- Timestamp:
- 07/24/08 10:47:32 (15 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 11 modified
-
README (modified) (2 diffs)
-
conf/AS.txt (modified) (1 diff)
-
conf/IPv4_Subnet_Aggregation_based_on_SNMP_index.txt (modified) (1 diff)
-
conf/IPv4_Subnet_Aggregation_based_on_routers_ident.txt (modified) (1 diff)
-
conf/SNMP_INDEX.txt (added)
-
conf/routers.txt (modified) (1 diff)
-
conf/rules.txt (modified) (3 diffs)
-
src/dataFlowSet.c (modified) (3 diffs)
-
src/renetcolParam.h (modified) (2 diffs)
-
src/renetcolSender.c (modified) (3 diffs)
-
tool/check.sh (modified) (1 diff)
-
tool/renetcolGUI.py (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/README
r71 r73 26 26 27 27 ------------------------------------- 28 | Step 2: before configuration & start|28 | Step 2: before start | 29 29 ------------------------------------- 30 30 … … 49 49 50 50 We recommand to use the script *check.sh* (in tool/) to launch renetcol. 51 This script required in parameters the path to renetcol . This file MUST be edited.51 This script required in parameters the path to renetcol and you must edit the file. 52 52 We can also put the script in your root crontab to verify the collector state, 53 53 for exemple: -
trunk/conf/AS.txt
r60 r73 1 55112 32153 123221 65511 2 65215 3 65322 -
trunk/conf/IPv4_Subnet_Aggregation_based_on_SNMP_index.txt
r67 r73 1 19 5.98.247.0 242 19 5.98.248.0 243 19 5.98.249.0 244 19 5.98.250.0 245 19 5.98.251.0 246 19 5.98.252.0 241 192.168.247.0 24 2 192.168.248.0 24 3 192.168.249.0 24 4 192.168.250.0 24 5 192.168.251.0 24 6 192.168.252.0 24 -
trunk/conf/IPv4_Subnet_Aggregation_based_on_routers_ident.txt
r67 r73 1 19 5.221.248.0/24-152 19 5.221.249.0/24-213 19 5.221.250.0/24-174 19 5.221.252.0/24-121 192.168.248.0/24-15 2 192.168.249.0/24-21 3 192.168.250.0/24-17 4 192.168.252.0/24-12 -
trunk/conf/routers.txt
r71 r73 1 0 Name 0.0.0.5 null 2 1 Besancon 0.0.0.1 null 3 2 Bordeaux 0.0.0.2 0.0.0.12 4 3 Caen 0.0.0.3 null 5 4 Clermont 0.0.0.4 0.0.0.42 1 1 router1 192.68.0.1 null 2 2 router2 192.68.0.2 null 3 3 router3 192.68.0.3 null 4 4 router4 192.68.0.4 null -
trunk/conf/rules.txt
r47 r73 1 1 # This file is an exemple 2 # you must create your own rules2 # you must create your own filters 3 3 4 4 # #: commented line 5 # N: rulename (string without space)5 # N: filter name (string without space) 6 6 # O: output type (only socket in this release) 7 7 # C: check field : C <field ID> <operator> <value> … … 15 15 # Example 16 16 # Dump on 10.0.01:1111 all MPLS flow (field 46 = 5) 17 #N test_MPLS 18 #O socket 10.0.0.1 1111 19 #C 46 = 5 17 # Get this rule enable because the collector don't start without filter 18 N BUG 19 O socket 127.0.0.1 1111 20 C 60 = 38 20 21 21 22 # Example 22 # This ruledepends on functionnality not present in this release23 # This filter depends on functionnality not present in this release 23 24 # from TCP flows 24 25 # prefix aggregation … … 31 32 32 33 # Example 33 # This ruledepends on functionnality not present in this release34 # This filter depends on functionnality not present in this release 34 35 # get all flows whom size between 15 & 16 Mo 35 36 # record all fields in a file -
trunk/src/dataFlowSet.c
r72 r73 153 153 * progression in a data flow Set 154 154 * notes: 155 * 48=header ip + header netf 156 * shift = shift if there is a template declaration 155 * 48= IP header size + NetFlow header size 156 * shift = shift because we have a template declaration 157 * inside data templates 157 158 */ 158 159 cpt++; … … 273 274 (*myPtrs->offsetV9Ptr)++; 274 275 /* FIXME : here , add a check on the field type */ 275 if ((pftmp->fieldType==8)||(pftmp->fieldType==12)){ 276 if ((pftmp->fieldType==8)||(pftmp->fieldType==12) 277 ||(pftmp->fieldType==15)||(pftmp->fieldType==18)){ 276 278 if ((((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->stor.lvalue) 277 279 == (*((unsigned long*)&buffer4))>>(32-((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask)<<(32-((RuleDefPtr)(*(myPtrs->rulesAddressPtr+pos)))->value->mask) ) … … 804 806 * the process renetcolSender with an IPC message queue. But, the perf 805 807 * of IPC Msg was very bad with a default system compilation. 806 * So, now, we send information directly from here viasockets.808 * So, now, we send information directly from here through sockets. 807 809 */ 808 810 tmpRuleList = myPtrs->rulesListPtr; -
