Closed Alferez closed 4 years ago
Hello!
Please careful check all lines in networks list about space/unknown sumbols ans other things.
Also, please try to run FNM under gdb ans produce backtrace command when it fails.
On Mon, 18 Sep 2017 at 09:33, José A. Alférez notifications@github.com wrote:
Hello, I have two servers with version 1.1.3 installed and in both I have the same problem:
[root@fastnetmonsvq /]# /opt/fastnetmon/fastnetmon Segmentation fault (core dumped)
One of the servers had an older version and it worked fine, but I do not know at what point it was updated and now it gives that failure. The other server is new installation and the fault is the same.
Two servers are Debian 8.7
logging:local_syslog_logging = on
logging:remote_syslog_logging = off
logging:remote_syslog_server = 10.10.10.10 logging:remote_syslog_port = 514
enable_ban = on
process_incoming_traffic = on process_outgoing_traffic = off
ban_details_records_count = 500
ban_time = 300
unban_only_if_attack_finished = on
enable_subnet_counters = on
networks_list_path = /etc/networks_list
white_list_path = /etc/networks_whitelist
check_period = 1
enable_connection_tracking = off
ban_for_pps = on ban_for_bandwidth = on ban_for_flows = on
threshold_pps = 450000 threshold_mbps = 3000 threshold_flows = 200000
threshold_tcp_mbps = 2000 threshold_udp_mbps = 2000 threshold_icmp_mbps = 2000
threshold_tcp_pps = 200000 threshold_udp_pps = 200000 threshold_icmp_pps = 200000
ban_for_tcp_bandwidth = off ban_for_udp_bandwidth = off ban_for_icmp_bandwidth = off
ban_for_tcp_pps = off ban_for_udp_pps = off ban_for_icmp_pps = off
mirror = off
pfring_sampling_ratio = 1
mirror_netmap = off
mirror_snabbswitch = off
mirror_afpacket = off
interfaces = eth0
netmap_sampling_ratio = 1
netmap_read_packet_length_from_ip_header = off
pcap = off netflow = on sflow = off
enable_pf_ring_zc_mode = off
interfaces = docker0,eth0
average_calculation_time = 30
average_calculation_time_for_subnets = 60
netflow_port = 2055 netflow_host = 0.0.0.0
netflow_sampling_ratio = 1
netflow_divide_counters_on_interval_length = off
sflow_port = 6343 sflow_host = 0.0.0.0
notify_script_path = /usr/local/bin/notify_about_attack.sh
notify_script_pass_details = on
collect_attack_pcap_dumps = off
process_pcap_attack_dumps_with_dpi = off
redis_enabled = off
redis_port = 6379 redis_host = 127.0.0.1
redis_prefix = mydc1
mongodb_enabled = off mongodb_host = localhost mongodb_port = 27017 mongodb_database_name = fastnetmon
pfring_hardware_filters_enabled = off
exabgp = off exabgp_command_pipe = /var/run/exabgp.cmd exabgp_community = 65001:666
exabgp_next_hop = 10.0.3.114
exabgp_announce_host = on
exabgp_announce_whole_subnet = off
exabgp_flow_spec_announces = off
gobgp = off gobgp_next_hop = 0.0.0.0 gobgp_announce_host = on gobgp_announce_whole_subnet = off
graphite = on graphite_host = 93.93.68.33 graphite_port = 2003
graphite_prefix = fastnetmon
monitor_local_ip_addresses = on
hostgroup = my_hosts:10.10.10.221/32,10.10.10.222/32
my_hosts_enable_ban = off
my_hosts_ban_for_pps = off my_hosts_ban_for_bandwidth = off my_hosts_ban_for_flows = off
my_hosts_threshold_pps = 20000 my_hosts_threshold_mbps = 1000 my_hosts_threshold_flows = 3500
pid_path = /var/run/fastnetmon.pid
cli_stats_file_path = /tmp/fastnetmon.dat
enable_api = off
sort_parameter = packets max_ips_in_list = 7
We use Netflow from 2 Mikrotik CCR1072.
In log i see this:
2017-09-18 10:23:00,127 [INFO] Logger initialized! 2017-09-18 10:23:00,127 [ERROR] Can't parse config line: 'ban_for_tcp_pps = off ' 2017-09-18 10:23:00,127 [WARN] We add subnet 10.10.10.221/32 to host group my_hosts 2017-09-18 10:23:00,127 [WARN] We add subnet 10.10.10.222/32 to host group my_hosts 2017-09-18 10:23:00,127 [INFO] We have created host group my_hosts with 2 subnets 2017-09-18 10:23:00,127 [INFO] We have configured local syslog logging corectly 2017-09-18 10:23:00,127 [INFO] We will read ban settings for my_hosts 2017-09-18 10:23:00,130 [INFO] Read configuration file 2017-09-18 10:23:00,130 [INFO] We start local syslog logging corectly 2017-09-18 10:23:00,130 [INFO] We loaded 29 networks from whitelist file 2017-09-18 10:23:00,130 [INFO] We are working on Linux and could use ip tool for detecting local IP's 2017-09-18 10:23:00,139 [INFO] We found 3 local IP addresses and will monitor they 2017-09-18 10:23:00,139 [INFO] We loaded 74 networks from networks file 2017-09-18 10:23:00,139 [INFO] Totally we have 76 IPv4 subnets 2017-09-18 10:23:00,139 [INFO] Totally we have 0 IPv6 subnets
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/pavel-odintsov/fastnetmon/issues/686, or mute the thread https://github.com/notifications/unsubscribe-auth/ACnfZopBGy2XP3wqAHtQ7Vi-0ENQqjOhks5sjirpgaJpZM4Pak9e .
-- Sincerely yours, Pavel Odintsov
Many thanks, indeed an ip was misconfigured, the value was 1185. instead of 185.
My error, both are already working, being a copy of the first server copied the configuration between them, so that doubled the problem.
Would it be possible to check these lists for a future version? I see that with the .conf a check is made discarding what is not correct. I think it can be a good feature even if the startup is a bit slower.
Best Regards.
Hello!
Awesome!
We have data validation on list of mandatory features but with pretty low priority.
Please keep this ticket open to track this issue
On Mon, 18 Sep 2017 at 10:21, José A. Alférez notifications@github.com wrote:
Many thanks, indeed an ip was misconfigured, the value was 1185. instead of 185.
My error, both are already working, being a copy of the first server copied the configuration between them, so that doubled the problem.
Would it be possible to check these lists for a future version? I see that with the .conf a check is made discarding what is not correct. I think it can be a good feature even if the startup is a bit slower.
Best Regards.
— You are receiving this because you commented.
Reply to this email directly, view it on GitHub https://github.com/pavel-odintsov/fastnetmon/issues/686#issuecomment-330167523, or mute the thread https://github.com/notifications/unsubscribe-auth/ACnfZoOZ5vXglZe_OPmqP0D4dL-rTAeVks5sjjX_gaJpZM4Pak9e .
-- Sincerely yours, Pavel Odintsov
Sincerely the product is incredible, but above the support is unbeatable.
Best Regards.
Thanks :) Asked json-c guys also about plans to make release.
json-c cut new version recently: https://github.com/json-c/json-c/issues/314#issuecomment-350191645
Could you check it and then I will bump version for FastNetMon?
We've migrated to new json-c and you can install it this way:
sudo perl fastnetmon_install.pl --use-git-master
Hello, I have two servers with version 1.1.3 installed and in both I have the same problem:
[root@fastnetmonsvq /]# /opt/fastnetmon/fastnetmon Segmentation fault (core dumped)
One of the servers had an older version and it worked fine, but I do not know at what point it was updated and now it gives that failure. The other server is new installation and the fault is the same.
Two servers are Debian 8.7
We use Netflow from 2 Mikrotik CCR1072.
In log i see this: