SlideShare une entreprise Scribd logo

SMB Traffic Analyzer @ Samba Xp 2009

H
hhetter

My talk on the SMB Traffic Analyzer project at the SambaXP conference 2009

1  sur  21
Télécharger pour lire hors ligne
SMB Traffic Analyzer Holger Hetterich L3 Support Engineer SUSE Linux Products GmbH
What is SMB Traffic Analyzer? Milestone 1 (current development) ➔ ➔Collect metadata of write and read processes on one or more samba servers. ➔Store data in a SQL queryable container. ➔Provide statistics based on this data, and visualize them Milestone 2 (long term goals) → later in this talk ➔ Testing 2
SMB Traffic Analyzer: Overview Samba Server >= 3.2.x and concept Connection via smb_traffic_analyzer either unix domain- VFS module or internet socket. Stad daemon program, Feeds a database with incoming Client Data from the VFS module, configuration Accepts queries from clients storage, run SQL Storage of meta- queries data, maintenance of the database Stadview client program, Testing Visualizing collected data SQL enabled database 3
The VFS module in detail Samba Server >= 3.2.x smb_traffic_analyzer VFS module Stad daemon program, Feeds a database with incoming Data from the VFS module, Accepts queries from clients Stadview client program, Testing Visualizing collected data SQL enabled database 4
Looking at VFS smb_traffic_analyzer(1) “Sit in the VFS layer of samba, watch any Read or Write- file operation, and send data about this operations via network to a receiver.” ➔Introduced into the samba source tree at September 25, 2008 ➔Included in 3.2.x and 3.3.x, SLE11 ships it. ➔Fully transparent VFS module ➔Configured easily via smb.conf Testing ➔Can operate either on a unix domain socket or on an internet socket 5
Looking at VFS smb_traffic_analyzer(2) – what data is stored? •Length of a data transfer in bytes •If the transfer was a Read or Write access •The name of the file involved in the transfer •The name of the user who initiated the transfer •The name of the domain under which the transfer happened Testing •A timestamp including date and time to the millisecond 6
Looking at VFS smb_traffic_analyzer(3) A sample share configured for smb_traffic_analyzer. [pool1] path=/pool1 read only = No vfs objects = smb_traffic_analyzer smb_traffic_analyzer:host = localhost smb_traffic_analyzer:port = 3490 Or activating the object in the global section activates all shares: [global] vfs objects = smb_traffic_analyzer smb_traffic_analyzer:host = localhost smb_traffic_analyzer:port = 3490 7
Looking at VFS smb_traffic_analyzer(4) – Is this legal at all? Exposing user related data is illegal in many countries. Two ways of anonymization: PREFIX + Hash-number: you can still recognize individual users: smb_traffic_analyzer:anonymize_prefix = User PREFIX: map any username to one string. smb_traffic_analyzer:anonymize_mode = Total Testing 8
Samba Server The stad daemon in detail >= 3.2.x smb_traffic_analyzer VFS module Stad daemon program, Feeds a database with incoming Data from the VFS module, Accepts queries from clients Stadview client program, Testing Visualizing collected data SQL enabled database 9
Looking at the stad daemon(1) “Be as fast as possible at accepting data from the VFS module, put the data into a SQL enabled storage. At the same time, maintain the database at the user's wish, and accept SQL queries about the data from clients.” ➔Configured via command line or ini-style config file ➔Caching data into the sytem RAM ➔Accepts multiple clients and VFS modules Testing 10
Looking at the stad daemon(2) Simplest possible way to run stad: $ stad ­i 3490 - use database /var/lib/staddb with sqlite3 - accept VFS connection on internet socket port 3490 - accept client connections on internet socket port 3491 Advanced configuration is done in a config file, see the manpage. 11
Looking at the stad daemon(3) – data processing plugins Why not a simple text file? Stad supports a plugin architecture for it's data processing. If there is no interest in a networked client or SQL queryable information, an other plugin can do the output. Currently shipping: - sqlite3 Plugin - CSV text file plugin (loadable with OpenOffice, Excel and friends) In Development: - MySQL Plugin - syslog plugin 12
Looking at the stad daemon(4) – performance impact Thinkpad X61 configured as “all in one” system, copying 2.8 GB in 3.381 file objects to a share. → running stad, the database and the samba server Performance reduction : 39 % By changing the conservative default parameters of stads system RAM usage, enlarging it's memory area to hold data packages for the db, it was possible to reach a Performance reduction: 12% Dell QuadCore Desktop system as Samba server, and Blade server running stad and the db, copying 4.8 GB to a share. → stad and db separated from the samba server 13 Performance reduction : 16%
Looking at the stad daemon(5) – storage is limited Without a regulating process, the database that is maintained by stad would grow and grow. This parameters in the config file will run the maintenance process every hour, and delete any data that is older than 5 days from the database.        [maintenance]        maintenance_timer = 01:00:00        maintenance_timer_config = 5,00:00:00 14
Looking at the stad daemon(6) – stadtorture - A test utility for stad Stadtorture is a tool utilizing libsmbclient to produce traffic on a server. → creates a file set on two samba shares → copies files around with pauses → can record it's own run and playback → turn into a benchmarking tool 15
Samba Server The stadview program in detail >= 3.2.x smb_traffic_analyzer VFS module Stad daemon program, Feeds a database with incoming Data from the VFS module, Accepts queries from clients Stadview client program, Testing Visualizing collected data SQL enabled database 16
Looking at the stadview program(1) Show statistics about the data stored in the database. Update this information in real-time. Also try not to crash while being demonstrated at sambaXP :) At some day, run on the Windows platform. → utilitzing GTK and Cairo graphics → easy output to different devices → no local configuration → manage multiple sessions on a stad server 17
Looking at the stadview program(2) Demonstration 18
Where do we go to? ➔ Milestone 2 (long term goals) ➔Create appliances for stad: ➔Out of the box samba server/stad/stadview ➔Out of the box stad/stadview ready for network integration ➔Secure connections between VFS module/stad/stadview. ➔Collect any VFS operations (like full-audit) ➔Make table based applets for stadview ➔Make samba / stad a native Microsoft Event Testing Viewer Source ➔Have stadview running on Windows 19
SMB Traffic analyzer – project data Homepage: http://holger123.wordpress.com/smb-traffic-analyzer/ Any component is GPLv3. Documentation: Detailed manpages with examples for all components. Around five people are working on SMB Traffic analyzer project since January 2008. Main contact in case of questions, patches or suggestions: ozzy@metal-district.de (Holger Hetterich) hhetter@novell.com 20
SMB Traffic analyzer http://holger123.wordpress.com/smb-traffic-analyzer/ QUESTIONS AND ANSWERS 21

