > >> > @@ -303,7 +303,7 @@ >> > >> > >> > >> > # Set up silk data sources >> > >> > >> > >> > - $data_root_dir = $silk_data_directory ."/". >> > $device_name; >> > >> > + $data_root_dir = $silk_data_directory; >> > >> > >> > >> > $silk_flow_type = ""; >> > >> > >> > >> > --- FlowViewer_Main.cgi.orig 2014-02-18 08:52:30.000000000 -0500 >> > >> > +++ FlowViewer_Main.cgi 2014-02-18 09:09:58.000000000 -0500 >> > >> > @@ -431,7 +431,7 @@ >> > >> > $silk_flow_type =~ s/\s+//g; >> > >> > } >> > >> > >> > >> > - $data_root_dir = $silk_data_directory ."/". $device_name; >> > >> > + $data_root_dir = $silk_data_directory; >> > >> > >> > >> > # Prepare rwfilter start and end time parameters >> > >> > >> > >> > >> > I also found that security/silktools uses UTC by default, but has a >> > configuration option to enable localtime ( >> > https://tools.netsa.cert.org/silk/faq.html#timestamp-mismatch). >> > >> > Here is a patch to the Makefile containing a config option for >> localtime: >> > >> > >> > --- /usr/ports/silktools/Makefile.orig 2014-02-18 09:29:28.000000000 >> -0500 >> > >> > +++ /usr/ports/silktools/Makefile 2014-02-18 09:41:48.000000000 >> -0500 >> > >> > @@ -23,6 +23,11 @@ >> > >> > USES= perl5 >> > >> > USE_PERL5= build >> > >> > >> > +HAS_CONFIGURE= yes >> > >> > +OPTIONS_DEFINE= LOCALTIME >> > >> > +LOCALTIME_DESC= Use localtime instead of UTC >> > >> > + >> > >> > + >> > >> > MAN1= mapsid.1 num2dot.1 rwaddrcount.1 rwappend.1 \ >> > >> > rwbag.1 rwbagbuild.1 rwbagcat.1 rwbagtool.1 \ >> > >> > rwcat.1 rwcount.1 rwcut.1 rwdedupe.1 rwfglob.1 \ >> > >> > @@ -51,6 +56,13 @@ >> > >> > rwsender.8 >> > >> > >> > NO_STAGE= yes >> > >> > + >> > >> > +.include <bsd.port.options.mk> >> > >> > + >> > >> > +.if ${PORT_OPTIONS:MLOCALTIME} >> > >> > +CONFIGURE_ARGS+=--enable-localtime >> > >> > +.endif >> > >> > + >> > >> > post-patch: >> > >> > @${REINPLACE_CMD} -e 's|echo aout|echo elf|' ${WRKSRC}/configure >> > >> > >> > >> > Thanks, >> > >> > >> > Chad >> > >> >> >> >> Here is another patch for net-mgmt/flowview so sensor filtering works. I >> am >> not sure why, but this file is originally trying to use the exporter as >> the >> sensor for SiLK devices. This is interesting since the PDF above indicated >> that the @exporter array was only used for flow-tools, not SiLK but alas >> here it is using it. If anything I think it would make more sense to use >> the "device" as the sensor, especially since @ipfix_devices is already >> defined as a sensor per the documentation. To make matters worse it is >> grepping for the probes and not the sensors in order to populate the >> --sensors= flag. >> >> >> >> --- FlowViewer_Utilities.pm.orig 2014-02-18 12:52:42.000000000 -0500 >> >> +++ FlowViewer_Utilities.pm 2014-02-18 13:50:09.000000000 -0500 >> >> @@ -2339,50 +2339,50 @@ >> >> >> >> # Set up exporter address filtering, if any >> >> >> >> - if ($exporter ne "") { >> >> + if ($device_name ne "") { >> >> >> >> - $exporter =~ s/\s+//g; >> >> - $num_include_probe = 0; >> >> - @valid_probes = (); >> >> + $device_name =~ s/\s+//g; >> >> + $num_include_sensor = 0; >> >> + @valid_sensors = (); >> >> >> >> - # Get valid probes (exporters) from the sensor.conf file >> >> + # Get valid sensors (device_names) from the sensor.conf file >> >> >> >> - $probe_command = "cat $sensor_config_directory/sensor.conf | grep probe >> > >> $work_directory/valid_probes_$suffix"; >> >> - system ($probe_command); >> >> + $sensor_command = "cat $sensor_config_directory/sensor.conf | grep >> sensor >> > $work_directory/valid_sensors_$suffix"; >> >> + system ($sensor_command); >> >> >> >> - open (PROBES,"<$work_directory/valid_probes_$suffix"); >> >> + open (PROBES,"<$work_directory/valid_sensors_$suffix"); >> >> while (<PROBES>) { >> >> - ($probe_label,$probe) = split(/\s+/,$_); >> >> - if ($probe_label eq "probe") { push (@valid_probes,$probe); } >> >> + ($sensor_label,$sensor) = split(/\s+/,$_); >> >> + if ($sensor_label eq "sensor") { push (@valid_sensors,$sensor); } >> >> } >> >> >> >> while ($still_more) { >> >> >> >> - ($exporter_name) = split(/,/,$exporter); >> >> - $start_char = length($exporter_name) + 1; >> >> - $exporter = substr($exporter,$start_char); >> >> + ($device_name_name) = split(/,/,$device_name); >> >> + $start_char = length($device_name_name) + 1; >> >> + $device_name = substr($device_name,$start_char); >> >> >> >> - if (substr($exporter_name,0,1) eq "-") { >> >> - &print_error("SiLK software does not support exclusion of Exporters >> (Sensors) at this time: -$exporter_name"); last; >> >> + if (substr($device_name_name,0,1) eq "-") { >> >> + &print_error("SiLK software does not support exclusion of Exporters >> (Sensors) at this time: -$device_name_name"); last; >> >> } else { >> >> - foreach $probe (@valid_probes) { >> >> - if ($exporter_name eq $probe) { >> >> - $num_include_probe++; >> >> - if ($num_include_probe < 2) { >> >> - $sensor_field .= $exporter_name; >> >> + foreach $sensor (@valid_sensors) { >> >> + if ($device_name_name eq $sensor) { >> >> + $num_include_sensor++; >> >> + if ($num_include_sensor < 2) { >> >> + $sensor_field .= $device_name_name; >> >> } else { >> >> - $sensor_field .= "," . $exporter_name; >> >> + $sensor_field .= "," . $device_name_name; >> >> } >> >> } >> >> } >> >> } >> >> >> >> - if ($exporter eq "") { last; } >> >> + if ($device_name eq "") { last; } >> >> } >> >> >> >> $sensor_field = " --sensors=" . $sensor_field; >> >> >> >> - $save_file .= "_" . $exporter_name; >> >> + $save_file .= "_" . $device_name; >> >> } >> >> >> >> # Set up Next Hop IP filtering, if any >> _______________________________________________ >> freebsd-ports@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-ports >> To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org" >> > > Here are the patches from above as attachments. I also attached a patch for tools/flowtracker_restart (inline at the end as well), which should go in /usr/local/etc/rc.d/, but it is just hacked together at this point to get it to start the collector/grapher tools. It doesn't look like the tools are working yet though since I see some errors in the FlowTracker_Collector.log (see below) and the graphs have a bunch of nans. The first line is most likely because it is missing the --data-rootdir= flag the second time rwfilter is called in the FlowTracker_Collector script, but I am not sure about why the other two errors are occurring. rwfilter: Site configuration file not found rwcount: Error processing headers on file '-': Unexpected end of file while reading header ERROR: /usr/local/www/flowviewer/rrdtools/outweb.rrd: illegal attempt to update using time 1393890300 when last update time is 1393890300 (minimum one second step) PATCH: --- tools/flowtracker_restart.orig 2014-03-02 20:50:32.000000000 -0500 +++ tools/flowtracker_restart 2014-03-02 23:59:39.000000000 -0500 @@ -11,9 +11,9 @@ # can be restarted using the following command: # sudo /etc/init.d/flowtracker_restart