vportscan aggregation logger does not work

CESNET / Nemea-Modules

Base modules of the Nemea system. This repository contains modules for export, replay, filtering, merging etc.

Other

15 stars 20 forks source link

vportscan aggregation logger does not work #75

Closed thorgrin closed 6 years ago

thorgrin commented 6 years ago

When I try to run vportscan aggregation logger, it fails:

vportscan_agg_logger_stderr:

Fri Jul 13 16:07:46 2018 [INFO] Supervisor - executed command: /usr/bin/nemea/logger   -t   -T   -a   /data/vportscan/alerts.log   -i   t:12005   (null)
trap_recv() error: output and input interfaces data formats or data specifiers mismatch.

I have verified that the port 12005 belongs to the vportscan_aggregator. Is there anything else that I can check or do to make it work? Thanks

thorgrin commented 6 years ago

Ok, I've been told that i need to run json_dump.py instead of logger. This should be documented.

jaroslavh commented 6 years ago

If I understand it right - you used it this way:

vportscan_detector --> vportscan_aggregator --> logger FAIL

Proper usage is: vportscan_detector --> vportscan_aggregator --> json_dump.py OK

https://github.com/CESNET/Nemea-Detectors/blob/master/vportscan_detector/vportscan_aggregator.py#L121 here vportscan_aggregator is set to JSON demanding json_dump.py to connect instead of logger which is not documented anywhere.

If I got it right please notify me @thorgrin and I will update the documentation of vportscan_detector.

thorgrin commented 6 years ago

Yes, this is exactly the case. Just updating the docs so that it is clear when the module outputs unirec and when JSON should be enough.

jaroslavh commented 6 years ago

Created a pull-request for this. @thorgrin please review :)