diff options
author | edwin <edwin@FreeBSD.org> | 2005-11-24 23:49:12 +0000 |
---|---|---|
committer | edwin <edwin@FreeBSD.org> | 2005-11-24 23:49:12 +0000 |
commit | 31fa80963de2ccf2ff5cfad72c3a7c30233a6840 (patch) | |
tree | da404dbb73cc69f1012d6a2109a2bea8c59c4a70 /net-mgmt | |
parent | 29c9ee4767367faa18c9a30a3532c82d89338666 (diff) | |
download | FreeBSD-ports-31fa80963de2ccf2ff5cfad72c3a7c30233a6840.zip FreeBSD-ports-31fa80963de2ccf2ff5cfad72c3a7c30233a6840.tar.gz |
[New Port] net-mgmt/ourmon: Network Monitoring and Anomaly Detection System
Ourmon is a network management and anomaly detection system
for performing various SNMP RMON-like network analysis
tasks. It uses the BSD bpf in combination with RRDTOOL as
well as various "top talker" style tuples including: top-N
flows which include IP, TCP, UDP, and ICMP flows, top SYN
senders, top TCP/UDP ports, top single IP src to many IP
dst senders, top single IP src to L4 (TCP/UDP), top ICMP
errors which includes UDP creators of ICMP errors and other
tools for both network management and anomaly detection.
RRDTOOL graphs include a year of baselined information.
New RRDTOOL graphs may be designed with user-configured BPF
expressions a la tcpdump. Reports and logging for top
talkers are also included.
WWW: http://ourmon.cat.pdx.edu/ourmon/
PR: ports/84530
Submitted by: Charlie Schluting <manos@cs.pdx.edu>
Diffstat (limited to 'net-mgmt')
-rw-r--r-- | net-mgmt/Makefile | 1 | ||||
-rw-r--r-- | net-mgmt/ourmon/Makefile | 69 | ||||
-rw-r--r-- | net-mgmt/ourmon/distinfo | 2 | ||||
-rw-r--r-- | net-mgmt/ourmon/pkg-descr | 16 | ||||
-rw-r--r-- | net-mgmt/ourmon/pkg-message | 28 | ||||
-rw-r--r-- | net-mgmt/ourmon/pkg-plist | 167 |
6 files changed, 283 insertions, 0 deletions
diff --git a/net-mgmt/Makefile b/net-mgmt/Makefile index 37e5d93..3036eaf 100644 --- a/net-mgmt/Makefile +++ b/net-mgmt/Makefile @@ -113,6 +113,7 @@ SUBDIR += nstreams SUBDIR += openvmps SUBDIR += oproute + SUBDIR += ourmon SUBDIR += p0f SUBDIR += p5-Altoids SUBDIR += p5-Cflow diff --git a/net-mgmt/ourmon/Makefile b/net-mgmt/ourmon/Makefile new file mode 100644 index 0000000..feb90b2 --- /dev/null +++ b/net-mgmt/ourmon/Makefile @@ -0,0 +1,69 @@ +# New ports collection makefile for: ourmon +# Date created: 01 May 2005 +# Whom: Charlie Schluting <manos@cs.pdx.edu> +# +# $FreeBSD$ + +PORTNAME= ourmon +PORTVERSION= 2.5 +CATEGORIES= net-mgmt +MASTER_SITES= http://ourmon.cat.pdx.edu/ourmon/ +DISTNAME= ourmon25 + +MAINTAINER= manos@cs.pdx.edu +COMMENT= A libpcap-based network monitoring and anomaly detection system + +BUILD_DEPENDS= ${LOCALBASE}/lib/libpcap.a:${PORTSDIR}/net/libpcap +LIB_DEPENDS= gd:$(PORTSDIR)/graphics/gd +RUN_DEPENDS= rrdtool:$(PORTSDIR)/net/rrdtool + +#IS_INTERACTIVE= yes +WRKSRC= ${WRKDIR}/mrourmon +USE_PERL5= yes +NO_INSTALL_MANPAGES= yes +#NO_PACKAGE= yes +NO_BUILD= yes + +# where to install ourmon and also +# where we build the ourmon runtime-script with configure.pl +# note: we use the work directory simply for unpacking + +# make simply states assumptions, unpacks the system, and puts it in PREFIX +pre-build: + @${ECHO_MSG} "install dir is PREFIX=\"${PREFIX}/mrourmon\"" + @${ECHO_MSG} "We do not install apache or some other web server for you. + @${ECHO_MSG} "You should know where your apache docs directory is before make install." + @${ECHO_MSG} "You should also know which network interface you want ourmon to use." + @${ECHO_MSG} + @${ECHO_MSG} "Ourmon may be installed on one CPU or two. If you" + @${ECHO_MSG} "are only installing the front-end probe, you do" + @${ECHO_MSG} "not need Apache, hence we do not install it." + @${ECHO_MSG} "If you are installing the back-end graphics engine" + @${ECHO_MSG} "(which needs a web server) do install Apache first, and note" + @${ECHO_MSG} "where the htdocs web directory lives. You will need" + @${ECHO_MSG} "that for ourmon configuration. If you simply" + @${ECHO_MSG} "want to install ourmon with both front-end and back-end" + @${ECHO_MSG} "on one CPU, then install Apache first on that machine." + @${ECHO_MSG} + +pre-install: +.if exists(${PREFIX}/etc/ourmon.conf) + ${MV} ${PREFIX}/etc/ourmon.conf ${PREFIX}/etc/ourmon.conf.old +.endif + $(CP) -R ${WRKSRC} ${PREFIX} + +# make install compiles and configures the system installing +# all binaries in the local PREFIX/bin as well as asking +# the user if he/she wants to install system start scripts +# and modify /etc/crontab + +do-install: + cd ${PREFIX}/mrourmon && ${PERL5} configure.pl ${PREFIX} + +post-install: + @${ECHO_MSG} "Ourmon is installed in ${PREFIX}" + @${ECHO_MSG} + @${CAT} ${PKGMESSAGE} + @${ECHO_MSG} + +.include <bsd.port.mk> diff --git a/net-mgmt/ourmon/distinfo b/net-mgmt/ourmon/distinfo new file mode 100644 index 0000000..ae114df --- /dev/null +++ b/net-mgmt/ourmon/distinfo @@ -0,0 +1,2 @@ +MD5 (ourmon25.tar.gz) = 23353c42d2432793345b19ac0a77dfdb +SIZE (ourmon25.tar.gz) =330622 diff --git a/net-mgmt/ourmon/pkg-descr b/net-mgmt/ourmon/pkg-descr new file mode 100644 index 0000000..fe5ab61 --- /dev/null +++ b/net-mgmt/ourmon/pkg-descr @@ -0,0 +1,16 @@ +Ourmon is a network management and anomaly detection system for +performing various SNMP RMON-like network analysis tasks. It uses +the BSD bpf in combination with RRDTOOL as well as various "top +talker" style tuples including: top-N flows which include IP, TCP, +UDP, and ICMP flows, top SYN senders, top TCP/UDP ports, top single +IP src to many IP dst senders, top single IP src to L4 (TCP/UDP), +top ICMP errors which includes UDP creators of ICMP errors and other +tools for both network management and anomaly detection. RRDTOOL +graphs include a year of baselined information. New RRDTOOL graphs +may be designed with user-configured BPF expressions a la tcpdump. +Reports and logging for top talkers are also included. + +WWW: http://ourmon.cat.pdx.edu/ourmon/ + +Created by: Jim Binkley <jrb@cs.pdx.edu> +FreeBSD Port by: Charlie Schluting <manos@cs.pdx.edu> diff --git a/net-mgmt/ourmon/pkg-message b/net-mgmt/ourmon/pkg-message new file mode 100644 index 0000000..e0d2bdc --- /dev/null +++ b/net-mgmt/ourmon/pkg-message @@ -0,0 +1,28 @@ +For the FreeBSD port, we assume + +/usr/local/mrourmon + +is the base directory, although that can be overridden with +the port Makefile. + +Read the INSTALL file in the ourmon base