A traffic monitoring tool which used ELK: Sweet security
👉 Test dataset: was found on http://statweb.stanford.edu/~sabatti/data.html
sudo apt-get install git
sudo apt-get install git-review
sudo apt-get install software-properties-common -y && \
sudo add-apt-repository ppa:webupd8team/java -y && \
sudo apt-get update && \
echo "oracle-java8-installer shared/accepted-oracle-license-v1-1 select true" | sudo debconf-set-selections && \
sudo apt-get install oracle-java8-installer oracle-java8-set-default -ygit clone https://gerrit.onosproject.org/onosAdd variables for default setting
vi ~/.bash_profileInsert following lines to bash_profile file
export ONOS_ROOT=~/onos
source $ONOS_ROOT/tools/dev/bash_profileClick: shift + ":" + "wq" to save and quit. And make sure you have installed "Buck" command, otherwise:
brew install buckIf use wget:
Go to page: https://www.elastic.co/start
brew install ElasticUbuntu:
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.6.2.tar.gz
tar -xzf elasticsearch-5.6.2.tar.gz
./elasticsearch-5.6.2/bin/elasticsearchbrew install KibanaUbuntu:
wget https://artifacts.elastic.co/downloads/kibana/kibana-5.6.2-linux-x86_64.tar.gz
tar -xzf kibana-5.6.2-linux-x86_64.tar.gzbrew install Logstash
- Create one VM with ONOS installed on Ubuntu with address localhost
- Create one VM with Mininet installed with address localhost
- Install ONOS locally on Mac OSX and create the cell to push to localhost
- 💜 disable firewall of your laptop
Go inside of onos folder
cd onosok cleanUse ONOS to build a your own topology on localhost
buck build onosIf got the error:heavy_exclamation_mark: : Importing module random is forbidden: Change "buck" to "onos-buck". Click Here 🔍 Building process depends on your speed and firewall, even the network of onos-buck.
buck run onos-localWhen the terminal stops poping new info texts(Like runing a server).
Commandline(another cmd window): bash onos localhost
GUI: Open: http://localhost:8181/onos/ui/login.html The Default Username: onos; Password: rocks; Localhost:127.0.0.1
Mininet ICMP(Ping): http://mininet.org/walkthrough/
ONOS show traffic https://wiki.onosproject.org/display/ONOS/Basic+ONOS+Tutorial#BasicONOSTutorial-Showalltraffic
Q:How to sychnously send Mininet log to Logistach
A: with some latency, because of middle process.
On VM:
- Use self-defined Python(Pox) file to do:
- Test different settings(learning rules) of mininet (Via "Switch" 1...n cases)
- Collect mininet output data(Ask tutor:certain function of traffic flow) and output under a same directory asynchronously
On Mac:
-- Locate the mininet outputs path of VirtualMachine from MacOSX: e.g:
ssh [email protected]
//and locate a path- Since the outputs of mininet will be always located at a same path(Don't need to change the path variable in logstash), then write the #SHELL file to run:
- Countdown user determined timelength,and excute line "/usr/local/bin/logstash -f logstash.conf" to update data.
- Refresh Kibana dashboard by exuting kyboard operation via calling another #SHELL file
Open elasticsearch and kibana separatly
/usr/local/bin/elasticsearch/usr/local/bin/kibanaopen link from kibana terminal window: http://localhost:5601 Assume get traffic data, and do configuration by createing a file named logstash.conf saved inside of logstash
[
input {
file {
path => "/Users/.../Desktop/test.csv"
start_position =>"beginning"
}
}
filter{
csv{
separator => ","
columns => ["date","l_ipn","r_asn","f"]
}
mutate {convert => ["l_ipn","integer"]}
mutate {convert => ["r_asn","integer"]}
mutate {convert => ["f","integer"]}
}
output {
elasticsearch {
hosts => "localhost"
index => "Traffic"
document_type => "Monitoring traffic "
}
stdout{}
}
then run your configuration file to send data to elasticsearch
/usr/local/bin/logstash -f logstash.confQ: How to stop Logstash properly?
👻 🎉 👻 tools' folders at: ls /usr/local/Cellar
