Versions Compared

Old Version 1

changes.mady.by.user Mark Dueck

Saved on

compared with

New Version 2

changes.mady.by.user Mark Dueck

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

opflow-cli.pl

opflow-cli.pl is your friend!allows you to run setup routines, create reports, manually load flow files and generally run CRUD operations on endpoints/apps/agents/filters. 

Run opflow-cli.pl -h to get help, this bit was missing but will be added later.:

Code Block
Usage: opflow-cli.pl act=operation [option=A...] [param=X...]
opflow-cli.pl act=setup-db [drop=true] [usepercent=NN]
opflow-cli.pl act=setup-iana [url=...|file=...]
opflow-cli.pl act=(purge|purge-raw|purge-endpoints|purge-indices)
opflow-cli.pl act=load-flows file=...
opflow-cli.pl act=list-endpoints [searchprop=value...]
value can be regex:...

opflow-cli.pl act=create-endpoint property=value...
opflow-cli.pl act=show-endpoint ip=address
opflow-cli.pl act=update-endpoint ip=address entry.propname=value...
opflow-cli.pl act=delete-endpoint ip=address

opflow-cli.pl act=list-apps [searchprop=value...]
opflow-cli.pl act=(create-app|update-app) number=N protocol=M name=X description=Y
opflow-cli.pl act=delete-app number=N protocol=M

opflow-cli.pl act=list-agents
opflow-cli.pl act=update-agent agent=X [in_if=Y out_if=Z] admin_status=(active|inactive)

opflow-cli.pl act=list-filters [include_inactive=0/1]
opflow-cli.pl act=show-filter name=F
opflow-cli.pl act=disable-filter name=F
opflow-cli.pl act=create-filter name=F [description=D] propA=X,Y,Z [propB=...]
properties: agent application endpoint proto src_ip dst_ip src_port dst_port
filter expressions: A,B,C for list of choices, regex:string supported
for all properties except agent and proto.
proto must be number or list of numbers. agent must be agent_ip
(for all interfaces), or agent_ip:in_ifidx:out_ifidx.

opflow-cli.pl act=create-report [param=...]

options:
quiet=1: suppress output, only set exit code
debug=1: more verbose debugging output

Manage Agents

Agents and the interfaces seen on those agents can be viewed, set inactive or set active.  A "wildcard" agent record can be seen for each agent IP that opFlow has received flows from, setting the active/inactive flag on this record disable all flows coming form this agent.  In addition to this, an entry for each agent+in_if+out_if combo is also stored which allows disabling flows from specific interfaces and directions.

Note: Disabling all flows in+out of an interface will remove it from the licensing count (lowering the used count by one interface).  opFlow 3.0.2 requires each combo to be disabled, just disabling the wildcard record will not remove the interfaces from the licensing count.

Get a list of Agents

/usr/local/omk/bin/opflow-cli.pl act=list-agents

e.g.

Code Block
[root@server:/usr/local/omk/bin]#(2) ./opflow-cli.pl act=list-agents
opflow-cli.pl Version 23.1021.0

Copyright (C) 2015 Opmantek Limited (www.opmantek.com)
This program comes with ABSOLUTELY NO WARRANTY;
See www.opmantek.com or email contact@opmantek.com
opFlow 1.0 is licensed to Hearst CorporationOpmantek for Unlimited Interfaces on a single server - not for resale - Expires 19-Feb-201650 Interfaces

Agent IP	In Intf	Out Intf	Active	Last Seen
10120.19229.690.250102	1722	1641	inactive	Fri Feb  5 04:57active	Tue Apr 19 13:53:57 2016
120.29.0.102	1	2	active	Tue Apr 19 13:53:57 2016
10120.7329.2380.6102	9091	570	inactiveactive	FriTue FebApr 19 5 0413:5753:57 2016
10120.7329.2380.7102	909*	909*	active	FriTue FebApr 19 5 0413:4953:57 2016
152192.179168.115.250	9	19	active	Fri Feb  5 04:5788.254	8	1	active	Tue Apr 19 13:40:01 2016
192.168.88.254	2	1	active	Tue Apr 19 13:53:57 2016
167192.173168.2988.6254	910	141	active	FriTue FebApr 19 5 0413:5753:57 2016
172192.19168.3988.36254	131	148	inactiveactive	ThuTue FebApr 19 4 2313:5540:3501 2016

Stop Processing Flows from an Agent/Interface

To disable processing flows from an agent, disable all agent+in_if+out_if entries.  Here is an example of disabling a single agent interface:

Code Block
# disable a whole agent
/usr/local/omk/bin/opflow-cli.pl act=update-agent agent=120.29.0.102 admin_status=inactive
 
# disable an interface: in both directions to remove a single interface
/usr/local/omk/bin/opflow-cli.pl act=update-agent agent=120.29.0.102 in_if=2 out_if=1 admin_status=inactive
/usr/local/omk/bin/opflow-cli.pl act=update-agent agent=

...

120.

...

29.

...

0.102 in_if=1 out_if=2 admin_status=inactive

Start Processing Flows from an Agent

...

/Interface

Note: Enabling an agent which has individual interface records disabled will not enable those interface records as well.

Code Block
# enable a whole agent, 
/usr/local/omk/bin/opflow-cli.pl act=update-agent agent=

...

120.

...

29.

...

0.

...

102 admin_status=

...

Manage Filters

Create a Filter Based on the Agent

inactive


# enable flows in both directions to add a single interface back, only a single direction can be enabled if desired
/usr/local/omk/bin/opflow-cli.pl act=

...

update-agent agent=120.29.0.102 in_if=2 out_if=1 admin_status=active
/usr/local/omk/bin/opflow-cli.pl act=

...

update-agent agent=120.29.0.102 in_if=1 out_if=2 admin_status=active

Manage Filters

Filters allow you to create pre-defined searches that will load quickly in the GUI.  A filter must be in place before the flows arrive as the flows are tagged with the filter when they are processed.  Any flows that match the filter but arrived before the filter was created will not be displayed.  

Note: Agents are filtered automatically, there is no need to create extra filters for them.

Create a Filter Based on the Application

Code Block
/usr/local/omk/bin/opflow-cli.pl act=create-filter name

...

=HTTP application=http
/usr/local/omk/bin/opflow-cli.pl act=create-filter name=HTTPS application=https