Recommandé

IBM Spectrum Scale Networking Flow
IBM Spectrum Scale Networking FlowIBM Spectrum Scale Networking Flow
IBM Spectrum Scale Networking Flow
Sandeep Patil
 
HBase Coprocessors @ HUG NYC
HBase Coprocessors @ HUG NYCHBase Coprocessors @ HUG NYC
HBase Coprocessors @ HUG NYC
mlai
 
Rhel cluster basics 3
Rhel cluster basics 3Rhel cluster basics 3
Rhel cluster basics 3
Manoj Singh
 
Rhel cluster basics 2
Rhel cluster basics 2Rhel cluster basics 2
Rhel cluster basics 2
Manoj Singh
 
Tempesta FW - Framework и Firewall для WAF и DDoS mitigation, Александр Крижа...
Tempesta FW - Framework и Firewall для WAF и DDoS mitigation, Александр Крижа...Tempesta FW - Framework и Firewall для WAF и DDoS mitigation, Александр Крижа...
Tempesta FW - Framework и Firewall для WAF и DDoS mitigation, Александр Крижа...
Ontico
 
Spectrum Scale Best Practices by Olaf Weiser
Spectrum Scale Best Practices by Olaf WeiserSpectrum Scale Best Practices by Olaf Weiser
Spectrum Scale Best Practices by Olaf Weiser
Sandeep Patil
 
Tsm7.1 seminar Stavanger
Tsm7.1 seminar StavangerTsm7.1 seminar Stavanger
Tsm7.1 seminar Stavanger
Solv AS
 
Sasi-AIX 3+ Resume
Sasi-AIX 3+ ResumeSasi-AIX 3+ Resume
Sasi-AIX 3+ Resume
Peyyala Sasidhar Reddy
 

