Extracted from flowscan-cuflow-1.7/debian/control:
==================================================
flowscan-cuflow - Flowscan module combining CampusIO and SubNetIO
CUFlow is a FlowScan module designed to combine the features
of CampusIO and SubNetIO and to process data more quickly. CUFlow
allows you to differentiate traffic by protocol, service, TOS,
router, and network and then generate TopN reports over 5 minutes
periods and over an extended period of time.
flowscan-cugrapher - A CGI interface for flowscan-cuflow
CUGrapher creates graphs for the data collected CUFlow. The graphs
are displayed in a web browser. The graphs can be customised by
entering queries on the web form, or by creating a default set of
graphs in the /etc configuration file.
Extracted from flowscan-cuflow-1.7/debian/changelog:
====================================================
flowscan-cuflow (1.7-5) unstable; urgency=low
* Got rid of bash ism's.
Closes: #530083.
-- Russell Stuart <russell-debian@NOSPAM> Sat, 23 May 2009 17:09:28 +1000
flowscan-cuflow (1.7-4) unstable; urgency=low
* Added: DM-Upload-Allowed: yes
-- Russell Stuart <russell-debian@NOSPAM> Mon, 28 Jan 2008 20:58:18 +1000
flowscan-cuflow-1.7/debian/copyright:
=====================================
This Debian package was created by:
Russell Stuart <russell-debian@NOSPAM>
on:
Tue, 20 Dec 2005 20:20:59 +1000
It was downloaded from:
http://www.columbia.edu/acis/networks/advanced/CUFlow
Upstream Authors:
Johan Andersen <johan@NOSPAM>
Matt Selsky <selsky@NOSPAM>
Copyright:
Copyright (c) 2002-2005, Trustees of Columbia University, New York.
The program is released under the the GNU General Public
License Version 2, found on Debian GNU/Linux systems in
the file /usr/share/common-licenses/GPL-2.
flowscan-cuflow-1.7/debian/flowscan-cuflow.README.Debian:
=========================================================
Using this module
=================
1. Edit /etc/flowscan/flowscan.cf and change the ReportClasses
to read:
ReportClasses CUFlow
2. Edit /etc/flowscan/CUFlow.cf to suit. There is a copy of
this file as distributed upstream in the examples directory.
There is also an example of a version more suited to a
typical home / small office server.
3. Capture data in 5 minute intervals. (See the -N flag to
flow-capture below). CUFlow doesn't handle anything
other than 5 minute intervals very well.
4. Consider installing flowscan-cugrapher so you can display
pretty graphs of the data you collect on a web page.
Micro HOWTO on using CUFlow to monitor data on the local server
===============================================================
My guess is that 90% of people just want to use this package
to track what data is flowing through their Debian server,
typically with the end goal being to nail whatever is hogging
their bandwidth. It will do this well, but installing this
package is just one step among many. Here are the entire
list:
a. Install the fprobe-ulog package to gather the raw data.
b. Use debconf (ie during installation or later by running
dpkg-reconfigure fprobe-ulog) to set the FLOW_COLLECTOR
variable in /etc/default/fprobe-ulog to:
FLOW_COLLECTOR="127.0.0.1:555"
The INTERFACES variable can be left blank.
c. Add some "iptables -j ULOG" entries to your firewall
to direct the traffic to fprobe-ulog you want logged.
These commands may suffice:
iptables --insert INPUT 1 ! --source LAN/N --interface ! lo --jump ULOG
iptables --insert FORWARD 1 --interface ! lo --jump ULOG
iptables --insert OUTPUT 1 ! --destination LAN/N --jump ULOG
Here "LAN/N" is the IP address range of your LAN, eg
"192.168.0.0/24". Having it there prevents fprobe-ulog
from seeing LAN traffic. Writing the LAN traffic to
the log doesn't confuse flowscan, but fprobe-ulog can
be overwhelmed by too much traffic, such as you might
find on a 100Mbit LAN.
d. Create these directories:
mkdir -p /var/local/netflow/flows
mkdir -p /var/local/netflow/rrd
mkdir -p /var/local/netflow/cuflow/scoreboard
e. Use the flow-capture program, which is provided by the
flow-tools package, to write the data fprobe gathers
to disk. Be sure to use version 0.68-5 or better -
versions prior to that had a bug which meant it didn't
work with flowscan. Comment out all the existing
lines in /etc/flow-tools/flow-capture.conf and add
this line at the end:
-E1G -N 0 -n 287 -S60 -V5 -w /var/local/netflow/flows -z9 127.0.0.1/127.0.0.1/555
You can alter some of these settings (making
compensating changes elsewhere), but leave "-n 287"
and "-V5" strictly alone.
f. Edit /etc/flowscan/flowscan.cf and change the
FlowFileGlob line to read:
FlowFileGlob /var/local/netflow/flows/ft-v05.*
g. Edit /etc/flowscan/CUFlow.cf, and change the following
lines:
OutputDir /var/local/netflow/rrd
Scoreboard 10 /var/local/netflow/cuflow/scoreboard /var/local/netflow/cuflow/top10.html
AggregateScore 10 /var/local/netflow/cuflow/scoreboard/agg.dat /var/local/netflow/cuflow/agg10.html
Router 127.0.0.1 localhost
You will have to change the following configuration items
to reflect the IP address allocation for your local LAN.
