It appears net/flow-tools has issues with print statments
and perhaps other Python snytax after the recent update.
My daily graphs created from pflow data broke beginning 23 Feb 2021.
The filters, tests and report formats in the examples are defined,
and haven't changed, so that's not the source of the error.
Since many of the errors deal with how Python is reacting
to print statements without parentheses, I am guessing
this might have something to do with the Makefile v1.45.
The output below is the same as I get on a "real" machine, but to
attempt to verify the problem was not just with my machine,
I configured a separate VM on another host with
kern.version=OpenBSD 6.9-beta (GENERIC) #352: Thu Feb 25 23:22:43 MST 2021
deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
and built from a current version of ports.
----
host$ flow-cat ft-v05.2021-02-24.150001-0600|flow-nfilter -F test | \
flow-report -S octets
File "/usr/local/bin/flow-rptfmt", line 112
print "Ignores: %s" % self.field_vals['ignores']
^
SyntaxError: Missing parentheses in call to 'print'. Did you mean
print("Ignores: %s" % self.field_vals['ignores'])?
flow-report: pclose(/usr/local/bin/flow-rptfmt): failed exit code=1.
-----
There are many lines like this, and I can just wrap print statements
in parentheses to get rid of those, but other errors occur.
When doing
host$ flow-cat ft* |flow-nfilter -F test |flow-report -S octets
I get
----
Traceback (most recent call last):
File "/usr/local/bin/flow-rptfmt", line 532, in <module>
rpt.load(sys.stdin, opt_sort_field, opt_max_lines, opt_percent)
File "/usr/local/bin/flow-rptfmt", line 350, in load
for i in xrange(self.field_total):
NameError: name 'xrange' is not defined
flow-report: pclose(/usr/local/bin/flow-rptfmt): failed exit code=1.
---
The upstream documentation refers to /usr/local/etc/flow-tools for files
like filter.cfg, but I think that the programs expect those files
to be in /etcflow-tools. Running make install didn't
mkdir /etc/flow-tools on my VM.
I notice
make fetch gets from github.com/5u623120/flow-tools/archive which
of course is not the same as github.com/5u623120/flow-tools.
That is the right thing to do of course, but I simply mean that
I can't browse to flow-tools/archive, only to flow-tools.
The version that is fetched has the original (I assume) README
which mentions splintered.net, which is no longer active. I don't
know if it's possible or worthwhile, but would it be a good idea
to add a note to this file that splintered.net doesn't seem
to be active?
I really like flow-tools after learning about it from Michael W.
Lucas' book. However, I'm curious to know if anyone has a preference
for another program that can generate similar data from pflow
output.
No comments:
Post a Comment