Part 5.b: Configure VERMONT (VERsatile MONitoring Toolkit) on CentOS6

What is VERMONT?
“VERMONT (VERsatile MONitoring Toolkit) is an open-source software toolkit for the creation and processing of network flow data, based on monitored Internet packet data.” It can take in packets and spit out IPFIX for instance, but it can do a lot of other things.

Review the configs in the last step below to understand how versatile it is.

Mainline repo and flow-inspector support:
As of May 1st, 2013, Lothar has merged a feature that allows live streaming from flow-inspector.
A new module has been developed to allows VERMONT to push to the flow-inspector redis queue called: ipfixFlowInspectorExporter who’s status Lothar discusses in the “Compiling and Configuring VERMONT” section of his writeup.

This write up will consider the mainline repo, as it will have longevity. I will write up a separate post, as I did with ntop and NDPI, for support for flow-inspector and note below when you should “switch” over to this post.

Download and Build VERMONT:
Download prerequisite:

cd
echo [fedora_repo] >> /etc/yum.repos.d/fedora_repo.repo #allow yum access to the fedora repo
echo name=fedora_repo >> /etc/yum.repos.d/fedora_repo.repo
echo baseurl=http://download1.fedora.redhat.com/pub/epel/\$releasever/\$basearch/ >> /etc/yum.repos.d/fedora_repo.repo
echo enabled=1 >> /etc/yum.repos.d/fedora_repo.repo
echo skip_if_unavailable=1 >> /etc/yum.repos.d/fedora_repo.repo
echo gpgcheck=0 >> /etc/yum.repos.d/fedora_repo.repo
yum -y install git gcc gcc-c++ cmake libpcap libpcap-devel pcre pcre-devel mysql mysql-devel boost boost-devel boost-test boost-filesystem boost-regex libxml2 libxml2-devel hiredis-devel

If you would like to push directly to the redis queue from VERMONT, see Using ipfixFlowInspectorExporter with VERMONT merge-features branch, then return here when stated.

Clone the VERMONT repo:

git clone http://github.com/constcast/vermont.git
cd ./vermont
cmake -D SUPPORT_SCTP=OFF .
ccmake . # set SUPPORT_MYSQL to ON
make
make install

The binary is located: /usr/local/bin/vermont
The configs are located: /usr/local/share/vermont/configs

Download and Build the VERMONT Manager web UI:

Add the Fedora repo to yum:

echo [fedora_repo] >> /etc/yum.repos.d/fedora_repo.repo #allow yum access to the fedora repo
echo name=fedora_repo >> /etc/yum.repos.d/fedora_repo.repo
echo baseurl=http://download1.fedora.redhat.com/pub/epel/\$releasever/\$basearch/ >> /etc/yum.repos.d/fedora_repo.repo
echo enabled=1 >> /etc/yum.repos.d/fedora_repo.repo
echo skip_if_unavailable=1 >> /etc/yum.repos.d/fedora_repo.repo
echo gpgcheck=0 >> /etc/yum.repos.d/fedora_repo.repo

Install prerequisites:

cd
yum install python-devel mod_python python-pip graphviz graphviz-devel graphviz-python rrdtool rrdtool-devel rrdtool-python
pip-python -v install cheetah pydot pydns pyparsing==1.5.6 #`pyparsing==1.5.6` since I am using centos6, the python version is currently 2.x
easy_install 4Suite-XML #cannot use pip-python for this package

Build VERMONT Manager:

cd
git clone http://github.com/constcast/vmanager.git
cd ./vmanager
bash ./build_target.sh
mkdir /usr/local/bin/vmanager
mv ./target/* /usr/local/bin/vmanager #this will be known as "target" in the docs

Configure the Controller:
The documentation is missing from the source tree, but is available in the github wiki.

The controller interfaces with the VERMONT instance:

mkdir /var/log/vermont
/usr/local/share/vermont/configs/
sed s@"VermontDir=../../vermont"@"VermontDir=/usr/local/bin"@ -i /usr/local/bin/vmanager/controller/vermontcontroller.conf
sed s@"ConfigFile=vermont_default.conf"@"../share/vermont/configs/example.xml"@ -i /usr/local/bin/vmanager/controller/vermontcontroller.conf
sed s@"ControllerLogFile=/var/log/monkit/vcontroller.log"@"ControllerLogFile=/var/log/vermont/vcontroller.log"@ -i /usr/local/bin/vmanager/controller/vermontcontroller.conf
sed s@"VermontLogFile=/var/log/monkit/vermont.log"@"VermontLogFile=/var/log/vermont/vermont.log"@ -i /usr/local/bin/vmanager/controller/vermontcontroller.conf

Configure the Manager:
The documentation is missing from the source tree, but it is available in the github wiki.

The manager interfaces with the controller and provides the web UI:

Interval: interval in which the VERMONT Manager polls the controller to poll the vermont instance for stats.
EnableDynamicConf: Will automatically poll the status of vermont instances, located by the presence in VERMONT config file (see ../common/VermontConfigurator.py).
AllowedWebIP: application level firewall.
BindAddress: address to bind to.

vim /usr/local/bin/vmanager/manager/vm.conf
sed s@"Logfile=manager.log"@"Logfile=/var/log/vermont/manager.log"@ -i /usr/local/bin/vmanager/manager/vm.conf

Run the controller:

python /usr/local/bin/vmanager/controller/VermontController.py /usr/local/bin/vmanager/controller/vermontcontroller.conf

Run the manager:

python /usr/local/bin/vmanager/manager/VermontManager.py /usr/local/bin/vmanager/manager/vm.conf

Configure httpd:

Create a basic auth user `vmanager` and set the password:

htpasswd -c /usr/local/bin/vmanager/htpasswd.user vmanager
chmod o-r /usr/local/bin/vmanager/htpasswd.user
chown root:apache /usr/local/bin/vmanager/htpasswd.user

Modify the following and save it to /etc/httpd/conf.d/vmanager.conf

<VirtualHost *:80>
    ServerAdmin root@localhost
    DocumentRoot  "/usr/local/bin/vmanager/webinterface"
    ServerName HOSTNAME.DOMAIN.LOCAL
    Options FollowSymLinks

    SetEnv PYTHON_EGG_CACHE "/tmp"

    <Directory />
        #was originally All set by Lothar Braun
		AllowOverride None
        Order Allow,Deny
        Allow from all
	    # basic authentication with insecure user/password stored in file
        #for ldap integration see: http://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html#authbasicprovider & http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html
		AuthBasicProvider file
        AuthUserFile /usr/local/bin/vmanager/htpasswd.user
        AuthName "VERMONT Manager Web"
        AuthType Basic
        Require valid-user
        AddHandler mod_python .py
        PythonHandler mod_python.publisher
        PythonDebug on
    </Directory>

</VirtualHost>

Note that this is not secure until you implement HTTPS to secure the transmitted data.

Configure iptables:

vim /etc/sysconfig/iptables

Add the following where applicable

-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

Configure SELinux:
For now disable:

setenforce permissive
sed s/SELINUX\=enforcing/SELINUX\=permissive/ -i /etc/sysconfig/selinux

Access the web UI:
http://HOSTNAME/start.py

Configure VERMONT:
Once you have VERMONT up and running, you will see value in tweaking a config file for use.

Check out the `configs` directory for a variety of examples:

ls /usr/local/share/vermont/configs/
Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: