Can someone review this patch please. If nobody objects I'll apply
it to CVS.
Ciao
Dennis
--- Begin Message ---
Hi
I have added an option to ntop that make it possible to
redirect the logs of the -q option. I called it -O but
that is not strictly necessary. I could not find a good name
for it.
The patch is attached and I have also changed the documentation.
The patch is also avaiable on
http://www.opal.dhs.org/involved/patch/
and specificly this patch is on
http://www.opal.dhs.org/involved/patch/ntop/ntop-O-option-2.0.0-debian-20020321.diff
Regards,
// Ola
PS. I have a different and much more complete patch for
Debian which I'll submit there ASAP.
DS.
--
--------------------- Ola Lundqvist ---------------------------
/ [EMAIL PROTECTED] Bj�rnk�rrsgatan 5 A.11 \
| [EMAIL PROTECTED] 584 36 LINK�PING |
| +46 (0)13-17 69 83 +46 (0)70-332 1551 |
| http://www.opal.dhs.org UIN/icq: 4912500 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
--- End Message ---
diff -ur ntop-2.0.0.opal/ntop/globals-core.c ntop-2.0.0/ntop/globals-core.c
--- ntop-2.0.0.opal/ntop/globals-core.c Thu Dec 27 08:54:27 2001
+++ ntop-2.0.0/ntop/globals-core.c Thu Mar 21 19:20:03 2002
@@ -35,6 +35,10 @@
u_short traceLevel, debugMode, useSyslog, accuracyLevel;
u_char stickyHosts, enableSuspiciousPacketDump;
char dbPath[200], accessLogPath[200], *rFileName, *pcapLog;
+/* Added by Ola Lundqvist <[EMAIL PROTECTED]>. */
+/* Path to suspicious log and normal pcap log directory. */
+char pcapLogBasePath[200];
+/* End of Ola Lundqvist addition. */
char mapperURL[256]; /* URL of the mapper CGI */
u_int maxHashSize, topHashSize;
u_int enableNetFlowSupport;
diff -ur ntop-2.0.0.opal/ntop/globals-core.h ntop-2.0.0/ntop/globals-core.h
--- ntop-2.0.0.opal/ntop/globals-core.h Thu Dec 27 14:41:28 2001
+++ ntop-2.0.0/ntop/globals-core.h Thu Mar 21 19:20:22 2002
@@ -34,6 +34,10 @@
extern u_char stickyHosts, enableSuspiciousPacketDump;
extern char dbPath[200];
extern char accessLogPath[200]; /* Apache-like access log */
+/* Added by Ola Lundqvist <[EMAIL PROTECTED]>. */
+/* Path to suspicious log and normal pcap log directory. */
+extern char pcapLogBasePath[200]; /* Path to suspicious log file. */
+/* End of Ola Lundqvist addition */
extern char mapperURL[256]; /* URL of the mapper CGI */
extern u_int maxHashSize, topHashSize;
extern u_int enableNetFlowSupport;
diff -ur ntop-2.0.0.opal/ntop/initialize.c ntop-2.0.0/ntop/initialize.c
--- ntop-2.0.0.opal/ntop/initialize.c Thu Dec 27 08:54:27 2001
+++ ntop-2.0.0/ntop/initialize.c Thu Mar 21 19:23:12 2002
@@ -898,7 +898,8 @@
if(strlen(pcapLog) > 64)
pcapLog[64] = '\0';
- sprintf(myName, "%s.%s.pcap", pcapLog, device[i].name);
+ // Added pcapLogBasePath, by Ola Lundqvist <[EMAIL PROTECTED]>
+ sprintf(myName, "%s%s.%s.pcap", pcapLogBasePath, pcapLog, device[i].name);
device[i].pcapDumper = pcap_dump_open(device[i].pcapPtr, myName);
if(device[i].pcapDumper == NULL) {
@@ -908,7 +909,8 @@
}
if(enableSuspiciousPacketDump) {
- sprintf(myName, "ntop-suspicious-pkts.%s.pcap", device[i].name);
