search

ahusking / docker-flowviewer

1 stars 1 forks source link

Also working on FlowViewer? #1

Open richb-hanover opened 7 years ago

richb-hanover commented 7 years ago

Hi! I see you have recently updated a repository about FlowViewer. I'm working on it too, and wonder if we should work together.

My goal is to build an easy-to-install Docker image that has FlowViewer and SiLK, so that I can use for my home network (and others can use as well). I plan to configure my home router to export netflow data to this Docker container running on a computer here in my house.

What's your plan?

Best regards,

Rich Brown Lyme, NH USA

ahusking commented 7 years ago

I was trying to get an image that would build an image for flowviewer and all you had to do was edit your config.

I haven't looked at SiLK, but i used the flow-tools package and it seems to pull in netflow alright.

My only issue was I have been so far unable to get flowviewer to display any of the data on the web page.

Aside from that it's all pretty well built and working

On Mon, May 15, 2017 at 11:28 AM, Rich Brown notifications@github.com wrote:

Hi! I see you have recently updated a repository about FlowViewer. I'm working on it too, and wonder if we should work together.

My goal is to build an easy-to-install Docker image that has FlowViewer and SiLK, so that I can use for my home network (and others can use as well). I plan to configure my home router to export netflow data to this Docker container running on a computer here in my house.

What's your plan?

Best regards,

Rich Brown Lyme, NH USA

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/ahusking/docker-flowviewer/issues/1, or mute the thread https://github.com/notifications/unsubscribe-auth/AATo9u531j19jqayfRGnWuxJY4cAOtyPks5r56pPgaJpZM4Nak7c .

richb-hanover commented 7 years ago

To clarify: the problem is that FlowViewer doesn't retrieve/display the data from flow-tools?

I have also been looking at FlowViewer - I finally got the web pages to display, but decided to factor the html & cgi files into separate folders. See https://github.com/richb-hanover/FlowViewer for the factored files, and an improved installation script (halfway through the README). I have SiLK installed and collecting data, but have not figured out how to make FlowViewer get stats from SiLK...

I figure I need to read more of the FlowViewer docs...

ahusking commented 7 years ago

That is exactly my problem.

I'm probably going to have a go at ntopng later today and see if i have any more success with that.

richb-hanover commented 7 years ago

OK. I'll let you know if I have success with FlowViewer and a source of flow information.

ntopng looks really slick. You can find it bundled in a very nice virtual appliance from MCNC - a consortium of North Carolina (USA) schools. It's at: https://www.mcnc.org/events/training/cne-summer-webinars2015/archive Look for the "Probe Image"

It bundles ntop/ntopng, Cacti, Nagios, SmokePing, Rancid, and a couple other tools into a VirtualBox-compatible VM.

A warning about ntopng... ntopng is not a netflow/sflow collector on its own. Its current version requires nProbe to collect the flow information, and send it over a different protocol. The nProbe software requires an inexpensive license to use in a non-educational setting.

richb-hanover commented 7 years ago

Update: I now have SiLK installed and FlowViewer talking to RRDTool. That means that I can define a FlowMonitor, and see (empty) RRDtool plots. The problem was that I needed to start the following in my startup code:

I can also see flow data arriving to SiLK (using rwfilter --proto=0-255 --pass=stdout --type=all | rwcut) Next step is to see why data arriving to SiLK isn't making it to the RRD plots.

You can see the current state of the Dockerfile at https://github.com/richb-hanover/docker-silk-flowviewer