p0f-db

Submitted by nk on Mon, 2008-08-04 14:48

p0f-db
by Nerijus Krukauskas (nk on nk99 dot org)

DESCRIPTION

p0f-db project is aimed to those, who want to put all p0f collected data into DB and make some reports based on that.

Supported databases: MySQL, PostgreSQL, SQLite.

Bug reports, suggestions, improvements, beer, etc. are welcome at < nk on nk99 dot org >.

USAGE

All the standard p0f options applies. To get p0f to log data into DB you need:

  1. Get modified p0f files (see links at the end of this page).
  2. Extract them from the tarball.
  3. Compile and install p0f with modified "mk/Linux" (this is a Makefile) according to your DB type, include paths, library paths and any other compiler options.
  4. Create DB and tables for p0f (see "create_..." files in downloaded tarball).
  5. Modify your "/etc/p0f/p0f-db.conf" to reflect your DB setup.
  6. Run p0f and see tables populating.

CAVEATS

  • If your MySQL socket is in some unusual place (not in /var/lib/mysql/mysql.sock), p0f-db may terminate on the first record with message:

    PDB_MY: Connected to 'p0f_db' database.
    PDB_MY: Check IP failed: MySQL server has gone away
    [-] ERROR: PDB_MY: Exiting due to DB failure.

    Just make a symlink /var/lib/mysql/mysql.sock to point to your real MySQL socket, or set environment variable MYSQL_UNIX_PORT. This should fix the problem.

    Thanks Robert Hartman for pointing this out.

DOWNLOAD

ChangeLog

Latest (v.20080806)

Signature of latest (v.20080806)

All releases listed