restart -FlowViewer=/var/www/cgi-bin/FlowViewer_4.2.1 -user=flowviewer -RRDTOOL_PATH=/usr/bin +FlowViewer=/usr/local/www/flowviewer +user=www +RRDTOOL_PATH=/usr/local/bin RETVAL=0 start() { @@ -21,9 +21,8 @@ for i in FlowTracker_Collector FlowTracker_Grapher; do echo Starting $i: - if ! /bin/su --shell=/bin/sh $user \ - -c "cd $FlowViewer && - nice -20 env PATH=$PATH:$RRDTOOL_PATH ./$i&"; then + if ! /usr/bin/su -m $user \ + -c "cd $FlowViewer && ./$i&"; then echo Problem starting $i >&2 RETVAL=1 fi [-- Attachment #2 --] --- FlowGrapher_Main.cgi.orig 2014-02-18 08:49:42.000000000 -0500 +++ FlowGrapher_Main.cgi 2014-02-18 09:09:58.000000000 -0500 @@ -535,7 +535,7 @@ $silk_flow_type =~ s/\s+//g; } - $data_root_dir = $silk_data_directory ."/". $device_name; + $data_root_dir = $silk_data_directory; # Prepare rwfilter start and end time parameters, filter criteria and window type [-- Attachment #3 --] --- FlowTracker_Collector.orig 2014-02-18 08:48:54.000000000 -0500 +++ FlowTracker_Collector 2014-02-18 09:09:58.000000000 -0500 @@ -303,7 +303,7 @@ # Set up silk data sources - $data_root_dir = $silk_data_directory ."/". $device_name; + $data_root_dir = $silk_data_directory; $silk_flow_type = ""; [-- Attachment #4 --] --- FlowTracker_Recreate.orig 2014-02-16 15:50:35.000000000 -0500 +++ FlowTracker_Recreate 2014-02-18 09:09:58.000000000 -0500 @@ -245,7 +245,7 @@ $cat_start = epoch_to_date($cat_start_epoch,"LOCAL"); $cat_end = epoch_to_date($cat_end_epoch,"LOCAL"); - $data_root_dir = $silk_data_directory ."/". $device_name; + $data_root_dir = $silk_data_directory; $silk_flow_type = ""; [-- Attachment #5 --] --- FlowViewer_Main.cgi.orig 2014-02-18 08:52:30.000000000 -0500 +++ FlowViewer_Main.cgi 2014-02-18 09:09:58.000000000 -0500 @@ -431,7 +431,7 @@ $silk_flow_type =~ s/\s+//g; } - $data_root_dir = $silk_data_directory ."/". $device_name; + $data_root_dir = $silk_data_directory; # Prepare rwfilter start and end time parameters [-- Attachment #6 --] --- Makefile.orig 2014-02-18 09:29:28.000000000 -0500 +++ Makefile 2014-02-18 09:41:48.000000000 -0500 @@ -23,6 +23,11 @@ USES= perl5 USE_PERL5= build +HAS_CONFIGURE= yes +OPTIONS_DEFINE= LOCALTIME +LOCALTIME_DESC= Use localtime instead of UTC + + MAN1= mapsid.1 num2dot.1 rwaddrcount.1 rwappend.1 \ rwbag.1 rwbagbuild.1 rwbagcat.1 rwbagtool.1 \ rwcat.1 rwcount.1 rwcut.1 rwdedupe.1 rwfglob.1 \ @@ -51,6 +56,13 @@ rwsender.8 NO_STAGE= yes + +.include <bsd.port.options.mk> + +.if ${PORT_OPTIONS:MLOCALTIME} +CONFIGURE_ARGS+=--enable-localtime +.endif + post-patch: @${REINPLACE_CMD} -e 's|echo aout|echo elf|' ${WRKSRC}/configure [-- Attachment #7 --] --- tools/flowtracker_restart.orig 2014-03-02 20:50:32.000000000 -0500 +++ tools/flowtracker_restart 2014-03-02 23:59:39.000000000 -0500 @@ -11,9 +11,9 @@ # can be restarted using the following command: # sudo /etc/init.d/flowtracker_restart restart -FlowViewer=/var/www/cgi-bin/FlowViewer_4.2.1 -user=flowviewer -RRDTOOL_PATH=/usr/bin +FlowViewer=/usr/local/www/flowviewer +user=www +RRDTOOL_PATH=/usr/local/bin RETVAL=0 start() { @@ -21,9 +21,8 @@ for i in FlowTracker_Collector FlowTracker_Grapher; do echo Starting $i: - if ! /bin/su --shell=/bin/sh $user \ - -c "cd $FlowViewer && - nice -20 env PATH=$PATH:$RRDTOOL_PATH ./$i&"; then + if ! /usr/bin/su -m $user \ + -c "cd $FlowViewer && ./$i&"; then echo Problem starting $i >&2 RETVAL=1 fi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHP1p-VD_RZpWd31424%2BRrRXWbY6QVOqVVJbBTK4=vXbDB2=ag>