On 2021/02/26 21:07, Marfaba Stewart wrote:
> It appears net/flow-tools has issues with print statments
> and perhaps other Python snytax after the recent update.
>
> My daily graphs created from pflow data broke beginning 23 Feb 2021.
> The filters, tests and report formats in the examples are defined,
> and haven't changed, so that's not the source of the error.
>
> Since many of the errors deal with how Python is reacting
> to print statements without parentheses, I am guessing
> this might have something to do with the Makefile v1.45.
>
> The output below is the same as I get on a "real" machine, but to
> attempt to verify the problem was not just with my machine,
> I configured a separate VM on another host with
>
> kern.version=OpenBSD 6.9-beta (GENERIC) #352: Thu Feb 25 23:22:43 MST 2021
> deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
>
> and built from a current version of ports.
>
> ----
> host$ flow-cat ft-v05.2021-02-24.150001-0600|flow-nfilter -F test | \
> flow-report -S octets
>
> File "/usr/local/bin/flow-rptfmt", line 112
> print "Ignores: %s" % self.field_vals['ignores']
> ^
> SyntaxError: Missing parentheses in call to 'print'. Did you mean
> print("Ignores: %s" % self.field_vals['ignores'])?
> flow-report: pclose(/usr/local/bin/flow-rptfmt): failed exit code=1.
> -----
>
> There are many lines like this, and I can just wrap print statements
> in parentheses to get rid of those, but other errors occur.
Argh I meant to pass it through 2to3 but forgot that in the committed
version. Will fix the port shortly.
> When doing
>
> host$ flow-cat ft* |flow-nfilter -F test |flow-report -S octets
>
> I get
> ----
> Traceback (most recent call last):
> File "/usr/local/bin/flow-rptfmt", line 532, in <module>
> rpt.load(sys.stdin, opt_sort_field, opt_max_lines, opt_percent)
> File "/usr/local/bin/flow-rptfmt", line 350, in load
> for i in xrange(self.field_total):
> NameError: name 'xrange' is not defined
> flow-report: pclose(/usr/local/bin/flow-rptfmt): failed exit code=1.
>
> ---
>
> The upstream documentation refers to /usr/local/etc/flow-tools for files
> like filter.cfg, but I think that the programs expect those files
> to be in /etcflow-tools. Running make install didn't
> mkdir /etc/flow-tools on my VM.
>
> I notice
> make fetch gets from github.com/5u623120/flow-tools/archive which
> of course is not the same as github.com/5u623120/flow-tools.
> That is the right thing to do of course, but I simply mean that
> I can't browse to flow-tools/archive, only to flow-tools.
>
> The version that is fetched has the original (I assume) README
> which mentions splintered.net, which is no longer active. I don't
> know if it's possible or worthwhile, but would it be a good idea
> to add a note to this file that splintered.net doesn't seem
> to be active?
The README file isn't installed so there's not a lot of point in
patching that.
> I really like flow-tools after learning about it from Michael W.
> Lucas' book. However, I'm curious to know if anyone has a preference
> for another program that can generate similar data from pflow
> output.
Not sure about preference, but there's also nfdump which I've used
occasionally (normally with the nfsen frontend). The original author
is still maintaining it whereas flow-tools has been forked a couple
of times and is not really all that active these days
(https://github.com/5u623l20/flow-tools/commits/master)
Haven't got round to trying it myself yet but ElastiFlow (not in
ports) might be nice if you want a shiny dashboard.
No comments:
Post a Comment