search

ntop / n2disk

Open source components and extensions for n2disk
498 stars 11 forks source link

Problems still with Closed Issue #28 npcapmove #30

Closed Arislen closed 4 years ago

Arislen commented 4 years ago

Updated system to RPM:

n2disk-3.5.200609-5207.x86_64

Testing fix from Issue #28

npcapextract -t /var/log/he/timeline -b "2020-06-06 13:25:43" -e "2020-06-06 13:27:55" -l /var/log/he/1591462478.559411/1591464452.656624.pcap

npcapmove /var/log/he/1591462478.559411/1591464452.656624.pcap /var/log/he/pp /var/log/he/pp/timeline Files moved to: /var/log/he/pp/1591464452.656624.pcap
/var/log/he/pp/1591464452.656624.pcap.idx
/var/log/he/pp/1591464452.656624.pcap.idx.timeline
/var/log/he/pp/1591464452.656624.pcap.timeline /var/log/he/pp/timeline/2020/06/06/13/20/1591464452.656624.pcap
/var/log/he/pp/timeline/2020/06/06/13/20/1591464452.656624.pcap.idx

npcapextract -t /var/log/he/timeline -t /var/log/he/pp/timeline -b "2020-06-06 13:25:43" -e "2020-06-06 13:28:55" -l /var/log/he/1591462478.559411/1591464487.478214.pcap /var/log/he/1591462478.559411/1591464522.296704.pcap ../../../../../../1591464452.656624.pcap

npcapmove still creates relative paths for the links.

Trying to use npcapextract to reference these files is difficult because the output between n2disk created timelines and npcapmove timeline returns is different.

Thanks for looking into this again.

cardigliano commented 4 years ago

@Arislen please reopen the same issue instead of creating a new one. I am aware npcapmove still creates relative paths, however managing/deleting pcaps should work now removing all references, isn't it the case?

Arislen commented 4 years ago

Sorry for the confusion, I wasn't aware that I could reopen a closed issue if I didn't close it myself. Is there a way in the future I can do that?

Yes, npcapmanage now deletes all references. I misread your last comment in the closed issue #28 thinking the fix pushed out entailed a correction to having relative paths.

The output of npcapextract still is a concern (if I have more than 2 timeline directories that I npcapmove pcaps to, I can't tell which directory contains the pcap I want).

If that is the current default behavior for npcapmove, I will have to write a wrapper that converts npcapmove files to absolute paths so it will be useful to scan with npcapextract.

Thanks for looking into this!

cardigliano commented 4 years ago

@Arislen npcapmove now accepts the -a option to generate absolute paths. This will be available later today with the next package build.