vmxdev / xenoeye Goto Github PK

Прошу помощи с установкой вашего продукта на CentOS8. Релиз 8.2.2004, скачал на днях
Пробую установить с github. Скачиваю командой git clone https://github.com/vmxdev/xenoeye.git
Вроде проходит без ошибок. Пытаюсь установить по инструкции с этого сайта: http://xenoeye.com/cgi-bin/fossil.cgi/wiki?name=Compiling+and+installing+Xenoeye
Установил следующее:
(1/4): autoconf-2.69-27.el8.noarch.rpm 708 kB/s | 710 kB 00:01
(2/4): libtool-2.4.6-25.el8.x86_64.rpm 692 kB/s | 709 kB 00:01
(3/4): automake-1.16.1-6.el8.noarch.rpm 668 kB/s | 713 kB 00:01
(4/4): perl-Thread-Queue-3.13-1.el8.noarch.rpm

Делаю
[root@centos ~ ]# cd xenoeye
[root@centos xenoeye]# autoreconf --install
libtoolize: putting auxiliary files in '.'.
libtoolize: copying file './ltmain.sh'
libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'.
libtoolize: copying file 'm4/libtool.m4'
libtoolize: copying file 'm4/ltoptions.m4'
libtoolize: copying file 'm4/ltsugar.m4'
libtoolize: copying file 'm4/ltversion.m4'
libtoolize: copying file 'm4/lt~obsolete.m4'
libtoolize: Consider adding '-I m4' to ACLOCAL_AMFLAGS in Makefile.am.
configure.ac:9: installing './ar-lib'
configure.ac:9: installing './compile'
configure.ac:13: installing './config.guess'
configure.ac:13: installing './config.sub'
configure.ac:3: installing './install-sh'
configure.ac:3: installing './missing'
Makefile.am: installing './depcomp'
parallel-tests: installing './test-driver'

Затем пытаюсь подготовиться к сборке
[root@centos xenoeye]# ./configure
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /usr/bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking whether to enable maintainer-specific portions of Makefiles... no
checking whether make supports the include directive... yes (GNU style)
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking dependency style of gcc... gcc3
checking for ar... ar
checking the archiver (ar) interface... ar
checking for gcc... (cached) gcc
checking whether we are using the GNU C compiler... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for gcc option to accept ISO C89... (cached) none needed
checking whether gcc understands -c and -o together... (cached) yes
checking dependency style of gcc... (cached) gcc3
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking how to print strings... printf
checking for a sed that does not truncate output... /usr/bin/sed
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for fgrep... /usr/bin/grep -F
checking for ld used by gcc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking how to convert x86_64-pc-linux-gnu file names to x86_64-pc-linux-gnu format... func_convert_file_noop
checking how to convert x86_64-pc-linux-gnu file names to toolchain format... func_convert_file_noop
checking for /usr/bin/ld option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for archiver @file support... @
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /usr/bin/nm -B output from gcc object... ok
checking for sysroot... no
checking for a working dd... /usr/bin/dd
checking how to truncate binary pipes... /usr/bin/dd bs=4096 count=1
checking for mt... no
checking if : is a manifest tool... no
checking how to run the C preprocessor... gcc -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if gcc supports -fno-rtti -fno-exceptions... no
checking for gcc option to produce PIC... -fPIC -DPIC
checking if gcc PIC flag -fPIC -DPIC works... yes
checking if gcc static flag -static works... no
checking if gcc supports -c -o file.o... yes
checking if gcc supports -c -o file.o... (cached) yes
checking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking whether compiler understands -Wall -Wextra -pedantic... yes
checking for library containing pcap_open_live... no
configure: error: unable to find the pcap_open_live() function

Ошибка, и дальше не идёт
[root@centos xenoeye]# make
make: *** No targets specified and no makefile found. Stop.

Я не специалист в линуксе, поэтому был бы благодарен за подробное объяснение, что я делаю не так.

