FlowViewer + silk (stuck at no-device issue)

[binaryrev]

I have recently migrated from ntopng to flowviewer + silk due to issues of support and license issues. My config is as FlowViewer_Configuration.pm :-

$version = "4.6";
#$no_devices_or_exporters = "N";
#@devices = ("router_1","router_2","router_3","router_4","router_5","router_6"); # for flow-tools
@ipfix_devices = (); # for SiLK, if none: @ipfix_devices = ();
@ipfix_storage = ("router_ipfix_1:15G","router_ipfix_2:10G"); # If using FlowViewer_CleanSilk, set to storage requirements for $
$ipfix_default_device = "site"; # All initial, blank forms will have this selected instead of "Select Device"
#@exporters = ("192.168.200.1:New York Router","192.168.200.2:Prague Router");
@exporters = ();

Currently, I see no permission errors as I open FV.cgi with my browser. My scenario (for testing).

1. Laptop / standalone / virtual BOX running both silk and flowViewer
2. Base o/s is ubuntu server edition 64bit 15.0

$silk_data_directory = "/data";
$silk_bin_directory = "/usr/local/bin";
$site_config_file = "/data/flows/silk.conf"; # If left blank, will look for silk.conf in specified Data Rootdir (see User'$
$sensor_config_file = "/data/sensor.conf";
$silk_compiled_localtime = ""; # Set to "Y" if you compiled SiLK with --enable-localtime switch

I'm in testing mode, so I generated a large pcap using tcpreplay tool and it worked. Yaf was running as:-

sudo nohup /usr/local/bin/yaf --silk --ipfix=tcp --live=pcap --out=127.0.0.1 \ --ipfix-port=18001 --in=eth0 --applabel --max-payload=384 &

output for
/usr/local/bin/rwfilter --sensor=S0 --proto=0-255 --pass=stdout --type=all | rwcut | tail

silkman@Silky-flows:~$ /usr/local/bin/rwfilter --sensor=S0 --proto=0-255 --pass=stdout --type=all | rwcut | tail
192.168.3.131| 208.82.236.129|58264| 80| 6| 9| 1478|FS PA |2015/09/11T14:26:00.666| 0.177|2015/09/11T14:26:00.843| S0|
208.82.236.129| 192.168.3.131| 80|58264| 6| 7| 736|FS PA |2015/09/11T14:26:00.666| 0.177|2015/09/11T14:26:00.843| S0|
192.168.3.131| 208.82.236.129|58265| 80| 6| 10| 1636|FS PA |2015/09/11T14:26:00.796| 0.174|2015/09/11T14:26:00.970| S0|

My directory layout /data is

/data
├── ext2ext
│   └── 2015
│   └── 09
│   └── 11
│   └── ext2ext-S0_20150911.14
├── in
│   └── 2015
│   └── 09
│   └── 10
│   ├── in-S0_20150910.20
│   └── nohup.out
├── int2int
│   └── 2015
│   └── 09
│   └── 10
│   └── int2int-S0_20150910.20
├── nohup.out
├── out
│   └── 2015
│   └── 09
│   └── 10
│   └── out-S0_20150910.20
├── outweb
│   └── 2015
│   └── 09
│   └── 11
│   └── ow-S0_20150911.14
├── sensors.conf
└── silk.conf

Silk.conf

#The layout of the tree below SILK_DATA_ROOTDIR.
\ #Use the default, which assumes a single class.
#path-format "%T/%Y/%m/%d/%x"

My two big issues now:-

1) @ipfix_devices what to put in the field/array. My dir has no "devices" (see linked pics also)!

2) My GUI does it look ok?

Sorry for large post, I tried to include as much info I can to help troubleshoot.

Thanks

[Joe Loiacono]

Binaryrev,

You need to copy the cascading style sheets (css) file, FlowViewer.css into your $report_directory.

Joe

[binaryrev]

Thanks Joe,

-rwxrwxr-x 1 silkman silkman 17913 Sep 11 22:04 FlowViewer.css
drwxrwxrwx 2 www-data www-data 4096 Sep 11 22:04 FlowViewer

It doesn't seem to work. Also, I'm not sure if "select device" will change or remain as it is.

[binaryrev]

Joe,

Any suggestion on UI issue? thanks

[binaryrev]

Issue solved Joe:) I used firebug addon on FF to see .css was referenced correctly. I fixed it in .pm file now UI issue is fixed.