Recommandé

IBM Spectrum Scale Networking Flow
IBM Spectrum Scale Networking FlowIBM Spectrum Scale Networking Flow
IBM Spectrum Scale Networking Flow
Sandeep Patil
 
HBase Coprocessors @ HUG NYC
HBase Coprocessors @ HUG NYCHBase Coprocessors @ HUG NYC
HBase Coprocessors @ HUG NYC
mlai
 
Rhel cluster basics 3
Rhel cluster basics 3Rhel cluster basics 3
Rhel cluster basics 3
Manoj Singh
 
Rhel cluster basics 2
Rhel cluster basics 2Rhel cluster basics 2
Rhel cluster basics 2
Manoj Singh
 
Tempesta FW - Framework и Firewall для WAF и DDoS mitigation, Александр Крижа...
Tempesta FW - Framework и Firewall для WAF и DDoS mitigation, Александр Крижа...Tempesta FW - Framework и Firewall для WAF и DDoS mitigation, Александр Крижа...
Tempesta FW - Framework и Firewall для WAF и DDoS mitigation, Александр Крижа...
Ontico
 
Spectrum Scale Best Practices by Olaf Weiser
Spectrum Scale Best Practices by Olaf WeiserSpectrum Scale Best Practices by Olaf Weiser
Spectrum Scale Best Practices by Olaf Weiser
Sandeep Patil
 
Tsm7.1 seminar Stavanger
Tsm7.1 seminar StavangerTsm7.1 seminar Stavanger
Tsm7.1 seminar Stavanger
Solv AS
 
Sasi-AIX 3+ Resume
Sasi-AIX 3+ ResumeSasi-AIX 3+ Resume
Sasi-AIX 3+ Resume
Peyyala Sasidhar Reddy
 
Rate limiters in big data systems
Rate limiters in big data systemsRate limiters in big data systems
Rate limiters in big data systems
Sandeep Joshi
 
Lec13 cdn
Lec13 cdnLec13 cdn
Lec13 cdn
Aravindharamanan S
 
Basics of IBM Tivoli Storage Manager
Basics of IBM Tivoli Storage ManagerBasics of IBM Tivoli Storage Manager
Basics of IBM Tivoli Storage Manager
imagineers7
 
Ftp server linux
Ftp server linuxFtp server linux
Ftp server linux
Pawan Kumar
 
DB2 Pure Scale Webcast
DB2 Pure Scale WebcastDB2 Pure Scale Webcast
DB2 Pure Scale Webcast
Laura Hood
 
Application layer
Application layerApplication layer
Application layer
Neha Kurale
 
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
xKinAnx
 
Ch18
Ch18Ch18
Ch18
Welly Dian Astika
 
Virtualization overheads
Virtualization overheadsVirtualization overheads
Virtualization overheads
Sandeep Joshi
 
IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)
Austin Chang
 
Episode 3 DB2 pureScale Availability And Recovery [Read Only] [Compatibility...
Episode 3 DB2 pureScale Availability And Recovery [Read Only] [Compatibility...Episode 3 DB2 pureScale Availability And Recovery [Read Only] [Compatibility...
Episode 3 DB2 pureScale Availability And Recovery [Read Only] [Compatibility...
Laura Hood
 
6421 b Module-13
6421 b Module-136421 b Module-13
6421 b Module-13
Bibekananada Jena
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
Ali Broumandnia
 
12 cool features in defrag 12
12 cool features in defrag 1212 cool features in defrag 12
12 cool features in defrag 12
aosborne
 
Spectrum Scale Unified File and Object with WAN Caching
Spectrum Scale Unified File and Object with WAN CachingSpectrum Scale Unified File and Object with WAN Caching
Spectrum Scale Unified File and Object with WAN Caching
Sandeep Patil
 
Red Hat Global File System (GFS)
Red Hat Global File System (GFS)Red Hat Global File System (GFS)
Red Hat Global File System (GFS)
Schubert Zhang
 
Db2 recovery IDUG EMEA 2013
Db2 recovery IDUG EMEA 2013Db2 recovery IDUG EMEA 2013
Db2 recovery IDUG EMEA 2013
Dale McInnis
 
