Menu
▾
▴
Re: [Openfpc-users] Openfpc usage
|
From: Igor K. <igo...@gm...> - 2015-08-20 21:16:08
|
Hi Leon, Need your help please once again. Got the following problem and spent several hours trying to solve it. When making the API call to fetch the pcap data I am getting the data in pcapng format. The OpenFPC is using the mergecap to merge pcap files and by default mergecap creates the output in pcapng format instead of pcap. I have changed the following line in openfpc-default.conf file MERGECAP=/usr/bin/mergecap -F pcap This helped when I use the openfpc-client command to create pcap files, however when I use curl to fetch the data I still receive the output in pcapng format. curl -k 192.168.145.20:4222/api/1/fetch?apikey=38A69684-41F6-11E5-B47F-C061B4CE8A48\&stime=20150818%2010:00\&etime=20150818%2010:30\&dpt=22 > list.pcap cat list.pcap|tshark -i- Capturing on 'Standard input' tshark: Unrecognized libpcap format Looks like in case of API call the mergecap utility is not used at all. And I was not able to find in the code how merging is done in this case. Could you please help me. Is it possible to make the fetch API call to return the data in pcap format? Thanks so much! Igor From: leo...@gm... [mailto:leo...@gm...] On Behalf Of Leon Ward Sent: Tuesday, August 18, 2015 1:29 PM To: Igor Kaplan Cc: ope...@li... Subject: Re: [Openfpc-users] Openfpc usage Actually it wont. It will only remove the oldest PCAP file. It's best to keep those PCAP files on their own partition. The old flow records in mysql actually get removed automatically based on the oldest packet in the store. So you won't have records that are older than the pcaps. -L On Tue, Aug 18, 2015 at 6:21 PM, Igor Kaplan <igo...@gm...> wrote: Hi Leon, all, I have one more question please. Based on the documentation the following line in the openfpc config file restricts the space usage of captured data to 50 percent: PCAP_SPACE=50 So, if the data size exceeds 50 percent old files will be deleted automatically? Will openfpc also delete the old MySQL session tables? Many thanks and all the best! -Igor. From: leo...@gm... [mailto:leo...@gm...] On Behalf Of Leon Ward Sent: Monday, August 17, 2015 11:51 AM To: Igor Kaplan Cc: ope...@li... Subject: Re: [Openfpc-users] Openfpc usage Hi, Documentation is really one of the places that really needs some extra focus. The best docs I can point you to are in that folder, plus there is some out-of date info on my blog http://www.leonward.com. I actually delivered a presentation at Defcon last weekend all about OpenFPC. I have forwarded the slides separately. Hopefully that will help as well. As for your specific question about OpenFPC GUI. That's actually now been deprecated as it's no longer relevant for how it functions in a distributed manner. The OpenFPC-Chrome Extension will be the next best thing for interacting with the QueueDaemon remotely in a GUI-like way. Cheers, -L On Mon, Aug 17, 2015 at 4:25 PM, Igor Kaplan <igo...@gm...> wrote: Hi All, My name is Igor. I just found the OpenFPC and evaluating it. Looks like it is very good tool. I successfully installed on Ubuntu 14.4 with Perl 5.18 I have installed the OpenFPC-master, so it is the latest code. Now I would like to find out if there is more documentation beside files which I could find under docs directory. For example the INSTALL.md refers to the USAGE document, however I was not able to find it anywhere I am looking for the usage other then basic, just to find out, what are my advanced options. For example the openfpc-dbmaint.sh script is also able to create the gui database, I wonder, what it is for? The OpenFPC looks to be very powerful, just would like to understand it as best as I can. Would so much appreciate any reply’s. Many thanks. Igor. ------------------------------------------------------------------------------ _______________________________________________ Openfpc-users mailing list Ope...@li... https://lists.sourceforge.net/lists/listinfo/openfpc-users ------------------------------------------------------------------------------ _______________________________________________ Openfpc-users mailing list Ope...@li... https://lists.sourceforge.net/lists/listinfo/openfpc-users |
