Help configuring FlowViewer for Silk
FlowViewer is a web-based netflow data analysis tool.
Brought to you by:
jloiacon
Menu
▾
▴
I have installed FlowViewer on a Ubuntu system which has Silk tools already installed and collecting data already, I installed FlowViewer and fixed all the directory and permissions issues that came up.
However when I run FlowViewer I do not see any of the existing Silk sensors in the devices drop down menu.
This is my FlowViewer_Configuration.pm file:
72 $reports_directory = "/var/www/html/FlowViewer";
73 $reports_short = "/FlowViewer";
74 $graphs_directory = "/var/www/html/FlowGrapher";
75 $graphs_short = "/FlowGrapher";
76 $monitor_directory = "/var/www/html/FlowMonitor";
77 $monitor_short = "/FlowMonitor";
78 $cgi_bin_directory = "/var/www/cgi-bin/FlowViewer_4.6";
79 $cgi_bin_short = "/cgi-bin/FlowViewer_4.6";
80 $work_directory = "/var/www/cgi-bin/FlowViewer_4.6/Flow_Working";
81 $save_directory = "/var/www/html/FlowViewer_Saves";
82 $save_short = "/FlowViewer_Saves";
83 $names_directory = "/var/www/cgi-bin/FlowViewer_4.6";
84 $ipset_directory = "/var/www/cgi-bin/FlowViewer_4.6"; # Where FlowViewer can find IPset files
85 $filter_directory = "/var/www/cgi-bin/FlowMonitor_Files/FlowMonitor_Filters";
86 $rrdtool_directory = "/var/www/cgi-bin/FlowMonitor_Files/FlowMonitor_RRDtool";
87 $dashboard_directory = "/var/www/html/FlowViewer_Dashboard";
88 $dashboard_short = "/FlowViewer_Dashboard";
89 #@other_dashboards = (); # Set to empty if you have just the one nominal Dashboard
90 @other_dashboards = ("/var/www/html/SOC","/var/www/html/NetOps");
91 #@dashboard_titles = (); # Set to empty if you have just the one nominal Dashboard
92 @dashboard_titles = ("Performance","SOC","NetOps"); # titles must be in the same order as the directories
93
94 $flow_data_directory = "";
95 $exporter_directory = "";
96 $flow_bin_directory = "";
97 $rrdtool_bin_directory = "/usr/bin";
98
99 # SiLK parameters
100
101 $silk_data_directory = "/data";
102 $silk_bin_directory = "/usr/local/bin";
103 $site_config_file = "/data/silk.conf"; # If left blank, will look for silk.conf in specified Data Rootdir (see User's Guide)
104 $sensor_config_file = "/data/sensors.conf";
105 $silk_compiled_localtime = ""; # Set to "Y" if you compiled SiLK with --enable-localtime switch
106
107 $silk_capture_buffer_pre = (125 * 60); # Start of SiLK file concatenation
108 $silk_capture_buffer_post= (5 * 60); # End of SiLK file concatenation
109
110 $silk_init_loadscheme = 1; # For Flows Initiated/Second - see SiLK rwcount documentation
111 $silk_active_loadscheme = 5; # For Flows Active/Second - see SiLK rwcount documentation
112 $silk_class_default = ""; # General SiLK file structure info. silk.conf, sensor.conf
113 $silk_flowtype_default = ""; # General SiLK file structure info. silk.conf, sensor.conf
114 $silk_type_default = "all"; # General SiLK file structure info. silk.conf, sensor.conf
115 $silk_sensors_default = ""; # General SiLK file structure info. silk.conf, sensor.conf
116 $silk_switches_default = ""; # General SiLK file structure info. silk.conf, sensor.conf
117
118 # General parameters
119
120 $version = "4.6";
121 $no_devices_or_exporters = "N"; # Applies to special flow-tools environments only
122 @devices = (""); # for flow-tools
123 @ipfix_devices = ("rtr-hq-2","fw-hq-1","fw-hq-2","fw-hq-int1","fw-dr-1","rtr-dr-2","probe-hq-1 nprobe-hq-2"); # for SiLK, if none: @ipfix_devices = ();
124 @ipfix_storage = (""); # If using FlowViewer_CleanSilk, set to storage requirements for each device
