Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 18 Feb 2014 10:33:46 -0500
From:      Chad Gross <avatar4d@gmail.com>
To:        freebsd-ports@freebsd.org
Cc:        lx@freebsd.org, samm@os2.kiev.ua
Subject:   [patch] net-mgmt/flowviewer and security/silktools patches
Message-ID:  <CAHP1p-Xq_Kct7=U3nXsPO_ariQZ7x=vc3ybXj7ekMjmG_iR4uA@mail.gmail.com>

next in thread | raw e-mail | index | archive | help
I managed to configure net-mgmt/flowviewer with security/silktools, but had
to make some modifications to get it working. FlowViewer is configured by
defaut to pass the $silk_data_dir + $device_name as the root data directory
to the rwfilter tool, when the root directory should be the same as
$silk_data_dir. I've confirmed it is still the configured this way in the
latest version (4.3, released 2/11/14) so I could be misconfiguring
something, but I don't see how since I following the documentation (
http://sourceforge.net/projects/flowviewer/files/FlowViewer.pdf/download).
I also manually ran the commands out of working/DEBUG_VIEWER and it
produced nothing until I updated --data-rootdir=/data/flows/S0 to
 --data-rootdir=/data/flows.

Here are patches for the 4 affected files:


--- FlowGrapher_Main.cgi.orig   2014-02-18 08:49:42.000000000 -0500

+++ FlowGrapher_Main.cgi        2014-02-18 09:09:58.000000000 -0500

@@ -535,7 +535,7 @@

                $silk_flow_type =~ s/\s+//g;

        }



-       $data_root_dir = $silk_data_directory ."/". $device_name;

+       $data_root_dir = $silk_data_directory;



        # Prepare rwfilter start and end time parameters, filter criteria
and window type


--- FlowTracker_Recreate.orig   2014-02-16 15:50:35.000000000 -0500

+++ FlowTracker_Recreate        2014-02-18 09:09:58.000000000 -0500

@@ -245,7 +245,7 @@

                        $cat_start =
epoch_to_date($cat_start_epoch,"LOCAL");

                        $cat_end   = epoch_to_date($cat_end_epoch,"LOCAL");



-                       $data_root_dir = $silk_data_directory ."/".
$device_name;

+                       $data_root_dir = $silk_data_directory;



                        $silk_flow_type = "";



--- FlowTracker_Collector.orig  2014-02-18 08:48:54.000000000 -0500

+++ FlowTracker_Collector       2014-02-18 09:09:58.000000000 -0500

@@ -303,7 +303,7 @@



                        # Set up silk data sources



-                       $data_root_dir = $silk_data_directory ."/".
$device_name;

+                       $data_root_dir = $silk_data_directory;



                        $silk_flow_type = "";



--- FlowViewer_Main.cgi.orig    2014-02-18 08:52:30.000000000 -0500

+++ FlowViewer_Main.cgi 2014-02-18 09:09:58.000000000 -0500

@@ -431,7 +431,7 @@

                 $silk_flow_type =~ s/\s+//g;

         }



-        $data_root_dir = $silk_data_directory ."/". $device_name;

+        $data_root_dir = $silk_data_directory;



         # Prepare rwfilter start and end time parameters




I also found that security/silktools uses UTC by default, but has a
configuration option to enable localtime (
https://tools.netsa.cert.org/silk/faq.html#timestamp-mismatch).

Here is a patch to the Makefile containing a config option for localtime:


--- /usr/ports/silktools/Makefile.orig  2014-02-18 09:29:28.000000000 -0500

+++ /usr/ports/silktools/Makefile       2014-02-18 09:41:48.000000000 -0500

@@ -23,6 +23,11 @@

 USES=          perl5

 USE_PERL5=     build


+HAS_CONFIGURE= yes

+OPTIONS_DEFINE= LOCALTIME

+LOCALTIME_DESC= Use localtime instead of UTC

+

+

 MAN1=  mapsid.1 num2dot.1 rwaddrcount.1 rwappend.1 \

        rwbag.1 rwbagbuild.1 rwbagcat.1 rwbagtool.1 \

        rwcat.1 rwcount.1 rwcut.1 rwdedupe.1 rwfglob.1 \

@@ -51,6 +56,13 @@

                rwsender.8


 NO_STAGE=      yes

+

+.include <bsd.port.options.mk>

+

+.if ${PORT_OPTIONS:MLOCALTIME}

+CONFIGURE_ARGS+=--enable-localtime

+.endif

+

 post-patch:

        @${REINPLACE_CMD} -e 's|echo aout|echo elf|' ${WRKSRC}/configure



Thanks,


Chad



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHP1p-Xq_Kct7=U3nXsPO_ariQZ7x=vc3ybXj7ekMjmG_iR4uA>