Email output needs to be fixed / Some suggestions

[mail3dexter]

Ref : The subject says "FastNetMon Guard: IP X.X.X.X blocked because outgoing attack with power 69340 pps"

1. Even though i have set ban=no, the subject is saying IP: X.X.X.X blocked which horrify some of the management :smile: If possible change it to something else like "FastNetMon Guard: IP 50.58.197.26 DDoS alert because outgoing attack with power 69340 pps"
2. Even though the attack was due to high bandwidth (mbps), the subject says it was due to power with xxx pps rather power of xxxmbps
3. The flow output in the email sometimes properly shows timestamps whereas sometimes it messes it up. E.g.: 2015-08-10 18:36:16.000000 X.X.X.X:80 > Y.Y.Y.Y:35623 protocol: tcp flags: psh,ack frag: 0 packets: 1 size: 1500 bytes ttl: 0 sample ratio: 1024

Suggestions:

1. The flow output if shown in tabular form with scroll would be nice because it makes email too log. http://prntscr.com/833qht
2. Support to send logs to syslog server for better storage and analysis.
3. Ability to turn on/off NetFlow related logs E.g: [root@FastNetMon tmp]# tail -n 50 /var/log/fastnetmon.log 2015-08-10 19:34:31,720 [INFO] NetFlow v5 from: 172.16.211.6 start: 2912260877 finish: 2912265663 interval length:4
4. Upgrade script for already installed FastNetMon.
5. Graphs from Graphite for attacked IP / subnet showing attack magnitude may be in pps/mbps etc

[pavel-odintsov]

Hello!

Thanks for awesome feedback! I have fixed issue with netflow log messages.

So I have created new issue about ssylog https://github.com/FastVPSEestiOu/fastnetmon/issues/365 and have implemented it too :)

Message subject you could change inside notify_script.

Upgrade code is already working but we are moving really fast and better option to do new install each time when you want new version.

[robertoberto]

Pavel can output be formatted as json? So I can create a python script to parse and send email and contribute Em ter, 11 de ago de 2015 às 06:42, Pavel Odintsov notifications@github.com escreveu:

Hello!

Thanks for awesome feedback! I have fixed issue with netflow log messages.

So I have created new issue about ssylog #365 https://github.com/FastVPSEestiOu/fastnetmon/issues/365 and have implemented it too :)

Message subject you could change inside notify_script.

Upgrade code is already working but we are moving really fast and better option to do new install each time when you want new version.

— Reply to this email directly or view it on GitHub https://github.com/FastVPSEestiOu/fastnetmon/issues/364#issuecomment-129792854 .

[mail3dexter]

Tried updating to newer code before 5-6 hours and FastNetMon is not detecting attack. Checked and compared old / new config files and also checked notify_script.

Also, tried integrating with graphite, it is giving me error 2015-08-12 16:39:49,863 [ERROR] Can't store data to Graphite 2015-08-12 16:39:49,887 [ERROR] Can't store data to Graphite

however I saw few graphs and they are getting plotted. Can you provide more description to that error ?

[pavel-odintsov]

Hello!

It's not critical error. For some reasons (Graphite server restart?) we can't store data here. Please offer complete log to me pavel.odintsov@gmail.com

And I have added json encoding when store data to Redis.

[zozo6015]

Hello, I have just installed this tool and configured it to work with influxdb using the documentations provided. When I start I can see the following errors in the log files: 2015-09-21 06:28:46,290 [ERROR] Can't store data to Graphite 2015-09-21 06:28:47,291 [ERROR] Can't store data to Graphite

Note we are not using Graphite server so we cannot restart it. Any solution?

[pavel-odintsov]

Hello!

We use same backend ("graphite") for Influx and Graphite. So it speak about problems on Influx side.