+ // Added pcapLogBasePath, by Ola Lundqvist <[EMAIL PROTECTED]>
+ sprintf(myName, "%sntop-suspicious-pkts.%s.pcap", pcapLogBasePath,
+device[i].name);
device[i].pcapErrDumper = pcap_dump_open(device[i].pcapPtr, myName);
if(device[i].pcapErrDumper == NULL)
Only in ntop-2.0.0.opal/ntop: libtool
diff -ur ntop-2.0.0.opal/ntop/main.c ntop-2.0.0/ntop/main.c
--- ntop-2.0.0.opal/ntop/main.c Thu Dec 27 08:54:27 2001
+++ ntop-2.0.0/ntop/main.c Thu Mar 21 19:18:22 2002
@@ -158,11 +158,13 @@
if(strcmp(program_name, "ntopd") == 0) {
daemonMode++;
}
+ strncpy(pcapLogBasePath, "",
+ sizeof(pcapLogBasePath)-1)[sizeof(pcapLogBasePath)-1] = '\0';
#ifdef WIN32
- theOpts = "ce:f:F:hr:p:i:nw:m:b:B:D:s:P:R:S:g:t:a:W:12l:qU:kA:";
+ theOpts = "ce:f:F:hr:p:i:nw:m:b:B:D:s:P:R:S:g:t:a:W:12l:O:qU:kA:";
#else
- theOpts = "cIdEe:f:F:hr:i:p:nNw:m:b:v:D:s:P:R:MS:g:t:a:u:W:12l:qU:kKLA:";
+ theOpts = "cIdEe:f:F:hr:i:p:nNw:m:b:v:D:s:P:R:MS:g:t:a:u:W:12l:O:qU:kKLA:";
#endif
while((op = getopt(argc, argv, theOpts)) != EOF) {
@@ -241,7 +243,14 @@
isLsofPresent = 0; /* Don't make debugging too complex */
rFileName = optarg;
break;
-
+
+ /* Added by Ola Lundqvist <[EMAIL PROTECTED]>. */
+ case 'O':
+ strncpy(pcapLogBasePath, optarg,
+ sizeof(pcapLogBasePath)-1)[sizeof(pcapLogBasePath)-1] = '\0';
+ break;
+ /* End of Ola Lundqvist code */
+
case 'r':
if(!isdigit(optarg[0])) {
printf("FATAL ERROR: flag -r expects a numeric argument.\n");
diff -ur ntop-2.0.0.opal/ntop/ntop.8 ntop-2.0.0/ntop/ntop.8
--- ntop-2.0.0.opal/ntop/ntop.8 Fri Dec 14 13:52:46 2001
+++ ntop-2.0.0/ntop/ntop.8 Thu Mar 21 19:23:52 2002
@@ -101,6 +101,9 @@
.It -q
Forces ntop to create a file ntop-suspicious-pkts.XXX.pcap (XXX is the interface
name) for each network interface where are stored suspicious packets. The file is in
pcap format (tcpdump).
+.It -O
+Base path for the ntop-suspicious-pkts.XXX.pcap and normal packet log file (tcpdump).
+If the base path is a directory you have to append a / to the string for this to work
+fine.
+
.It -n
This causes
.B ntop
diff -ur ntop-2.0.0.opal/ntop/webInterface.c ntop-2.0.0/ntop/webInterface.c
--- ntop-2.0.0.opal/ntop/webInterface.c Thu Dec 27 08:54:29 2001
+++ ntop-2.0.0/ntop/webInterface.c Thu Mar 21 19:21:57 2002
@@ -1026,6 +1026,10 @@
traceEvent(TRACE_INFO, " %s\n", "[-N <don't use nmap if installed>]");
traceEvent(TRACE_INFO, " %s\n", "[-M <don't merge network interfaces (see man
page)>]");
traceEvent(TRACE_INFO, " %s\n", "[-q <create file
ntop-suspicious-pkts.XXX.pcap>]");
+ /* Addition by Ola Lundqvist <[EMAIL PROTECTED]> */
+ traceEvent(TRACE_INFO, " %s\n", "[-O <path> (base path for
+suspicious-pkts.XXX.pcap file.");
+ traceEvent(TRACE_INFO, " %s\n", " Must end with a / if it points to a
+directory.]");
+ /* End of Ola Lundqvist addition */
traceEvent(TRACE_INFO, " %s\n", "[-l <path> (dump packets captured on a file:
debug only!)]");
traceEvent(TRACE_INFO, " %s\n", "[-P <path for db-files>]");
traceEvent(TRACE_INFO, " %s\n", "[-g <client:port (Cisco NetFlow client)>]");