directory. +************************************************** + +If you want to uninstall ourmon, read "uninstall.txt" in +the base directory. + +Be sure and inspect and modify the basic config file, +at /usr/local/mrourmon/etc/ourmon.conf. In particular +set the notion of topn_syn home IP in the config file + +topn_syn_homeip 10.1.0.0 255.255.0.0 + +to your home subnet and netmask. + +After setting the config file up properly, +in order to start the front-end probe process, +named "ourmon", you must cd to the base directory +and run the ourmon probe from the start shellscript. + +# cd /usr/local/mrourmon/bin +# ./ourmon.sh start diff --git a/net-mgmt/ourmon/pkg-plist b/net-mgmt/ourmon/pkg-plist new file mode 100644 index 0000000..ca2e429 --- /dev/null +++ b/net-mgmt/ourmon/pkg-plist @@ -0,0 +1,167 @@ +mrourmon/src/ourmon/copyright.h +mrourmon/src/ourmon/pid.c +mrourmon/ACKS +mrourmon/CHANGE.LOG +mrourmon/CHANGES +mrourmon/INSTALL +mrourmon/README +mrourmon/TODO +mrourmon/VERSION +mrourmon/deb.sh +mrourmon/etc/README +mrourmon/etc/cbpfexamples.conf +mrourmon/etc/crontab.sample +mrourmon/etc/ourmon.conf +mrourmon/scripts/README +mrourmon/scripts/checkmon.sh +mrourmon/src/README +mrourmon/src/distros/freebsd/Makefile +mrourmon/src/distros/freebsd/distinfo +mrourmon/src/distros/freebsd/pkg-descr +mrourmon/src/distros/freebsd/pkg-message +mrourmon/src/distros/freebsd/x +mrourmon/src/ourmon/Makefile.bsd +mrourmon/src/ourmon/Makefile.linux +mrourmon/src/ourmon/Makefile.solaris +mrourmon/src/ourmon/TODO +mrourmon/src/ourmon/barthash.c +mrourmon/src/ourmon/bytecodes.h +mrourmon/src/ourmon/changed.c +mrourmon/src/ourmon/config.h +mrourmon/src/ourmon/docs/morep2p.txt +mrourmon/src/ourmon/docs/p2p.txt +mrourmon/src/ourmon/ehash.c +mrourmon/src/ourmon/filter.h +mrourmon/src/ourmon/hashicmp.h +mrourmon/src/ourmon/hashport.h +mrourmon/src/ourmon/hashscan.c +mrourmon/src/ourmon/hashscan.h +mrourmon/src/ourmon/hashsort.c +mrourmon/src/ourmon/hashsort.h +mrourmon/src/ourmon/hashsyn.h +mrourmon/src/ourmon/interfaces.c +mrourmon/src/ourmon/ipanalyze.c +mrourmon/src/ourmon/ircscan.c +mrourmon/src/ourmon/ircscan.h +mrourmon/src/ourmon/machdep.c +mrourmon/src/ourmon/nonipanalyze.c +mrourmon/src/ourmon/ourmon.c +mrourmon/src/ourmon/ourmon.h +mrourmon/src/ourmon/sample.configs/foo.conf +mrourmon/src/ourmon/sample.configs/goo.conf +mrourmon/src/ourmon/sample.configs/icmp.conf +mrourmon/src/ourmon/sample.configs/ourmon.conf +mrourmon/src/ourmon/sample.configs/ourmon.conf.2 +mrourmon/src/ourmon/sample.configs/portrange.conf +mrourmon/src/ourmon/sample.configs/test.conf +mrourmon/src/ourmon/sample.configs/x.conf +mrourmon/src/ourmon/sig.c +mrourmon/src/ourmon/stats.h +mrourmon/src/ourmon/trigger.h +mrourmon/src/ourmon/util.c +mrourmon/src/testcode/Makefile +mrourmon/src/testcode/README +mrourmon/src/testcode/testri.c +mrourmon/src/web.code/Makefile +mrourmon/src/web.code/NOTDONEYET +mrourmon/src/web.code/README +mrourmon/src/web.code/README.logs +mrourmon/src/web.code/drawtopn.c +mrourmon/src/web.code/testdraw.sh +mrourmon/src/web.code/topn_udp.png +mrourmon/src/web.code/udptest.sh +mrourmon/src/web.html/Makefile +mrourmon/src/web.html/README +mrourmon/src/web.html/bpf-emailsyns.html +mrourmon/src/web.html/bpf-errors.html +mrourmon/src/web.html/bpf-p2p.html +mrourmon/src/web.html/bpf-ports.html +mrourmon/src/web.html/bpf-protopkts.html +mrourmon/src/web.html/bpf-subnets1.html +mrourmon/src/web.html/bpf-tcpcontrol.html +mrourmon/src/web.html/bpf-unreach.html +mrourmon/src/web.html/bpf-vpns.html +mrourmon/src/web.html/cast.html +mrourmon/src/web.html/flow.html +mrourmon/src/web.html/icmpcodes.txt +mrourmon/src/web.html/icmperror.html +mrourmon/src/web.html/index.html +mrourmon/src/web.html/indexstatic.html +mrourmon/src/web.html/info.html +mrourmon/src/web.html/info.topipa.html +mrourmon/src/web.html/ipportscan.html +mrourmon/src/web.html/ipproto.html +mrourmon/src/web.html/iprange1.html +mrourmon/src/web.html/ipscan.html +mrourmon/src/web.html/irc.html +mrourmon/src/web.html/l2proto.html +mrourmon/src/web.html/netww.html +mrourmon/src/web.html/ourarch.png +mrourmon/src/web.html/pkts.html +mrourmon/src/web.html/realhtml.txt +mrourmon/src/web.html/size.html +mrourmon/src/web.html/tcp3.html +mrourmon/src/web.html/tcpports.html +mrourmon/src/web.html/tcpscan.html +mrourmon/src/web.html/tcpsyn.html +mrourmon/src/web.html/tingting.html +mrourmon/src/web.html/topn_icmp.html +mrourmon/src/web.html/topn_ip.html +mrourmon/src/web.html/topn_tcp.html +mrourmon/src/web.html/topn_udp.html +mrourmon/src/web.html/topnstat.html +mrourmon/src/web.html/tworm.html +mrourmon/src/web.html/udperror.html +mrourmon/src/web.html/udpports.html +mrourmon/src/web.html/udpscan.html +mrourmon/src/web.html/udpweight.html +mrourmon/uninstall.txt +mrourmon/src/ourmon/hashicmp.c +mrourmon/src/ourmon/hashport.c +mrourmon/src/ourmon/hashsyn.c +mrourmon/src/ourmon/trigger.c +mrourmon/configure.pl +mrourmon/makeclean.sh +mrourmon/scripts/monupdate.sh +mrourmon/scripts/runourmon.pl +mrourmon/src/ourmon/cprogram.c +mrourmon/src/ourmon/cprogram.h +mrourmon/src/ourmon/filter.c +mrourmon/src/ourmon/hashsort +mrourmon/src/ourmon/monconfig.c +mrourmon/src/ourmon/sample.configs/doit.sh +mrourmon/src/ourmon/sample.configs/ourmon.sh +mrourmon/src/ourmon/sample.configs/readit.sh +mrourmon/src/ourmon/sample.configs/runourmon.sh +mrourmon/src/testcode/testri +mrourmon/src/web.code/batchip.sh +mrourmon/src/web.code/batchipall.sh +mrourmon/src/web.code/daily.pl +mrourmon/src/web.code/irc.pl +mrourmon/src/web.code/mklogdir.sh +mrourmon/src/web.code/monbackup.pl +mrourmon/src/web.code/notdoneyet/makepics.pl +mrourmon/src/web.code/ombatchip.pl +mrourmon/src/web.code/ombatchipsrc.pl +mrourmon/src/web.code/ombatchsyn.pl +mrourmon/src/web.code/omupdate.pl +mrourmon/src/web.code/omupdate.sh +mrourmon/src/web.code/tcpworm.pl +mrourmon/src/web.code/topipa.pl +mrourmon/src/web.code/wormtolog.pl + +@dirrm mrourmon/tmp +@dirrm mrourmon/src/web.html +@dirrm mrourmon/src/web.code/notdoneyet +@dirrm mrourmon/src/web.code +@dirrm mrourmon/src/testcode +@dirrm mrourmon/src/ourmon/sample.configs +@dirrm mrourmon/src/ourmon/docs +@dirrm mrourmon/src/ourmon +@dirrm mrourmon/src/distros/freebsd +@dirrm mrourmon/src/distros +@dirrm mrourmon/src +@dirrm mrourmon/scripts +@dirrm mrourmon/etc +@dirrm mrourmon/bin +@dirrm mrourmon |