For example, if "ifconfig eth0" says something like
"inet addr:192.168.1.10 Bcast:192.168.1.255 Netmask:255.255.255.0"
then you would set them to:
Subnet 192.168.1.10/24
Network 192.168.1.10/24
You must also put all other IP addresses you machine has
been allocated in this file. For example, if your
machine is running a PPPoE server and has been allocated
the IP address 11.12.13.14 by your ISP, then you need a
line like this:
Subnet 11.12.13.14/32
Alas adding this IP address is NOT optional. CUFlow will
only gather statistics on packets it thinks are going from
an internal IP address to an external IP address, or visa
versa. If you don't add all IP addresses the machine has,
then incoming packet destined those IP addresses will look
like external-->external, and hence be ignored. This is a
real issue if your ISP allocated you your IP address
dynamically. Your only recourse it to create CUFlow.cf
dynamically every time you re-connect the link, and
re-start flowscan after you have done so.
h. Start/restart the services you have just configured by
running:
/etc/init.d/fprobe-ulog restart
/etc/init.d/flow-capture restart
i. Within 5 minutes files named ft-v05.* should appear in
/var/local/netflow/flows. When they do run "flowscan".
No parameters are needed. The only error your should
see is something like:
illegal attempt to update using time 1135127401 when last update time is 1135127701 (minimum one second step)
Press control+C to stop it running.
j. Install flowscan.rc to /etc/init.d. flowscan.rc can be
found in the /usr/share/doc/flowscan-cuflow/examples
directory:
cp /usr/share/doc/flowscan-cuflow/examples/flowscan.rc /etc/init.d/flowscan
update-rc.d flowscan defaults
/etc/init.d/flowscan start
k. Install the flow-cugrapher package.
l. Edit /etc/flowscan/CUGrapher.cf and change these settings:
OutputDir /var/local/netflow/rrd
Scoreboard /var/local/netflow/cuflow/top10.html
AggregateScore /var/local/netflow/cuflow/agg10.html
m. Configure your web server to run CUGrapher.pl. For
Apache this line will achieve that for the URL
"http://host.name/cuflow":
Alias "/cuflow" "/usr/lib/cgi-bin/CUFlow.cgi"
Restart apache.
You should now be able to see pretty pictures when
you display http://127.0.0.1/cuflow.
n. Use the web page to produce the graphs you would like
to see. You can display those graphs when the web page
is initially displayed by following the instructions
in /etc/flowscan/CUGrapger.cf for the "DefaultGraph"
variable. Add one "DefaultGraph" line for each graph
you want to display.
flowscan-cuflow-1.7/debian/flowscan-cugrapher.README.Debian:
============================================================
Using this package
==================
To use this you need to have installed flowscan-cuflow
package and got it running. See that packages
README.Debian for more information.
Having done that, edit /etc/flowscan/CUGrapher.cf to
reflect your tastes. The file is self-documenting -
read it. In particular, be sure to set the OutputDir
variable must be identical to what is in
/etc/flowscan/CUFlow.cf.
Finally, reconfigure your HTTP server to run CUGrapher.pl.
It is installed into:
/usr/lib/cgi-bin/CUGrapher.pl
and this is a symlink to it:
/usr/lib/cgi-bin/CUGrapher.cgi
In Apache / Apache2 adding this line to httpd.conf
should suffice:
Alias "/cuflow" "/usr/lib/cgi-bin/CUFlow.cgi"
This will allow you to view the CUFlow web page at:
http://127.0.0.1/cuflow
CUGrapher in this package has been modified to read its
configuration from /etc/flowscan/CUGrapger.cf, so the
instruction in the README.txt file about modifying the
$rrddir to point to your databases no longer applies.
Name Last modified Size
![[DIR]](/icons/back.gif)
Parent Directory -
![[DIR]](/icons/folder.gif)
DOT/ 19-Jan-2010 17:43 -
![[ ]](/icons/unknown.gif)
Contents-amd64 19-Jan-2010 17:43 1.3K
Contents-amd64.bz2 19-Jan-2010 17:43 287
![[ ]](/icons/compressed.gif)
Contents-amd64.gz 19-Jan-2010 17:43 238
flowscan-cuflow_1.7-5.diff.gz 25-May-2009 05:57 10K
flowscan-cuflow_1.7-5.dsc 25-May-2009 05:57 1.1K
flowscan-cuflow_1.7-5_all.deb 25-May-2009 05:57 24K
flowscan-cuflow_1.7-5_amd64.build 25-May-2009 05:57 2.5K
flowscan-cuflow_1.7-5_amd64.changes 25-May-2009 05:57 2.1K
flowscan-cuflow_1.7-5_amd64.upload 25-May-2009 06:10 475
flowscan-cuflow_1.7.orig.tar.gz 25-May-2009 05:57 29K
flowscan-cugrapher_1.7-5_all.deb 25-May-2009 05:57 12K
override 25-May-2009 05:57 61
Packages 19-Jan-2010 17:43 1.4K
Packages.bz2 19-Jan-2010 17:43 797
Packages.gz 19-Jan-2010 17:43 698
Release 19-Jan-2010 17:43 844
Release.gpg 19-Jan-2010 17:43 189
Sources 19-Jan-2010 17:43 954
Sources.bz2 19-Jan-2010 17:43 611
Sources.gz 19-Jan-2010 17:43 556