...
opflow-cli.pl
opflow-cli.pl is your friend!allows you to run setup routines, create reports, manually load flow files and generally run CRUD operations on endpoints/apps/agents/filters.
Run opflow-cli.pl -h to get help, this bit was missing but will be added later.:
Code Block |
---|
Usage: opflow-cli.pl act=operation [option=A...] [param=X...] opflow-cli.pl act=setup-db [drop=true] [usepercent=NN] opflow-cli.pl act=setup-iana [url=...|file=...] opflow-cli.pl act=(purge|purge-raw|purge-endpoints|purge-indices) opflow-cli.pl act=load-flows file=... opflow-cli.pl act=list-endpoints [searchprop=value...] value can be regex:... opflow-cli.pl act=create-endpoint property=value... opflow-cli.pl act=show-endpoint ip=address opflow-cli.pl act=update-endpoint ip=address entry.propname=value... opflow-cli.pl act=delete-endpoint ip=address opflow-cli.pl act=list-apps [searchprop=value...] opflow-cli.pl act=(create-app|update-app) number=N protocol=M name=X description=Y opflow-cli.pl act=delete-app number=N protocol=M opflow-cli.pl act=list-agents opflow-cli.pl act=update-agent agent=X [in_if=Y out_if=Z] admin_status=(active|inactive) opflow-cli.pl act=list-filters [include_inactive=0/1] opflow-cli.pl act=show-filter name=F opflow-cli.pl act=disable-filter name=F opflow-cli.pl act=create-filter name=F [description=D] propA=X,Y,Z [propB=...] properties: agent application endpoint proto src_ip dst_ip src_port dst_port filter expressions: A,B,C for list of choices, regex:string supported for all properties except agent and proto. proto must be number or list of numbers. agent must be agent_ip (for all interfaces), or agent_ip:in_ifidx:out_ifidx. opflow-cli.pl act=create-report [param=...] options: quiet=1: suppress output, only set exit code debug=1: more verbose debugging output |
Manage Agents
Agents and the interfaces seen on those agents can be viewed, set inactive or set active. A "wildcard" agent record can be seen for each agent IP that opFlow has received flows from, setting the active/inactive flag on this record disable all flows coming form this agent. In addition to this, an entry for each agent+in_if+out_if combo is also stored which allows disabling flows from specific interfaces and directions.
Note: Disabling all flows in+out of an interface will remove it from the licensing count (lowering the used count by one interface). opFlow 3.0.2 requires each combo to be disabled, just disabling the wildcard record will not remove the interfaces from the licensing count.
Get a list of Agents
/usr/local/omk/bin/opflow-cli.pl act=list-agents
e.g.
Code Block |
---|
[root@server:/usr/local/omk/bin]#(2) ./opflow-cli.pl act=list-agents opflow-cli.pl Version 23.1021.0 Copyright (C) 2015 Opmantek Limited (www.opmantek.com) This program comes with ABSOLUTELY NO WARRANTY; See www.opmantek.com or email contact@opmantek.com opFlow 1.0 is licensed to Hearst CorporationOpmantek for Unlimited50 Interfaces on a single server - not for resale - Expires 19-Feb-2016 Agent IP In Intf Out Intf Active Last Seen 10120.19229.690.250102 1722 1641 inactive Fri Feb 5 04:57active Tue Apr 19 13:53:57 2016 120.29.0.102 1 2 active Tue Apr 19 13:53:57 2016 10120.7329.2380.6102 9091 570 inactiveactive FriTue FebApr 19 5 0413:5753:57 2016 10120.7329.2380.7102 909* 909* active FriTue FebApr 19 5 0413:4953:57 2016 152192.179168.115.250 9 19 active Fri Feb 5 04:5788.254 8 1 active Tue Apr 19 13:40:01 2016 192.168.88.254 2 1 active Tue Apr 19 13:53:57 2016 167192.173168.2988.6254 910 141 active FriTue FebApr 19 5 0413:5753:57 2016 172192.19168.3988.36254 131 148 inactiveactive ThuTue FebApr 19 4 2313:5540:3501 2016 |
Stop Processing Flows from an Agent/Interface
To disable processing flows from an agent, disable all agent+in_if+out_if entries. Here is an example of disabling a single agent interface:
Code Block |
---|
# disable a whole agent /usr/local/omk/bin/opflow-cli.pl act=update-agent agent=120.29.0.102 admin_status=inactive # disable an interface: in both directions to remove a single interface /usr/local/omk/bin/opflow-cli.pl act=update-agent agent=120.29.0.102 in_if=2 out_if=1 admin_status=inactive /usr/local/omk/bin/opflow-cli.pl act=update-agent agent= |
...
120. |
...
29. |
...
0.102 in_if=1 out_if=2 admin_status=inactive |
Start Processing Flows from an Agent
...
/Interface
Note: Enabling an agent which has individual interface records disabled will not enable those interface records as well.
Code Block |
---|
# enable a whole agent, /usr/local/omk/bin/opflow-cli.pl act=update-agent agent= |
...
120. |
...
29. |
...
0. |
...
102 admin_status= |
...
Manage Filters
Create a Filter Based on the Agent
inactive # enable flows in both directions to add a single interface back, only a single direction can be enabled if desired /usr/local/omk/bin/opflow-cli.pl act= |
...
update-agent agent=120.29.0.102 in_if=2 out_if=1 admin_status=active /usr/local/omk/bin/opflow-cli.pl act= |
...
update-agent agent=120.29.0.102 in_if=1 out_if=2 admin_status=active |
Manage Filters
Filters allow you to create pre-defined searches that will load quickly in the GUI. A filter must be in place before the flows arrive as the flows are tagged with the filter when they are processed. Any flows that match the filter but arrived before the filter was created will not be displayed.
Note: Agents are filtered automatically, there is no need to create extra filters for them.
Create a Filter Based on the Application
Code Block |
---|
/usr/local/omk/bin/opflow-cli.pl act=create-filter name |
...
=HTTP application=http
/usr/local/omk/bin/opflow-cli.pl act=create-filter name=HTTPS application=https |