Hi, I installed the xenoeyes netflow collector on linux debian ; I follow the STEP By STEP instructions but the executable xenoeyes doesn't work. After experted the data to DB postgresql, all counter are 0 :
xenoeyedb=# select time, iana_protocols.name, octets, packets from ingress_by_proto join iana_protocols on ingress_by_proto.proto=iana_protocols.num;
time | name | octets | packets
------------------------+--------+--------+---------
2023-04-26 13:46:57+02 | HOPOPT | 0 | 0
2023-04-26 13:46:57+02 | ICMP | 0 | 0
2023-04-26 13:46:57+02 | TCP | 0 | 0
2023-04-26 13:46:57+02 | UDP | 0 | 0
2023-04-26 13:51:57+02 | HOPOPT | 0 | 0
2023-04-26 13:51:57+02 | ICMP | 0 | 0
2023-04-26 13:51:57+02 | TCP | 0 | 0
2023-04-26 14:14:29+02 | HOPOPT | 0 | 0
2023-04-26 14:14:29+02 | ICMP | 0 | 0
2023-04-26 14:14:29+02 | TCP | 0 | 0
2023-04-26 14:14:29+02 | UDP | 0 | 0
2023-04-26 14:19:29+02 | HOPOPT | 0 | 0
2023-04-26 14:19:29+02 | ICMP | 0 | 0
2023-04-26 14:19:29+02 | TCP | 0 | 0
2023-04-26 14:19:29+02 | UDP | 0 | 0
2023-04-26 14:24:29+02 | HOPOPT | 0 | 0
2023-04-26 14:24:29+02 | ICMP | 0 | 0
2023-04-26 14:24:29+02 | TCP | 0 | 0
2023-04-26 14:24:29+02 | UDP | 0 | 0
2023-04-26 14:29:29+02 | HOPOPT | 0 | 0
2023-04-26 14:29:29+02 | ICMP | 0 | 0
2023-04-26 14:29:29+02 | TCP | 0 | 0
2023-04-26 14:29:29+02 | UDP | 0 | 0
2023-04-26 14:47:57+02 | ICMP | 0 | 0
2023-04-26 14:47:57+02 | TCP | 0 | 0
2023-04-26 14:47:57+02 | UDP | 0 | 0
2023-04-26 14:55:32+02 | ICMP | 0 | 0
2023-04-26 14:55:32+02 | TCP | 0 | 0
2023-04-26 14:55:32+02 | UDP | 0 | 0

On the stdout I see the correct packets parse xenoeye:
xenoeye: Unknown field 148: 0x48 0x9e 0xaa 0x8c ; IPv4 src addr: 10.38.241.215; Src port: 54260; Input SNMP index: 3; IPv4 dst addr: 10.16.7.12; Dst port: 53; Output SNMP index: 4; Protocol: 17; Unknown field 176: 0x00 ; Unknown field 177: 0x00 ; Unknown field 225: 0x0a 0x26 0xf1 0xd7 ; Unknown field 226: 0x0a 0x10 0x07 0x0c ; Unknown field 227: 0xd3 0xf4 ; Unknown field 228: 0x00 0x35 ; Unknown field 233: 0x01 ; Unknown field 33002: 0x00 0x00 ; Unknown field 323: 0x00 0x00 0x01 0x87 0xbd 0xa8 0x86 0x28 ; Unknown field 152: 0x00 0x00 0x01 0x87 0xbd 0xa8 0x86 0x28 ; Unknown field 33000: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 ; Unknown field 33001: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 ; Unknown field 40000: 0x61 0x6e 0x61 0x2e 0x6c 0x65 0x6f 0x6e 0x40 0x69 0x74 0x2e 0x61 0x62 0x62 0x2e 0x63 0x6f 0x6d 0x00 ; *dev-ip: 10.39.6.108; *dev-id: 0, *rate: 256

Both files ...../ingress/mo.conf and .../egress/mo.conf are
{
"filter": "dst net ABB-nets",

    "debug": {
            "dump-flows": "none"
    },

    "fwm": [
            {
                    /* the total number of packets and bytes from our networks, throughout the monitored object */
                    "name": "all",
                    "fields": ["packets", "octets"],
                    "time": 300
            },
            {
                    /* src IP and number of packets/bytes per address */
                    "name": "by_src",
                    "fields": ["packets", "octets", "src host"],
                    "time": 300
            },
            {
                    /* protocol numbers and number of packets/bytes for each protocol */
                    "name": "by_proto",
                    "fields": ["packets", "octets", "proto"],
                    "time": 300
            },
            {
                    /* dst IP and number of bytes to each address */
                    "name": "by_dst",
                    "fields": ["packets", "octets", "dst host"],
                    "time": 300
            }
    ]

}
cat /var/lib/xenoeye/iplists/ABB-nets
10.0.0.0/8

Hi team,

Kindly ask you to add sFlow support.

There are existing two RFC documents (actually, the second one is RFC-like):

1. https://datatracker.ietf.org/doc/html/rfc3176
2. https://sflow.org/sflow_version_5.txt

To get the sFlow stream for the development purposes you could use any hardware or software equipment listed on the page https://sflow.org/products/network.php.
It seems easiest to use native Host sFlow agent https://sflow.net/.
To learn how to properly collect and parse sFlow metrics, you can explore the https://github.com/pmacct/pmacct/ implementation.

Thank you.