trunk/src/renetcolParam.h
r65 r73 48 48 * FILE with your prefix/subnet 49 49 */ 50 #define SUBNETS_LIST "<path to renetcol>/renetcol-0.0.12beta/conf/IPv4_ prefix.txt"50 #define SUBNETS_LIST "<path to renetcol>/renetcol-0.0.12beta/conf/IPv4_Subnet_Aggregation_based_on_SNMP_index.txt" 51 51 /* 52 52 * FILE with the list of AS with accounting … … 67 67 * tagged "C"ustomers or "B"ackbone 68 68 */ 69 #define INTERFACES_TYPE_LIST " "69 #define INTERFACES_TYPE_LIST "<path to renetcol>/renetcol-0.0.12beta/conf/SNMP_INDEX.txt" 70 70 /* 71 71 * maximum SNMP index -
trunk/src/renetcolSender.c
r72 r73 52 52 FILE *ruleFile; 53 53 FILE *tmpFile; 54 char field[4];55 54 char port[6]; 56 char value[44];57 55 char filters[249]; 58 char operator[2];59 char poubelle[2];60 56 char lines[256][256]; 61 57 char line[256]; … … 66 62 int i = 0; 67 63 int ruleToDelete = 0; 64 static char * fields; 68 65 69 66 while (1){ … … 131 128 } else { 132 129 /* NEW RULE */ 133 /* if (sscanf(buffer, "%s %s %1s %s\n",*/ 134 /* port, */ 135 /* field, */ 136 /* operator, */ 137 /* value) == 0) { */ 138 if (sscanf(buffer, "%s %1s %s\n", 139 port, 140 poubelle, 141 filters) == 0) { 142 syslog (LOG_ERR, "error in recept rule: %s", buffer); 143 close(sock); 144 return 1; 145 } 130 if (sscanf(buffer, "%s %s\n", 131 port, 132 filters) == 0) { 133 syslog (LOG_ERR, "error in rule syntax: %s", filters); 134 close(sock); 135 return 1; 136 } 137 subsstr(filters); 146 138 if (!(ruleFile = fopen(RULES_FILE, "a"))) { 147 148 149 139 syslog (LOG_ERR, "error during %s opening", RULES_FILE); 140 close(sock); 141 return 1; 150 142 } else { 151 152 153 /* fprintf(ruleFile, "C %s %s %s\n", field, operator, value); */ 154 fprintf(ruleFile, "%s\n", filters);155 fclose(ruleFile); 156 } 143 fprintf(ruleFile, "N %s\n", host); 144 fprintf(ruleFile, "O socket %s %s\n", host, port); 145 fprintf(ruleFile, "%s\n", filters); 146 fclose(ruleFile); 147 } 148 157 149 } 158 150 } -
trunk/tool/check.sh
r57 r73 14 14 echo "renetcolMsgCtl started" 15 15 sleep 2 16 $1/src/renetcol $1/src/info_routeur_netflow.txt $1/src/donneesblocsadresses2 $1/src/rules.txt16 $1/src/renetcol 17 17 echo "renetcol restarted" 18 $1/src/renetcolSender $1/src/renetcol 1 $1/src/rules.txt18 $1/src/renetcolSender $1/src/renetcol 1 19 19 echo "renetcolSender restarted" 20 20 $1/src/renetcolAgg -
trunk/tool/renetcolGUI.py
r72 r73 52 52 collectorAddr = "127.0.0.1" 53 53 collectorAddr6 = "0::" 54 collectorPort = 52571 # if you change it, apply the modification on 55 # the renetcolSender.h file and recompil the collector 54 collectorPort = 52571 # if you change this port number, apply the 55 # modification on the renetcolSender.h file 56 # and you'll need a new compilation of the colllector 56 57 ############################################################################## 57 58 … … 599 600 old_record_file.close() 600 601 now2 = time.time() 601 reste = 86400-(operator.mod(now2,86400))602 myTimer = threading.Timer(3 00.0,timer_action)602 reste = 360-(operator.mod(now2,360)) 603 myTimer = threading.Timer(360.0,timer_action) 603 604 myTimer.start() 604 605 … … 612 613 print "STARTING RECORD ROTATION" 613 614 now2 = time.time() 614 reste = 86400-(operator.mod(now2,86400))615 myTimer = threading.Timer(3 00.0,timer_action)615 reste = 360-(operator.mod(now2,360)) 616 myTimer = threading.Timer(360,timer_action) 616 617 myTimer.start() 617 618 if widget.get_active() == 0: … … 695 696 coll_window.show_all() 696 697 if (is_already_see==0): 697 info_dialog(widget, None, "You should register edonly one rule for each GUI parser ! Think of using the DELETE button !")698 info_dialog(widget, None, "You should register only one rule for each GUI parser ! Think of using the DELETE button !") 698 699 is_already_see=1 699 700
