Re: pflow collection and analysis
On 2013-05-02, Jan Stary wrote: > Thanks for the recommendation. I just installed nfdump-1.6.3.1p0 > and noticed that there is no rc.d script - is that expected? yes, you often want to run multiple nfcapd collectors and rc.d(8), which is kept simple on purpose, can't handle this type of situation directly. > Is nfcapd supposed to be run from rc.local? that's one option. another is to use it with nfsen, which does have an rc.d script; nfsen starts nfcapd instances for you according to your config. > Also, the -u and -g options of nfcapd do not seem to work: > while the _nfcapd user and group are created by the package, > nfcapd simply does not start if I try to use -u or -g. > (Without it, it runs just fine). I don't recall the full details, but this seems to work fine when setup using nfsen. This reminds me, I have an update for this to commit ;)
Re: Sturdy and secure mail server
Hi Irek, On Thu, May 02, 2013 at 09:37:35PM +0200, Ireneusz Szcześniak wrote: > * Depending on the address with which I send my mail (I have three > different email addresses), my server should relay the mail to the > mail server, where I have the account (for instance gmail.com). > > * I want my server to receive emails from my three accounts with IMAP. >From your descriptions, it sounds as though you're trying to sync your three remote IMAP accounts (e.g. GMAIL, work mail, etc) to a local IMAP server. Is this correct? If so, you might want to look at offlineimap, http://offlineimap.org/ , which syncs remote IMAP servers to either a local IMAP server or to Maildir. Best wishes, Ryan -- |_)|_/ Ryan Kavanagh | Debian Developer | \| \ http://ryanak.ca/ | GPG Key 4A11C97A
Re: Sturdy and secure mail server
On Thu, 2 May 2013, Matthew Weigel wrote: > On 2013-05-02 16:56, Chris Cappuccio wrote: > > > You are going to spend a bit of time in the MTA and Dovecot docs to > > figure out some of these things. Now, if you use fdm, you really > > don't need an MTA at all. fdm would have to deliver to the dovecot > > LDA or use its own LDA in the same directory structure that > > Dovecot retrieves mail from... > > This is the important part: dovecot and postfix or opensmtpd can do what > you need. There are a ton of details to understand and get right, so > reading the docs is really your best starting point. Most of what > you've described is a bog standard mail server with IMAP hosting, plus a > mail client that knows about multiple mail accounts, plus an IMAP fetch > (maybe?). > A better solution would be mailserv - OpenBSD based and it includes all of the management tools for a mail server: github.com/mailserv The Rails manager app is way cool. Lee
Re: Sturdy and secure mail server
On 2013-05-02 16:56, Chris Cappuccio wrote: You are going to spend a bit of time in the MTA and Dovecot docs to figure out some of these things. Now, if you use fdm, you really don't need an MTA at all. fdm would have to deliver to the dovecot LDA or use its own LDA in the same directory structure that Dovecot retrieves mail from... This is the important part: dovecot and postfix or opensmtpd can do what you need. There are a ton of details to understand and get right, so reading the docs is really your best starting point. Most of what you've described is a bog standard mail server with IMAP hosting, plus a mail client that knows about multiple mail accounts, plus an IMAP fetch (maybe?). Or maybe there is something you're not being clear about in your description, in which case... you REALLY need to read the docs, because no one else can be sure they're describing how to do the thing you ACTUALLY want to do. Are all of the accounts gmail, and you simply want to archive all gmail messages somewhere away from Google? Do you intend to run the MX for some of these accounts, but not all? Definitely read the docs. -- Matthew Weigel hacker unique & idempot . ent
5.3 fixed PXE booting for me!
