-
Leigh B. Stoller authored
into per-experiment databases on ops. Additional support for reconsituting those databases back into temporary databases on ops, for post processing. * This revision relies on the "snort" port (/usr/ports/security/snort) to read the pcap files and load them into a database. The schema is probably not ideal, but its better then nothing. See the file ops:/usr/local/share/examples/snort/create_mysql for the schema. * For simplicity, I have hooked into loghole, which already had all the code for downloading the trace data. I added some new methods to the XMLRPC server for loghole to use, to get the users DB password and the name of the per-experiment database. There is a new slot in the traces table that indicates that the trace should be snorted to its DB. In case you forgot, at the end of a run or when the instance is swapped out, loghole is run to download the trace data. * For reconsituting, there are lots of additions to opsdb_control and opsdb_control.proxy to create "temporary" databases and load them from a dump file that is stored in the archive. I've added a button to the Template Record page, inappropriately called "Analyze" since right now all it does is reconsitute the trace data into a DB on ops. Currently, the only indication of what has been done (the name of the DBs created on ops) is the log email that the user gets. A future project is tell the user this info in the web interface. * To turn on database capturing of trace data, do this in your NS file: set link0 ... $link0 trace $link0 trace_snaplen 128 $link0 trace_db 1 the increase in snaplen is optional, but a good idea if you want snort to undertand more then just ip headers. * Also some changes to the parser to allow plain experiments to take advantage of all this stuff. To simple get yourself a per-experiment DB, put this in your NS file: tb-set-dpdb 1 however, anytime you turn trace_db on for a link or lan, you automatically get a per-experiment DB. * To capture the trace data to the DB, you can run loghole by hand: loghole sync -s the -s option turns on the "post-process" phase of loghole.
4ce9c421