This is just a quick README on using the various ansible playbooks and perl file to create network flow diagrams.

• The target hosts either need to have already tcpflow installed or are subscribed to the EPEL repo for them to be installed.
• The HTML is created in /var/www/html/tcpflow on the localhost. It is already assumed that the local host has httpd installed and running
• The perl script requires 2 modules:
  • XML::LibXML
  • Net::DNS
• These can be installed by running
  • yum -y install "perl(XML::LibXML)" "perl(Net::DNS)"
• There are currently some hard wired links which need to be made dynamic. For example, the perl script location is hard coded in generateReport.yml
• PLEASE, PLEASE, PLEASE don't just run this on a production environment! It's not yet ready for live release and could cause all kinds of problems. Try it out in a local lab setup first.

The current workflow is as follows:

• Create an ansible inventory file of hosts to be analysed (either FQDN or IPs)

    [serinus]
    192.168.122.117
    192.168.122.137
    192.168.122.1

• Run the tcpflow.yml (currently defaults to use all in inventory)
• ansible-playbook -i inventory tcpflow.yml
• This will do the following:
  • Find all open ports of each host
  • Create a tcpflow directory in /var/tmp
  • Check if tcpflow is already running
  • If not running, start it running
  • If tcpflow running, stop it and fetch xml file from remote host to localhost

Once you have all the results in /var/tmp/ on you localhost, you can then run generateReport.yaml. This will parse all the tcpflow-report-* .xml files in /var/tmp then run the processFlow.pl script on each of them

ansible-playbook -i inventory generateReport.yml

You should then end up with the output files in /var/www/html/tcpflow

To see the results, visit: https://localhost/tcpflow