Yesterday I updated my Soekris 4511 to v5.3. I am just amused that a new OS can run on a 486 100MHz with 32MB RAM and 4G CF for storage! This was also the first time I have tried 'U'pgrading instead of just reinstalling. Very simple procedure - well done! Anyway, today I tried PXE-booting my Atom-based Shuttle XS36V, expecting it to lock up as it alway has. Much to my surprise, it worked! Now, I had tried to dig into this PXE booting issue before and found that it locked up on a system call and digging into that, I found that it was most likely a bug in the BIOS. I also discovered that by ignoring the newer style !PXE structs and using the older PXENV+ syle ones, it worked. I submitted all the info I gathered to Shuttle but never heard back from them and the one or two BIOS updates they released since then didn't fix it. So anyway, thanks to whoever fixed the PXE booting for my machine. To make my thanks more official, I did order a DVD set and t-shirt. Keep up the good work! Jorj
Re: Sturdy and secure mail server
Ireneusz Szcze??niak [irek.szczesn...@gmail.com] wrote: > Hi, > > I'm running OpenBSD 5.2 on i386. I want to run there a personal mail > server (further referred to as "my server") with some specific > requirements. I want my server to be secure and stable. > > These are my critical requirements: > > * My server should support SMTP/IMAP with SSL/TLS. I want my server > and the client (i.e. Thunderbird that I use) to authenticate with > certificates that I issue. > I don't think OpenBSD is capable of hosting an IMAP + TLS server. > * Depending on the address with which I send my mail (I have three > different email addresses), my server should relay the mail to the > mail server, where I have the account (for instance gmail.com). > This is definitely beyond the scope of a robust computer operating system. > * When the email that I send is received by my server, I want my > server to save the email in the Sent mailbox. > That's a function of your mail client and the IMAP server. But of course OpenBSD isn't capable of hosting IMAP so you re out of luck. > * I want the server to keep my email archive of about 5 GB (and > growing). > OpenBSD only works on partitions up to 600MB in size. So 5GB is going to be a serious challenge. Maybe you can split your mail up into several mailboxes with different logins? > * I want to access my mail (Inbox, Sent and Archive) with IMAP. > > * I want my server to receive emails from my three accounts with IMAP. > > The ease and safety of archiving messages would be welcome. I'm an > archiving freak, and I would love to have a reliable and easy way of > archiving my mail. For instance, I love the way how one can archive > git repositories by cloning, because it's safe and keeps the data > consistent. > > Currently I have a desktop to which I login remotely from three > different computers to receive and send mail with Thunderbird. > Thunderbird keeps my email archive, sends and receives mail. The > problem is that I'm tiried of logging into my remote desktop, and > instead I would like to configure Thunderbird for a single IMAP server > and a single SMTP server. > > For now I know that I want to use sendmail, since this is the default > in OpenBSD. > > Any advice would be welcome. Ok, all joking aside... Dovecot is by far the best IMAP server available these days, in my opinion. It's on the ports tree and it meets your requirements. The only thing in your entire list that Dovecot doesn't handle by default is the multiple-smarthost outgoing mail relay. That will require specfic MTA configuration. And you may be better off just pointing the MX records to your server in that case... If you don't do that, you will need an external utility like fdm to grab your mail from the actual server. I would use Postfix or OpenSMTPD as a MTA. Sendmail is too old and archaic, I don't think it's worth learning if you don't already know it. Spending your time with an MTA of newer design is going to be nicer. You are going to spend a bit of time in the MTA and Dovecot docs to figure out some of these things. Now, if you use fdm, you really don't need an MTA at all. fdm would have to deliver to the dovecot LDA or use its own LDA in the same directory structure that Dovecot retrieves mail from... Chris
OpenBSD images and songs
hi, I am writing a game dedicated at Puffy (OpenBSD' mascotte): "Super Sub Puffy". The license of the game is the ISC [0]. Can I use images [1] and songs [2]? [0]http://en.wikipedia.org/wiki/ISC_license [1]http://www.openbsd.org/art1.html [2]http://www.openbsd.org/lyrics.html Regards, Alfonso Alfonso Sabato Siciliano
Sturdy and secure mail server
Hi, I'm running OpenBSD 5.2 on i386. I want to run there a personal mail server (further referred to as "my server") with some specific requirements. I want my server to be secure and stable. These are my critical requirements: * My server should support SMTP/IMAP with SSL/TLS. I want my server and the client (i.e. Thunderbird that I use) to authenticate with certificates that I issue. * Depending on the address with which I send my mail (I have three different email addresses), my server should relay the mail to the mail server, where I have the account (for instance gmail.com). * When the email that I send is received by my server, I want my server to save the email in the Sent mailbox. * I want the server to keep my email archive of about 5 GB (and growing). * I want to access my mail (Inbox, Sent and Archive) with IMAP. * I want my server to receive emails from my three accounts with IMAP. The ease and safety of archiving messages would be welcome. I'm an archiving freak, and I would love to have a reliable and easy way of archiving my mail. For instance, I love the way how one can archive git repositories by cloning, because it's safe and keeps the data consistent. Currently I have a desktop to which I login remotely from three different computers to receive and send mail with Thunderbird. Thunderbird keeps my email archive, sends and receives mail. The problem is that I'm tiried of logging into my remote desktop, and instead I would like to configure Thunderbird for a single IMAP server and a single SMTP server. For now I know that I want to use sendmail, since this is the default in OpenBSD. Any advice would be welcome. Thanks, Irek -- Ireneusz (Irek) Szczesniak http://www.irkos.org
fetchmail SMTP error: 553 5.1.8
Hi, I use fetchmail to download emails. Some emails are with domain names that cannot be resolved by DNS server. Fetchmail prompts the SMTP error code 553 5.1.8 that 'domain of sender address does not exist'. I guess this error code is from sendmail which refuses to rely emails with invalid domain names. Can I configure sendmail to not check domain name validility? Kind regards, Xianwen
Re: pflow collection and analysis
Jan Stary(h...@stare.cz) on 2013.05.02 16:08:34 +0200: > Hm, setting the flow sender to 127.0.0.1 solved it > > $ cat /etc/hostname.pflow0 > flowsrc 127.0.0.1 flowdst 127.0.0.1:9995 pflowproto 5 > > That is, nfscapd didn't see any flows if the reports > were comming from 0.0.0.0; now that flowsrc is specified, > so the reports come from 127.0.0.1, everything is OK. > Is that intended? While not completly intended, you currently have to set the sender address correctly. Don't use 0.0.0.0. /Benno
Re: Attn. VMware users / OpenBSD 5.3 kernel panic on boot
Am 02.05.2013 um 17:37 schrieb James Shupe : >> I just tried to upgrade a VMware machine from OpenBSD 5.2 to OpenBSD >> 5.3. Sadly with the new 5.3 kernel it panics when it gets to the CPUs. >> >> http://s10.postimg.org/v50muwvqx/crash1.png >> http://s9.postimg.org/4wjed57rj/crash2.png >> >> For now I was able to boot the system with the old 5.2 kernel. >> >> Any help would be appreciated. >> > > What VMware version? Works fine in my environment so far. > The VMware version is interesting, but the really intersting information is found in the .vmx configuration file that includes the virtual hardware version (virtualHW.version), guestOS (I usually use FreeBSD-64 for OpenBSD/amd64) and all the other flags that can affect OpenBSD. Reyk
Re: Attn. VMware users / OpenBSD 5.3 kernel panic on boot
running a few amd64 5.2, 5.3 and -current on top of vmplayer and esxi 4.x without problems. -luis On Thu, May 2, 2013 at 9:37 AM, James Shupe wrote: > > I just tried to upgrade a VMware machine from OpenBSD 5.2 to OpenBSD > > 5.3. Sadly with the new 5.3 kernel it panics when it gets to the CPUs. > > > > http://s10.postimg.org/v50muwvqx/crash1.png > > http://s9.postimg.org/4wjed57rj/crash2.png > > > > For now I was able to boot the system with the old 5.2 kernel. > > > > Any help would be appreciated. > > > > What VMware version? Works fine in my environment so far. > > -- > James Shupe
Re: Attn. VMware users / OpenBSD 5.3 kernel panic on boot
It is a hosted VM, but I asked for the config file. OpenBSD 5.3 (GENERIC) #50: Tue Mar 12 18:35:23 MDT 2013 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(R) CPU X3470 @ 2.93GHz ("GenuineIntel" 686-class) 0 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,NXE,LONG,SSE3,SSSE3,CX16,SSE4.1,SSE4.2,POPCNT,LAHF,PERF,ITSC real mem = 133689344 (127MB) avail mem = 120545280 (114MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 07/29/08, BIOS32 rev. 0 @ 0xfd780, SMBIOS rev. 2.4 @ 0xe4010 (45 entries) bios0: vendor Phoenix Technologies LTD version "6.00" date 07/29/2008 bios0: VMware, Inc. VMware Virtual Platform acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP BOOT APIC MCFG SRAT acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) Z00P(S3) Z00Q(S3) Z00R(S3) Z00S(S3) Z00T(S3) Z00U(S3) Z00V(S3) Z00W(S3) Z00X(S3) Z00Y(S3) Z00Z(S3) Z010(S3) Z011(S3) Z012(S3) Z013(S3) Z014(S3) Z015(S3) Z016(S3) Z017(S3) Z018(S3) Z019(S3) Z01A(S3) Z01B(S3) P2P1(S3) S1F0(S3) S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) Z00P(S3) Z00Q(S3) Z00R(S3) Z00S(S3) Z00T(S3) Z00U(S3) Z00V(S3) Z00W(S3) Z00X(S3) Z00Y(S3) Z00Z(S3) Z010(S3) Z011(S3) Z012(S3) Z013(S3) Z014(S3) Z015(S3) Z016(S3) Z017(S3) Z018(S3) Z019(S3) Z01A(S3) Z01B(S3) P2P2(S3) S1F0(S3) S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) Z00P(S3) Z00Q(S3) Z00R(S3) Z00S(S3) Z00T(S3) Z00U(S3) Z00V(S3) Z00W(S3) Z00X(S3) Z00Y(S3) Z00Z(S3) Z010(S3) Z011(S3) Z012(S3) Z013(S3) Z014(S3) Z015(S3) Z016(S3) Z017(S3) Z018(S3) Z019(S3) Z01A(S3) Z01B(S3) P2P3(S3) S1F0(S3) S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) Z00P(S3) Z00Q(S3) Z00R(S3) Z00S(S3) Z00T(S3) Z00U(S3) Z00V(S3) Z00W(S3) Z00X(S3) Z00Y(S3) Z00Z(S3) Z010(S3) Z011(S3) Z012(S3) Z013(S3) Z014(S3) Z015(S3) Z016(S3) Z017(S3) Z018(S3) Z019(S3) Z01A(S3) Z01B(S3) PE40(S3) S1F0(S3) PE50(S3) S1F0(S3) PE60(S3) S1F0(S3) PE70(S3) S1F0(S3) PE80(S3) S1F0(S3) PE90(S3) S1F0(S3) PEA0(S3) S1F0(S3) PEB0(S3) S1F0(S3) PEC0(S3) S1F0(S3) PED0(S3) S1F0(S3) PEE0(S3) S1F0(S3) PE41(S3) S1F0(S3) PE42(S3) S1F0(S3) PE43(S3) S1F0(S3) PE44(S3) S1F0(S3) PE45(S3) S1F0(S3) PE46(S3) S1F0(S3) PE47(S3) S1F0(S3) PE51(S3) S1F0(S3) PE52(S3) S1F0(S3) PE53(S3) S1F0(S3) PE54(S3) S1F0(S3) PE55(S3) S1F0(S3) PE56(S3) S1F0(S3) PE57(S3) S1F0(S3) PE61(S3) S1F0(S3) PE62(S3) S1F0(S3) PE63(S3) S1F0(S3) PE64(S3) S1F0(S3) PE65(S3) S1F0(S3) PE66(S3) S1F0(S3) PE67(S3) S1F0(S3) PE71(S3) S1F0(S3) PE72(S3) S1F0(S3) PE73(S3) S1F0(S3) PE74(S3) S1F0(S3) PE75(S3) S1F0(S3) PE76(S3) S1F0(S3) PE77(S3) S1F0(S3) PE81(S3) S1F0(S3) PE82(S3) S1F0(S3) PE83(S3) S1F0(S3) PE84(S3) S1F0(S3) PE85(S3) S1F0(S3) PE86(S3) S1F0(S3) PE87(S3) S1F0(S3) PE91(S3) S1F0(S3) PE92(S3) S1F0(S3) PE93(S3) S1F0(S3) PE94(S3) S1F0(S3) PE95(S3) S1F0(S3) PE96(S3) S1F0(S3) PE97(S3) S1F0(S3) PEA1(S3) S1F0(S3) PEA2(S3) S1F0(S3) PEA3(S3) S1F0(S3) PEA4(S3) S1F0(S3) PEA5(S3) S1F0(S3) PEA6(S3) S1F0(S3) PEA7(S3) S1F0(S3) PEB1(S3) S1F0(S3) PEB2(S3) S1F0(S3) PEB3(S3) S1F0(S3) PEB4(S3) S1F0(S3) PEB5(S3) S1F0(S3) PEB6(S3) S1F0(S3) PEB7(S3) S1F0(S3) SLPB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 65MHz kernel: integer divide fault trap, code=0 Stopped at __qdivrem+0x3b: divl%ecx,%eax __qdivrem(0,1,0,0,0) at __qdivrem+0x3b __udivdi3(0,1,0,0,e) at __udivdi3+0x2e lapic_calibrate_timer(d0b0e7c0,0,30,d09e0680,0) at lapic_calibrate_timer+0x229 cpu_attach(d0f18fc0,d0e2b400,d0bc9bf4,d03f4a8b,0) at cpu_attach+0x129 config_attach(d0f18fc0,d09e0680,d0bc9bf4,d0857990,0) at config_attach+0x1bb acpimadt_attach(d0f16c00,d0f9fd80,d0bc9c84,d03f4a8b,d0847ad0) at acpimadt_attach+0x34a config_attach(d0f16c00,d09e16c0,d0bc9c84,d0848780,0) at config_attach+0x1bb acpi_attach(d0f18f80,d0f16c00,d0bc9d74,d03f4a8b,0) at acpi_attach+0x510 config_attach(d0f18f80,d09e15a0,d0bc9d74,d0790420,2d) at config_attach+0x1bb biosattach(d0f18fc0,d0f18f80,d0bc9e54,d03f4a8b,0) at biosattach+0x456 ddb> __qdivrem(0,1,0,0,0) at __qdivrem+0x3b __udivdi3(0,1,0,0,e) at __udivdi3+0x2e lapic_calibrate_timer(d0b0e7c0,0,30,d09e0680,0) at lapic_calibrate_timer+0x229 cpu_attach(d0f18fc0,d0e2b400,d0bc9bf4,d03f4a8b,0) at cpu_attach+0x129 config_attach(d0f18fc0,d09e0680,d0bc9bf4,d0857990,0) at config_attach+0x1bb acpimadt_attach(d0f16c00,d0f9fd80,d0bc9c84,d03f4a8b,d0847ad0) at acpimadt_attach+0x34a config_attach(d0f16c00,d09e16c0,d0bc9c84,d0848780,0) at config_attach+0x1bb acpi_attach(d0f18f80,d0f16c00,d0bc9d74,d03f4a8b,0) at acpi_attach+0x510 config_attach(d0f18f80,d09e15a0,d0bc9d74,d0790420,2d) at config_attach+0x1bb biosattach(d0f18fc0,d0f18f80,d0bc9e54,d03f4a8b,0) at biosattach+0x456 config_attach(d0f18fc0,d09e0620,d0bc9e54,d05b5910,0) at config_attach+0x1bb mainbus_attach(0,d
Re: Attn. VMware users / OpenBSD 5.3 kernel panic on boot
> I just tried to upgrade a VMware machine from OpenBSD 5.2 to OpenBSD > 5.3. Sadly with the new 5.3 kernel it panics when it gets to the CPUs. > > http://s10.postimg.org/v50muwvqx/crash1.png > http://s9.postimg.org/4wjed57rj/crash2.png > > For now I was able to boot the system with the old 5.2 kernel. > > Any help would be appreciated. > What VMware version? Works fine in my environment so far. -- James Shupe
Re: Attn. VMware users / OpenBSD 5.3 kernel panic on boot
I don't have any problems, can you show me your full dmesg and .vmx config file? Reyk Am 02.05.2013 um 17:19 schrieb Michael : > Hi, > > I just tried to upgrade a VMware machine from OpenBSD 5.2 to OpenBSD > 5.3. Sadly with the new 5.3 kernel it panics when it gets to the CPUs. > > http://s10.postimg.org/v50muwvqx/crash1.png > http://s9.postimg.org/4wjed57rj/crash2.png > > For now I was able to boot the system with the old 5.2 kernel. > > Any help would be appreciated. > > Thanks, > Michael
Attn. VMware users / OpenBSD 5.3 kernel panic on boot
