constcast
/
vermont
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated README file, INSTALL file refers to README file 

git-svn-id: file:///Users/braun/svn/vermont/branches/vermont/dtls-merge@2411 aef3b71b-58ee-0310-9ba9-8811b9f0742f
master
muenz 2010-06-10 12:50:25 +00:00
parent 603c747cc7
commit 46f7051389
2 changed files with 134 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
INSTALL
View File

@ -1,49 +1 @@
This is VERMONT - VERsatile MONitoring Tool.
Released under GPL2
REQUIREMENTS
Required Ubuntu/Debian packages for compilation:
- cmake libboost-dev libxml2-dev libpcap-dev libsctp-dev
Optional:
- libpq-dev (for PostGreSQL support)
- libmysqlclient-dev (for MySQL support)
- libgsl-dev (for connection-based sampling with Bloom filters)
Note: for high efficiency, the PCAP-MMAP modification is suggested.
See <http://public.lanl.gov/cpw/>
INSTALLATION
Compile Procedure:
- call 'cmake .'
- if any adjustment to compilation settings are needed, 'ccmake .' is suggested
- call 'make'
- call './vermont'
- look in /configs for example configuration files
- module documentation can be found at
http://vermont.berlios.de/vermont_module_configuration
NOTES ON MONITORING PORTS
Some switches add an additional field VLAN with size 4Bytes to the layer
2 header. So you have to adjust the <pcap_filter> setting to "vlan and ip".
Futhermore, the Packet::IPHeaderOffset has to adjusted to 18. This can be
done via ccmake . (IP_HEADER_OFFSET).
NOTES ON SOCKET RECEIVE BUFFER
If incoming IPFIX traffic is bursty, increasing the socket receive buffer
reduces packet losses.
System calls for Linux with proc file system:
$ cat /proc/sys/net/core/rmem_default
$ cat /proc/sys/net/core/rmem_max
Write new value X (in bytes):
$ sysctl -w net/core/rmem_default=X
$ sysctl -w net/core/rmem_max=X
Installation instructions can be found in the README file.

133
README Normal file
View File

@ -0,0 +1,133 @@
This is VERMONT - VERsatile MONitoring Tool.
Released under GPL2
Project website: http://vermont.berlios.de
------------
REQUIREMENTS
------------
VERMONT has been tested on Linux and FreeBSD systems.
For compilation, GNU C/C++ compiler and standard libraries are required,
as well as the following Ubuntu/Debian packages (or equivalent packages
of other Linux distributions):
- cmake
- libboost-filesystem-dev
- libboost-regex-dev
- libboost-test-dev
- libxml2-dev
- libpcap-dev
- libsctp-dev (if not available, disable cmake option SUPPORT_SCTP)
The following packages are optional:
- cmake-curses-gui (ccmake, interactive user interface of cmake)
- libpq-dev (for PostGreSQL support)
==> cmake option SUPPORT_PGSQL
- libmysqlclient-dev (for MySQL support)
==> cmake option SUPPORT_MYSQL
- libgsl-dev (for connection-based sampling with Bloom filters)
==> cmake option USE_GSL
-------------------------
BUILDING AND INSTALLATION
-------------------------
This project uses cmake for setting platform- and user-specific compile
options. In order to generate the Makefile for actual compilation, you
need to call in the root of the source directory:
$ cmake .
In order to change the default compile options, use:
$ cmake -D OPTION1=value1 -D OPTION2=value2 ...
To get a list of the most important options, call:
$ cmake -LH
As a user-friendly alternative, you can use the interactive user
interface:
$ ccmake .
If some libraries are installed in custom directories, use:
$ cmake -D CMAKE_PREFIX_PATH=/custom/directory1:/custom/directory2
After successfully generating the Makefile with cmake, start the
compilation with:
$ make
Although not strictly necessary, VERMONT binaries and data files can be
copied to the usual install location by running:
$ make install
-----------------------
USAGE AND CONFIGURATION
-----------------------
In order to run VERMONT, a configuration file is needed which specifies the
modules to be used and their parameters:
$ ./vermont -f <config-file>
Example configuration files can be found in configs/.
A documentation of the available modules and their configuration parameters
can be found at http://vermont.berlios.de/vermont_module_configuration .
A snapshot of this file is located at docs/config/.
Use Ctrl-C to stop VERMONT. If VERMONT does not exit properly, enter Ctrl-C
for a second time.
--------------------------------------
TRAFFIC CAPTURING AT VLAN MIRROR PORTS
--------------------------------------
VERMONT can be used to capture traffic at a mirror port of a switch. If
the mirror port is configured for VLAN traffic, the Ethernet frames will
usually include a VLAN tag in the Ethernet header, increasing the header
length from 14 to 18 bytes.
In order to capture such traffic correctly, you need to set the cmake
option IP_HEADER_OFFSET to 18. Furthermore, make sure that the observer
is configured with <pap_filter> parameter set to "vlan and ip".
----------------------------------------------------
OPERATION AS COLLECTOR: TUNING SOCKET RECEIVE BUFFER
----------------------------------------------------
VERMONT can be used as an IPFIX/PSAMP and NetFlow.v9 collector. As the
incoming IPFIX/PSAMP/NetFlow messages usually arrive in bursts, losses
may occur due to insufficient buffer space.
As a solution, the socket receive buffer can be increased. To check the
current settings, use the following system calls on Linux systems with
/proc file system:
$ cat /proc/sys/net/core/rmem_default
$ cat /proc/sys/net/core/rmem_max
In order to configure a new value X (in bytes), call:
$ sysctl -w net/core/rmem_default=X
$ sysctl -w net/core/rmem_max=X
------------------------------------
OPTIMIZED PACKET CAPTURING WITH PCAP
------------------------------------
To reduce the number of times packets need to be copied on their way from
the network interface card to the user space (i.e., VERMONT), we recommend
the utilization of pcap library 1.0.0 or higher.
For earlier versions of pcap, the pcap-mmap patch can be applied to
improve the performance: http://public.lanl.gov/cpw/