125 $ipfix_default_device = ""; # All initial, blank forms will have this selected instead of "Select Device"
126 #@exporters = ("192.168.200.1:New York Router","192.168.200.2:Prague Router");
127 @exporters = ();
The Silk directory structure is as follows, I deleted most of the output:
1 /data
2 ├── fw-dr-1
3 │ ├── ext2ext
4 │ │ └── 2015
5 │ │ └── 09
6 │ │ └── 03
7 │ │ └── ext2ext-fw-dr-1_20150903.20
8 │ ├── in
9 │ │ └── 2015
10 │ │ └── 09
11 │ │ └── 03
12 │ │ └── in-fw-dr-1_20150903.20
13 │ ├── innull
14 │ │ └── 2015
15 │ │ └── 09
16 │ │ └── 03
17 │ │ └── iw-fw-dr-1_20150903.20
18 │ ├── out
19 │ │ └── 2015
20 │ │ └── 09
21 │ │ └── 03
22 │ │ └── out-fw-dr-1_20150903.20
23 │ └── outweb
24 │ └── 2015
25 │ └── 09
26 │ └── 03
27 │ └── ow-fw-dr-1_20150903.20
28 ├── nprobe-hq-2
29 │ ├── ext2ext
30 │ │ └── 2015
31 │ │ └── 09
32 │ │ └── 03
33 │ │ └── ext2ext-nprobe-hq-2_20150903.20
34 │ ├── in
35 │ │ └── 2015
36 │ │ └── 09
37 │ │ └── 03
38 │ │ └── in-nprobe-hq-2_20150903.20
39 │ ├── int2int
40 │ │ └── 2015
41 │ │ └── 09
42 │ │ └── 03
43 │ │ └── int2int-nprobe-hq-2_20150903.20
44 │
45 │
46 │
47 ├── sensors.conf
48 └── silk.conf
49
Sal - looks liek you have a syntax error in @ipfix_devices. You're missing a "," between last two devices.
Joe
Joe, Thanks for looking at the config. I fixed the missing delimeter but still no luck.
Sal
are there any debug switches or logging that can be enabled to see why FlowViewer is not seeing the Silk sensors? or is there away to run commands from the console to see where its failing.
Sal, your @ipfix_devices arraay should look like this:
@ipfix_devices = ("rtr-hq-2","fw-hq-1","fw-hq-2","fw-hq-int1","fw-dr-1","rtr-dr-2","probe-hq-1","nprobe-hq-2");
This will fill out the Devices pulldown. The 'Sensors' text box towards the bottom should not be necessary (if thath is what you are looking at to be filled out). See attached image.
Joe
Joe,
Nothing I have done sofar seems to work. I'm starting from scratch hoping to find my error.
I double checked and all the folders exist and have permission set to 777.
I enabled all the debug switches I counld find
No logs are being created in directory "/var/www/cgi-bin/FlowViewer_4.6/logs"
Should I be seeing any log files?
The settings in my FlowViewer_Configuration.pm file are:
$reports_directory = "/var/www/html/FlowViewer";
$reports_short = "/FlowViewer";
$graphs_directory = "/var/www/html/FlowGrapher";
$graphs_short = "/FlowGrapher";
$monitor_directory = "/var/www/html/FlowMonitor";
$monitor_short = "/FlowMonitor";
$cgi_bin_directory = "/var/www/cgi-bin/FlowViewer_4.6";
$cgi_bin_short = "/cgi-bin/FlowViewer_4.6";
$work_directory = "/var/www/cgi-bin/FlowViewer_4.6/Flow_Working";
$save_directory = "/var/www/html/FlowViewer_Saves";
$save_short = "/FlowViewer_Saves";
$names_directory = "/var/www/cgi-bin/FlowViewer_4.6";
$ipset_directory = "/var/www/cgi-bin/FlowViewer_4.6";
$filter_directory = "/var/www/cgi-bin/FlowMonitor_Files/FlowMonitor_Filters";
$rrdtool_directory = "/var/www/cgi-bin/FlowMonitor_Files/FlowMonitor_RRDtool";
Thanks
Sal
Reading your thread, it seems we are in this together. I'm stuck too. Here I can offer some help. For debug look for
/var/www/cgi-bin/FlowViewer_4.6/Flow_Working
before this see these values in FlowViewer_Configuraiton.pm file.
Also, are you playing some pcap files or you sending actual flows to SILK.
Hi binaryrev, I have not had time to work on this lately.
No I'm not replaying pcap files, I'm sending the actual flows.