Hi, I just tried to upgrade a VMware machine from OpenBSD 5.2 to OpenBSD 5.3. Sadly with the new 5.3 kernel it panics when it gets to the CPUs. http://s10.postimg.org/v50muwvqx/crash1.png http://s9.postimg.org/4wjed57rj/crash2.png For now I was able to boot the system with the old 5.2 kernel. Any help would be appreciated. Thanks, Michael
Re: pflow collection and analysis
On Thu, May 2, 2013 at 5:55 AM, Jan Stary wrote: > Also, the -u and -g options of nfcapd do not seem to work: > while the _nfcapd user and group are created by the package, > nfcapd simply does not start if I try to use -u or -g. > (Without it, it runs just fine). I use the following without incident: /usr/local/bin/nfcapd -b 127.0.0.1 -l /var/log/nfcapd -t 600 -w -D -u _nfcapd
Re: pflow collection and analysis
On May 02 15:25:34, h...@stare.cz wrote: > Ok, so my pflow interface is up,: > > pflow0: flags=141 mtu 1492 > priority: 0 > pflow: sender: 0.0.0.0 receiver: 127.0.0.1:9995 version: 5 > groups: pflow > > The created states are exported: > > set state-defaults pflow, no-sync > (Also pfctl -sr says so) > > The nfcapd is listening: > > # pgrep -fl nfcap > 20264 /usr/local/bin/nfcapd -b 127.0.0.1 -4 -l /netflow -S 0 -w -D > > The flow packets are sent to the listening nfcapd: > > # tcpdump -i pflow0 > tcpdump: listening on pflow0, link-type RAW > 15:10:25.500196 0.0.0.0.61175 > localhost.9995: udp 744 (DF) [tos 0x10] > 15:11:44.512890 0.0.0.0.61175 > localhost.9995: udp 888 (DF) [tos 0x10] > 15:12:44.562534 0.0.0.0.61175 > localhost.9995: udp 168 (DF) [tos 0x10] > 15:13:44.681469 0.0.0.0.61175 > localhost.9995: udp 120 (DF) [tos 0x10] > 15:14:40.690466 0.0.0.0.61175 > localhost.9995: udp 456 (DF) [tos 0x10] > 15:15:47.701228 0.0.0.0.61175 > localhost.9995: udp 984 (DF) [tos 0x10] > 15:16:41.709903 0.0.0.0.61175 > localhost.9995: udp 456 (DF) [tos 0x10] > > The running nfcapd is writing the captured files >-rw-r--r-- 1 root wheel 276 May 2 15:10 nfcapd.201305021505 >-rw-r--r-- 1 root wheel 276 May 2 15:15 nfcapd.201305021510 >-rw-r--r-- 1 root wheel 276 May 2 15:15 nfcapd.current > > But none of the files contains any actual flows. > They are all of size 276, probably just the header. > At the end of every interval, the log says > > May 2 15:20:10 gw nfcapd[20264]: Ident: 'none' Flows: 0, Packets: 0, > Bytes: 0, Sequence Errors: 0, Bad Packets: 0 > May 2 15:20:10 gw nfcapd[20264]: Total ignored packets: 0 > > I must be missing something obvious. > Can someone please give a hint? Hm, setting the flow sender to 127.0.0.1 solved it $ cat /etc/hostname.pflow0 flowsrc 127.0.0.1 flowdst 127.0.0.1:9995 pflowproto 5 That is, nfscapd didn't see any flows if the reports were comming from 0.0.0.0; now that flowsrc is specified, so the reports come from 127.0.0.1, everything is OK. Is that intended? Jan
Re: pflow collection and analysis
Ok, so my pflow interface is up,: pflow0: flags=141 mtu 1492 priority: 0 pflow: sender: 0.0.0.0 receiver: 127.0.0.1:9995 version: 5 groups: pflow The created states are exported: set state-defaults pflow, no-sync (Also pfctl -sr says so) The nfcapd is listening: # pgrep -fl nfcap 20264 /usr/local/bin/nfcapd -b 127.0.0.1 -4 -l /netflow -S 0 -w -D The flow packets are sent to the listening nfcapd: # tcpdump -i pflow0 tcpdump: listening on pflow0, link-type RAW 15:10:25.500196 0.0.0.0.61175 > localhost.9995: udp 744 (DF) [tos 0x10] 15:11:44.512890 0.0.0.0.61175 > localhost.9995: udp 888 (DF) [tos 0x10] 15:12:44.562534 0.0.0.0.61175 > localhost.9995: udp 168 (DF) [tos 0x10] 15:13:44.681469 0.0.0.0.61175 > localhost.9995: udp 120 (DF) [tos 0x10] 15:14:40.690466 0.0.0.0.61175 > localhost.9995: udp 456 (DF) [tos 0x10] 15:15:47.701228 0.0.0.0.61175 > localhost.9995: udp 984 (DF) [tos 0x10] 15:16:41.709903 0.0.0.0.61175 > localhost.9995: udp 456 (DF) [tos 0x10] The running nfcapd is writing the captured files -rw-r--r-- 1 root wheel 276 May 2 15:10 nfcapd.201305021505 -rw-r--r-- 1 root wheel 276 May 2 15:15 nfcapd.201305021510 -rw-r--r-- 1 root wheel 276 May 2 15:15 nfcapd.current But none of the files contains any actual flows. They are all of size 276, probably just the header. At the end of every interval, the log says May 2 15:20:10 gw nfcapd[20264]: Ident: 'none' Flows: 0, Packets: 0, Bytes: 0, Sequence Errors: 0, Bad Packets: 0 May 2 15:20:10 gw nfcapd[20264]: Total ignored packets: 0 I must be missing something obvious. Can someone please give a hint? Jan
Re: pflow collection and analysis
On May 01 11:31:23, deich...@wrench.com wrote: > I use nfdump for netflow collection and analysis. On May 01 20:01:27, hrv...@srce.hr wrote: > If you export v5 flows from openbsd 5.3 go with nfdump/nfsen On May 01 22:22:50, pe...@bsdly.net wrote: > My absolute favorite is nfdump feeding nfsen. Thanks for the recommendation. I just installed nfdump-1.6.3.1p0 and noticed that there is no rc.d script - is that expected? Is nfcapd supposed to be run from rc.local? Would it be an improvement to write a rc.d script? Also, the -u and -g options of nfcapd do not seem to work: while the _nfcapd user and group are created by the package, nfcapd simply does not start if I try to use -u or -g. (Without it, it runs just fine). Jan
UEFI "secure boot" and dual boot question
Hello list, Has anyone managed to set dual boot on an UEFI box with "secure boot" left enabled? If the answer is yes, are there some instructions how to achieve that? I am trying to install -current on a Lenovo Y400 notebook, leaving pre-installed windows 8 intact, as per the wishes of the owner of the box. Thanks in advance for your responses
Re: pflow collection and analysis
If you don't have too many flows (seeing as you are using it for the home network), you could install Splunk* with the "Netflow for Splunk" application (which uses nfcapd/nfdump) instead of using nfsen. This allows you to correlate flows with other type of interesting log information as well as allow you to visualise it (e.g. using Google maps, various graphs and so on). Tor * The "free" version can index 500MB day; I have not yet reached that limit for my home network. Cannot run on OpenBSD. On Wed, May 01, 2013 at 10:22:50PM +0200, Peter N. M. Hansteen wrote: > Jan Stary writes: > > > I just started using plfow(4) on the router/firewall > > of my small home network. What do people recommend for > > collection and analysis tools? So far, I am aware of > > packages for flow-tools, flowd, and softflowd. > > My absolute favorite is nfdump feeding nfsen. pkg_add nfsen and reading > the package message should get you alle the way there inside a few > minutes. > > - P > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
OpenBSD 5.3 - All Shipped
We've finished shipping. Thank you!
Re: ACPI hack for temperature control
On 05/02/13 02:40, Vadim Zhukov wrote: > 2013/5/2 STeve Andre' mailto:and...@msu.edu>> > > Can someone point me to the proper patch for ACPI so I don't reboot > any more? Thanks. > > > Do you mean disabling acpitz(4) when it does the Wrong Thing, or > ThinkPad-specific patch I was posting some time ago (and still want to > incorporate but after 64-bit time_t)? > > -- > WBR, > Vadim Zhukov > > Sorry -- I mean the acpitz(4) hack to let my W500 get past 79C without rebooting. Time_t I can wait for. ;-) Thanks, STeve Andre'