IPFIX Interoperability Event, Prague

• Prague_topology.svg: Network topology for IPFIX testing in Prague
• monica.ppt: Brief presentation of the MONICA research group

The BasicMeter Tool

• BEEM - stands for the metering end exporting process. It covers packet capturing, filtering, sampling, creating and maintaining of flow records in the flow cache, and exporting of flow records from observation point by IPFIX protocol. It is a console application written in C language. Configuration of BEEM can be done by the modification of its XML config file.

• JXColl - stands for the collecting process. It can collect flow records exported from several observation points in the format of Netflow v5, Netflow v9, or IPFIX. Flow records can be stored into the database (for future use and analysis) or directly send to analyzing application by ACP protocol. This feature is intended for the real-time analysis of network traffic. JXColl can also generate accounting records and store them into the special database for the usage-based accounting. Configuration of JXColl can be done by the modification of its XML config file.

• BMAnalyzer – stands for the analyzing application. It provides user frontend for the visualization of the information obtained by observation points. BMAnalyzer is a standalone Java application accessible via Java Webstart technology, but ongoing version is designed as a modular web application integrating centralized management and many potential IPFIX applicabilities.

Information Model

• BEEM exports these information elements.
• JXColl supports these information elements (MS Excel format JXCollElements.xls).

Transport Protocols

• BEEM supports UDP and TCP.
• JXColl stable version supports UDP only.
• JXColl testing version supports UDP and TCP as well, but only one exporter can be connected at the time while using TCP (it is still under development).

MONICA add-ons (mostly under development)

• Modular WebAnalyzer built on Java Wicket framework.
• ECAM (Exporter Collector Analyzer Module) for the centralized management and easy deployment of the monitoring tool.
• ACP (Analyzer Collector Protocol) for the direct communication of collector and analyzer (support for real-time monitoring).
• Data WareHouse for data preprocessing and storing for efficient access by the analyzing application.
• Adaptive export of flow records from the observation point (support for real-time monitoring).
• Measurement of OWD with compensation of observation points’ clock skew.
• Usage-based accounting.
• Anomaly based IDS.
• Adaptive anomaly driven traffic engineering.
• Monitoring of information systems.

Installation manual and links on deb packages in apt repositary:*

exporter mybeem_1.1-3_i386.deb

• dependencies on libraries for running:
  • libpcap version 0.8.3 or higher
  • libxml2 version 2.6.23 or higher
  • openssl version 0.9.1 or higher
• Installation for Ubuntu/Debian:
  • from package:

    dpkg -i mybeem_1.1-3_i386.deb 

  • from apt repositary:

    apt-get install mybeem 

collector +db

• installation of stable version:
  • Ubuntu, Debian: sudo dpkg -i jxcoll_3.5_i386.deb
• installation of beta version:
  • copy ipfixFields.xml (if it is not there yet), jxcoll_config.xml to /etc/jxcoll/ folder.
• database and tables creation:
  • for stable version:
    • apt-get install postgresql
    • sudo -u postgres createuser -D -A -P -S -R -l bm
    • sudo -u postgres createdb -O bm bm
    • psql -h 127.0.0.1 -d bm -U bm -f bmtables.psql --single-transaction
  • for beta version:
    • sudo apt-get install python-software-propertie
    • sudo add-apt-repository ppa:pitti/postgresql
    • sudo apt-get update
    • sudo apt-get install postgresql-9.0 libpq-dev postgresql-contrib-9.0
    • connect to db as root and set password: ALTER USER postgres WITH ENCRYPTED PASSWORD 'password';
    • download all files from here
    • open skript.sh in editor and at line 3 set path="...", path where all downloaded scripts are located:skript.sh,first.sql,second.sql,third.sql, fourth.sql
    • if necessary, set privilege in file pg_hba.conf
    • sudo sh skript.sh
    • answer questions

analyzer

• With ZIP package
  • download .zip file from site: https://svn.cnl.tuke.sk/monica/BasicMeter/Analyzer/BMAnalyzer/bin/BMAnalyzer.zip
  • unpack file and run BMAnalyzer.jar from dist directory by doubleclick or by command in command line:

    java –jar BMAnalyzer.jar 

• From APT repository

  • echo "deb http://apt.cnl.sk/debian etch cnl" >> /etc/apt/sources.list 

  • apt-get update 

  • apt-get install bmanalyzer 

• Direct installation of DEB package
  • download .deb file from site: https://svn.cnl.tuke.sk/monica/BasicMeter/Analyzer/BMAnalyzer/deb/BMAnalyzer-2.0.2.0.deb
  • package installation:

    dpkg -i BMAnalyzer-2.0.2.0.deb 

  • for run:

    bmanalyzer 

BasicMeter basic usage instructions

Note: Recommended sequence while running measurement platform is: collector -> exporter -> analyzer.

collector JXCOLL

• how to start stable version:
  • JXColl is run in the background automatically at system startup as daemon (jxcolld). It is possible to controll it with command:

    sudo /etc/init.d/jxcolld <operation>

    where operation is replaced with :
    • start starts JXColl daemon, if it is not running,
    • stop stops JXColl daemon,
    • restart stops JXColl daemon and run it again,
    • status informs if JXColl daemon is running,
    • usage / help display options how to control JXColl daemon.
  • by command: (If path to the configuration file is not specified then the following file will be used: /etc/jxcoll/jxcoll_config.xml.):

    java -jar jxcoll.jar [/path/to/configuration/file/jxcoll_config.xml] 

• lib folder must be in folder where jxcoll.jar is - is also in zip package
• Log files are saved in directory /var/log/jxcoll. Format of log files:

  log-YYYY-MM-DD-HH-mm-ss.log 

• !!! It is necessary to edit configuration file before running program FOR STABLE VERSION IT IS jxcoll.conf AND FOR BETA VERSION jxcoll_config.xml!!!
• how to start beta version:

for detailed information see: User Guide JXColl v3.5

• Manuals for JXColl v3.5:
  • JXColl_v3-5_PP.pdf
  • JXColl_v3-5_SP.pdf

• what is expected on output:
  • mybeem : records of every exported flow are saved in log file.
  • stable ver. : if type of logging is set to DEBUG in configuration file, then records of exported information's elements to DB will be saved in log file.
  • beta ver.: when type of logging is set to DEBUG in configuration file, then it is possible to see records of exported information's elements to DB on output.

• how to exit correctly:
  • mybeem : with init.d script or by sending signal SIGINT
  • stable ver. : with init.d script
  • beta: ctrl+c, when TCP in use, first exit exporter and then jxcoll!!!

exporter MYBEEM

• Configuration can be set by XML file.
• Two ways how to run program:
  • run program - it is possible to enter XML file as parameter of command line otherwise the following configuration file will be used /etc/mybeem/config.xml . Administrator rights are neccessary for running the program. Command to run program:

    mybeem config.xml 

  • run init.d script - script is going through directory /etc/mybeem and run instance mybeem for every XML file. Command to run the program:

    /etc/init.d/mybeemd start 

• Log files are saved in directory /var/log/mybeem. Format of log files:

  log-YYYY-MM-DD-HH-mm-ss.log 

• Mybeem daemon can be controlled with other options of init.d script:
  • stop exit mybeem daemon.
  • restart exit and run mybeem daemon again.
  • status informs if mybeem deamon is running.
  • usage / help displays options of usage of init.d script.

for detailed informations see: User guide MyBeem

analyzer BMANALYZER

* Program is run from directory by doubleclick or by command from command line:

java -jar BMAnalyzer.jar 

for detailed information see: User Guide BMAnalyzer

* Online version

• You can run the BMAnalyzer 2.0.2.0 by clicking on the image.
• It is connecting to the server elmord.intrak.tuke.sk. You can se the trafic of elmord, one of the masters of BMAnalyzer.

Acknowledgement

• Prague_topology.svg: Network topology for IPFIX testing in Prague

• monica.ppt: Brief presentation of the MONICA research group

• monica.ppt: monica.ppt