Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 123456789-123456789-123456789-123456789-123456789-123456789-123456789-123456789-
- SpyEyeCollector
- HOW TO START.
- First of all you have to look at configuration file, by default you can find it there:
- SpyEyeCollector/configs/sec.config
- Look at this options:
- listening port for logs Port what will accepting connections with logs,
- it must be same as you put in SpyEyeBuilder
- ( default value = 53 ).
- MySQL ...
- It is necessary to set correct username & password.
- Programm write data into same DB and same tables such as old php receiver (if you spend a lot of time to rewrite this names, and therefore modifity all web admin panel, there must be no problems, for you, to set your new names into right parameters).
- It is not bad to check path to mysqld server's unix socket (parameter `mysql unix socket'), if it is correct the performance of data exchange between this programm and MySQL server will be better by around 7%. You can quikly look at actual address of socket of your mysqld server by command:
- mysql --help | grep socket.*/
- there must be something like:
- +-------------------------------------------------------------------------------
- | socket /var/run/mysqld/mysqld.sock
- +-------------------------------------------------------------------------------
- If you have really big workload on server (more than 100 connections per second, it happens if you have about 10 000 bots) you can fix linux kernel parameters by sysctl (SYStem ConTroL), let's write changes directly in configuration file: /etc/sysctl.conf, we have to insert data from file add_to_etc_sysctl.txt, for example by command:
- cat readme/add_to_etc_sysctl.txt >> /etc/sysctl.conf
- They attach our file to end of current file. For accepting new settings execute command:
- sysctl -p
- After that you have to get next message:
- +-------------------------------------------------------------------------------
- | net.ipv4.tcp_syncookies = 1
- | net.ipv4.tcp_keepalive_time = 20
- | net.ipv4.tcp_keepalive_intvl = 5
- | net.ipv4.tcp_keepalive_probes = 3
- | net.ipv4.tcp_fin_timeout = 15
- | net.ipv4.tcp_tw_reuse = 1
- | net.ipv4.tcp_tw_recycle = 1
- | net.ipv4.ip_local_port_range = 1024 65535
- | net.ipv4.tcp_max_syn_backlog = 16384
- | net.core.netdev_max_backlog = 16384
- | net.core.somaxconn = 1024
- +-------------------------------------------------------------------------------
- If you see next text:+-------------------------------------------------------------------------------
- | error: "Operation not permitted" setting key "..."
- +-------------------------------------------------------------------------------
- it is mean that you are not root, or you have a virtual server (talk with administrators of hosting for change this values, but...), but VS don't adapt to big load, and impossibility of changing this parameters is doesn't matter.
- STARTING.
- It is better to run programm as daemon process, for this use a command line parameter `-d':
- ./SpyEyeCollector -d
- If you want to see some internal steps of Collectors work you can redirect out of program to some file like that:
- ./SpyEyeCollector > sec.log &
- For see last 100 lines of work use this command:
- tail -100 sec.log
- For autostart program with OS insert to file /etc/rc.local this text:
- # First lines of file is commentaries, insert next line after:
- /full/path/to/application/SpyEyeCollector -d
- Insert this line you can by next command:
- echo "/full/path/to/application/SpyEyeCollector -d" >> /etc/rc.local
- If programm start successful you have to see next message:
- +-------------------------------------------------------------------------------
- | * * * Config successful readed.
- |
- |
- | * * * MySQL connection success.
- |
- | Try to make clerk socket ...
- | Successful. Discriptor = 3
- | Try to bind socket to my addr: INADDR_ANY:53. ...
- | Successful. Try to make it reusable... Successful.
- |
- | Now I become a daemon! >)
- |
- +-------------------------------------------------------------------------------
- MONITORING.
- You can watch statistics of Collector's work by programm sec-manager, just run it and look at results.
- ./sec-manager
- Fot exit press CTRL+C.
- If with working Collector this programm write just Look for SpyEyeCollector..... /' it means that Collector
- - can't read configuration file
- - can't connect to MySQL server
- - can't bind selected port
- execute script killer-sec.bash:
- bash killer-sec.bash
- 1) If they write just `Done.', it means that Collector was not in process list, it happens if programm was not runed or they not found configuration file and just exit. Check for configuration file is exist, or run Collector with parameter --config=, where you have to put full path to configuration file:
- ./SpyEyeCollector --config=/home/prog/sec-config/myconfig.txt -d
- ./SpyEyeCollector --config="/home/prog/secconfig/my config.txt" -d
- or as usual:
- ./SpyEyeCollector -d
- if file was not found programm will write next message and close it self:
- +-------------------------------------------------------------------------------
- | Default config path: "configs/sec.config".
- |
- | In future we will use configuration file absolute path:
- | /home/prog/SpyEyeCollector/configs/sec.config
- |
- | ERROR. Can't open config file: "/home/prog/SpyEyeCollector/configs/sec.config".
- | Use default way: "configs/sec.config".
- | ERROR Again. Even this file was not open.
- +-------------------------------------------------------------------------------
- 2) If `killer-sec.bash' report that he kill some process:
- +-------------------------------------------------------------------------------
- | killing process with pid = 7451
- | Done.
- +-------------------------------------------------------------------------------
- (all they was SpyEyeCollectors), so now start programm by command:
- ./SpyEyeCollector -d
- and they print, that they can't connect to MySQL server:
- +-------------------------------------------------------------------------------
- | * * * Config successful readed.
- |
- | Can't connect to MySQL server.
- | Host: localhost; user: mysql_user; passX2: ******************; DB: db_name; port: 3306; Unix socket: /var/run/mysqld/mysqld.sock; flags:
- | N) MySQL: Access denied for user 'mysql_user'@'localhost' (using password: YES)
- +-------------------------------------------------------------------------------
- or, that they can't bind selected port:
- +-------------------------------------------------------------------------------
- | * * * Config successful readed.
- |
- |
- | * * * MySQL connection success.
- |
- | Try to make clerk socket ...
- | Successful. Discriptor = 3
- | Try to bind socket to my addr: INADDR_ANY:53. ...
- | N) ERROR: errno = EADDRINUSE = Адрес уже используется.
- +-------------------------------------------------------------------------------
- in this case you can find out what programm captured port by command:
- fuser -n tcp 53
- and you get PIDs list of processes that use it. If there is nothing was printed, it means that system hold this port, usually to meet the standard of TCP, and release it after few minutes (this often hapens if you just closed SpyEyeCollector that worked on this port), if system hold port more than ten minutes it can be seriously, looks like better to change port.
- But if you get PID(s) let's see name of our hero:
- ps -A | grep getted_pid_number
- And we get a process name what hold a port. If you don't neet this process you can kill it and get your port, but be careful and read about this process before brandishing a gun.
- And so it could be that the port is protected, and your user is not the superuser:
- +-------------------------------------------------------------------------------
- | * * * Config successful readed.
- |
- |
- | * * * MySQL connection success.
- |
- | Try to make clerk socket ...
- | Successful. Discriptor = 3
- | Try to bind socket to my addr: INADDR_ANY:53. ...
- | N) ERROR: errno = EACCES = Адрес защищен, или пользователь не является суперпользователем.
- +-------------------------------------------------------------------------------
- Change user by command `su' (by default it change user to root, but ask a password), and from new user launch programm.
Add Comment
Please, Sign In to add comment