...
Code Block |
---|
Usage: opflow-cli.plexe act=operation [option=A...] [param=X...] opflow-cli.plexe act=setup-db [drop=true] [usepercent=NN] [dryrun=false/true] opflow-cli.plexe act=setup-iana [url=...|file=...] opflow-cli.plexe act=(purge|purge-raw|purge-endpoints|purge-indices) opflow-cli.plexe act=load-flows file=... opflow-cli.plexe act=list-endpoints [searchprop=value...] value can be regex:... opflow-cli.plexe act=create-endpoint property=value... opflow-cli.plexe act=show-endpoint ip=address opflow-cli.plexe act=update-endpoint ip=address entry.propname=value... opflow-cli.plexe act=delete-endpoint ip=address opflow-cli.plexe act=list-apps [searchprop=value...] opflow-cli.plexe act=(create-app|update-app) number=N protocol=M name=X description=Y opflow-cli.plexe act=delete-app number=N protocol=M opflow-cli.plexe act=list-agents opflow-cli.plexe act=update-agent agent=X [in_if=Y out_if=Z] admin_status=(active|inactive) opflow-cli.exe act=sync-agent-node-data opflow-cli.plexe act=list-filters [include_inactive=0/1] opflow-cli.plexe act=show-filter name=F opflow-cli.plexe act=disable-filter name=F opflow-cli.plexe act=create-filter name=F [description=D] propA=X,Y,Z [propB=...] properties: agent application endpoint proto src_ip dst_ip src_port dst_port filter expressions: A,B,C for list of choices, regex:string supported for all properties except agent and proto. proto must be number or list of numbers. agent must be agent_ip (for all interfaces), or agent_ip:in_ifidx:out_ifidx. opflow-cli.plexe act=create-report [param=...] options: quiet=1: suppress output, only set exit code debug=1: more verbose debugging output |
Manage Agents
Agents are a list of the IP addresses from which flows are received. The System -> Manage Agents GUI function enables you to see each agent IP address as well as the node that has been associated with it . The association to an NMIS node enables opFlow to look up the interface indexes which the traffic is flowing to and from, these associations are automatically updated once an hour and the interfaces seen on those agents can be viewed, set inactive or set active. A "wildcard" agent record can be seen for each agent IP that opFlow has received flows from, setting the active/inactive flag on this record disable all flows coming form this agent. In addition to this, an entry for each agent+in_if+out_if combo is also stored which allows disabling flows from specific interfaces and directionscan also be triggered at any time by using the System -> Sync Agent/Node data GUI function. Please refer to: opCharts/NMIS integration for information on configuring opFlow to connect to opCharts.
opFlow allows to select which flow agents (and in/out interfaces) your opFlow instance should accept data from, this is currently done in the opflow-cli.pl program only.
You can use opflow-cli.pl
to view the list of agents and interfaces, and set any of them inactive or active. If an agent and in/out interface combination is set inactive, then opFlow will ignore flows from this agent and involving these in/out interfaces. There is also a "wildcard" agent record available: if you set that to inactive, then it overrides all interface-specific settings and no flows will be accepted from this agent (no matter what interfaces are involved). Please note that opflow-cli.pl
does show the invidual agent+interface records even if the wildcard record is set to inactive and thus is overriding them.
If you only want to disable flows coming in that match a particular in and out interface combination, then you should set that specific record inactive and leave the wildcard record active.
License Count
Code Block |
---|
mongo -u opUserRW -p op42flow42 --host 127.0.0.1 flows --eval 'db.getCollection("agents").aggregate([ { "$match" : {"in_if" : { "$ne" : "*" },"out_if" : { "$ne" : "*" }, "admin_status" : "active" }},{ "$group" : {_id : "$agent","in_if" : { "$addToSet" : "$in_if" },"out_if" : { "$addToSet" : "$out_if"}}}, { "$project" : { _id : 1,interfaces : { "$setUnion" : [ "$in_if","$out_if" ] }}} ]);' |
Code Block |
---|
[root@opmantek bin]# mongo -u opUserRW -p op42flow42 --host 127.0.0.1 flows --eval 'db.getCollection("agents").aggregate([ { "$match" : {"in_if" : { "$ne" : "*" },"out_if" : { "$ne" : "*" }, "admin_status" : "active" }},{ "$group" : {_id : "$agent","in_if" : { "$addToSet" : "$in_if" },"out_if" : { "$addToSet" : "$out_if"}}}, { "$project" : { _id : 1,interfaces : { "$setUnion" : [ "$in_if","$out_if" ] }}} ]);'
MongoDB shell version: 3.2.16
connecting to: 127.0.0.1:27017/flows
{ "_id" : "10.8.0.1", "interfaces" : [ 0 ] }
{ "_id" : "192.168.10.71", "interfaces" : [ 3, 10, 9, 2, 8, 5, 6 ] }
{ "_id" : "10.10.1.1", "interfaces" : [ 5, 4, 0, 1, 2, 3 ] } |
Note: Disabling all flows in+out of an interface will remove it from the licensing count (lowering the used count by one interface). opFlow 3.0.2 requires each combo to be disabled, just disabling the wildcard record will not remove the interfaces from the licensing count. The GUI refreshes the license count every 5 minutes, restart omkd if you would like to see the most up-to-date count immediately.
Get a list of known Agents
/usr/local/omk/bin/opflow-cli.pl act=list-agents
...
To disable processing flows from an agent, disable all agent+in_if+out_if entries, or the wildcard record (i.e. by not passing in_if
and out_if
). Here is an example of disabling a single agent interface:
Code Block |
---|
# disable athe whole agent /usr/local/omk/bin/opflow-cli.pl act=update-agent agent=120.29.0.102 admin_status=inactive # disable an interface: disable all combinations of in both directions to remove a single interface and out interface that involve the one you don't want /usr/local/omk/bin/opflow-cli.pl act=update-agent agent=120.29.0.102 in_if=2 out_if=1 admin_status=inactive /usr/local/omk/bin/opflow-cli.pl act=update-agent agent=120.29.0.102 in_if=1 out_if=2 admin_status=inactive |
...