Episode 2 DB2 pureScale Installation, Instance Management & Monitoring
Episode 2 DB2 pureScale Installation, Instance Management & MonitoringEpisode 2 DB2 pureScale Installation, Instance Management & Monitoring
Episode 2 DB2 pureScale Installation, Instance Management & Monitoring
Laura Hood
 
Rha cluster suite wppdf
Rha cluster suite wppdfRha cluster suite wppdf
Rha cluster suite wppdf
projectmgmt456
 
Overview usage of ProudNet
Overview usage of ProudNetOverview usage of ProudNet
Overview usage of ProudNet
Hyun-jik Bae
 
WebSphere Technical University: Top WebSphere Problem Determination Features
WebSphere Technical University: Top WebSphere Problem Determination FeaturesWebSphere Technical University: Top WebSphere Problem Determination Features
WebSphere Technical University: Top WebSphere Problem Determination Features
Chris Bailey
 
Red hat Enterprise Linux 6.4 for IBM System z Technical Highlights
Red hat Enterprise Linux 6.4 for IBM System z Technical HighlightsRed hat Enterprise Linux 6.4 for IBM System z Technical Highlights
Red hat Enterprise Linux 6.4 for IBM System z Technical Highlights
Filipe Miranda
 

Contenu connexe

Tendances

6421 b Module-13
6421 b Module-136421 b Module-13
6421 b Module-13
Bibekananada Jena
 
Red Hat Global File System (GFS)
Red Hat Global File System (GFS)Red Hat Global File System (GFS)
Red Hat Global File System (GFS)
Schubert Zhang
 
Overview usage of ProudNet
Overview usage of ProudNetOverview usage of ProudNet
Overview usage of ProudNet
Hyun-jik Bae
 

Tendances (20)

Rate limiters in big data systems
Rate limiters in big data systemsRate limiters in big data systems
Rate limiters in big data systems
 
Lec13 cdn
Lec13 cdnLec13 cdn
Lec13 cdn
 
Basics of IBM Tivoli Storage Manager
Basics of IBM Tivoli Storage ManagerBasics of IBM Tivoli Storage Manager
Basics of IBM Tivoli Storage Manager
 
Ftp server linux
Ftp server linuxFtp server linux
Ftp server linux
 
DB2 Pure Scale Webcast
DB2 Pure Scale WebcastDB2 Pure Scale Webcast
DB2 Pure Scale Webcast
 
Application layer
Application layerApplication layer
Application layer
 
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
 
Ch18
Ch18Ch18
Ch18
 
Virtualization overheads
Virtualization overheadsVirtualization overheads
Virtualization overheads
 
IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)
 
Episode 3 DB2 pureScale Availability And Recovery [Read Only] [Compatibility...
Episode 3 DB2 pureScale Availability And Recovery [Read Only] [Compatibility...Episode 3 DB2 pureScale Availability And Recovery [Read Only] [Compatibility...
Episode 3 DB2 pureScale Availability And Recovery [Read Only] [Compatibility...
 
6421 b Module-13
6421 b Module-136421 b Module-13
6421 b Module-13
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
 
12 cool features in defrag 12
12 cool features in defrag 1212 cool features in defrag 12
12 cool features in defrag 12
 
Spectrum Scale Unified File and Object with WAN Caching
Spectrum Scale Unified File and Object with WAN CachingSpectrum Scale Unified File and Object with WAN Caching
Spectrum Scale Unified File and Object with WAN Caching
 
Red Hat Global File System (GFS)
Red Hat Global File System (GFS)Red Hat Global File System (GFS)
Red Hat Global File System (GFS)
 
Db2 recovery IDUG EMEA 2013
Db2 recovery IDUG EMEA 2013Db2 recovery IDUG EMEA 2013
Db2 recovery IDUG EMEA 2013
 
Episode 2 DB2 pureScale Installation, Instance Management & Monitoring
Episode 2 DB2 pureScale Installation, Instance Management & MonitoringEpisode 2 DB2 pureScale Installation, Instance Management & Monitoring
Episode 2 DB2 pureScale Installation, Instance Management & Monitoring
 
Rha cluster suite wppdf
Rha cluster suite wppdfRha cluster suite wppdf
Rha cluster suite wppdf
 
Overview usage of ProudNet
Overview usage of ProudNetOverview usage of ProudNet
Overview usage of ProudNet
 

Similaire à SMB Traffic Analyzer @ Samba Xp 2009

WebSphere Technical University: Top WebSphere Problem Determination Features
WebSphere Technical University: Top WebSphere Problem Determination FeaturesWebSphere Technical University: Top WebSphere Problem Determination Features
WebSphere Technical University: Top WebSphere Problem Determination Features
Chris Bailey
 
WS-VLAM workflow
WS-VLAM workflowWS-VLAM workflow
WS-VLAM workflow
guest6295d0
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
Freddy Buenaño
 
Membase Meetup 2010
Membase Meetup 2010Membase Meetup 2010
Membase Meetup 2010
Membase
 
SplunkLive! Washington DC May 2013 - Splunk App for VMware
SplunkLive! Washington DC May 2013 - Splunk App for VMwareSplunkLive! Washington DC May 2013 - Splunk App for VMware
SplunkLive! Washington DC May 2013 - Splunk App for VMware
Splunk
 
18587936 squid-proxy-configuration-guide - [the-xp.blogspot.com]
18587936 squid-proxy-configuration-guide - [the-xp.blogspot.com]18587936 squid-proxy-configuration-guide - [the-xp.blogspot.com]
18587936 squid-proxy-configuration-guide - [the-xp.blogspot.com]
Krisman Tarigan
 
Installing tivoli system automation for high availability of db2 udb bcu on a...
Installing tivoli system automation for high availability of db2 udb bcu on a...Installing tivoli system automation for high availability of db2 udb bcu on a...
Installing tivoli system automation for high availability of db2 udb bcu on a...
Banking at Ho Chi Minh city
 
Continuent Tungsten - Scalable Saa S Data Management
Continuent Tungsten - Scalable Saa S Data ManagementContinuent Tungsten - Scalable Saa S Data Management
Continuent Tungsten - Scalable Saa S Data Management
guest2e11e8
 
What’s New in Syncsort Ironstream 2.1
What’s New in Syncsort Ironstream 2.1What’s New in Syncsort Ironstream 2.1
What’s New in Syncsort Ironstream 2.1
Precisely
 

Similaire à SMB Traffic Analyzer @ Samba Xp 2009 (20)

WebSphere Technical University: Top WebSphere Problem Determination Features
WebSphere Technical University: Top WebSphere Problem Determination FeaturesWebSphere Technical University: Top WebSphere Problem Determination Features
WebSphere Technical University: Top WebSphere Problem Determination Features
 
Red hat Enterprise Linux 6.4 for IBM System z Technical Highlights
Red hat Enterprise Linux 6.4 for IBM System z Technical HighlightsRed hat Enterprise Linux 6.4 for IBM System z Technical Highlights
Red hat Enterprise Linux 6.4 for IBM System z Technical Highlights
 
What\'s new with SMB Traffic Analyzer
What\'s new with SMB Traffic AnalyzerWhat\'s new with SMB Traffic Analyzer
What\'s new with SMB Traffic Analyzer
 
Backtrack Manual Part6
Backtrack Manual Part6Backtrack Manual Part6
Backtrack Manual Part6
 
Automating Federal Aviation Administration’s (FAA) System Wide Information Ma...
Automating Federal Aviation Administration’s (FAA) System Wide Information Ma...Automating Federal Aviation Administration’s (FAA) System Wide Information Ma...
Automating Federal Aviation Administration’s (FAA) System Wide Information Ma...
 
WS-VLAM workflow
WS-VLAM workflowWS-VLAM workflow
WS-VLAM workflow
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
 
Practical solutions for connections administrators
Practical solutions for connections administratorsPractical solutions for connections administrators
Practical solutions for connections administrators
 
Z105760 whats new-dfsms-istanbul-v1902a
Z105760 whats new-dfsms-istanbul-v1902aZ105760 whats new-dfsms-istanbul-v1902a
Z105760 whats new-dfsms-istanbul-v1902a
 
Membase Meetup 2010
Membase Meetup 2010Membase Meetup 2010
Membase Meetup 2010
 
SplunkLive! Washington DC May 2013 - Splunk App for VMware
SplunkLive! Washington DC May 2013 - Splunk App for VMwareSplunkLive! Washington DC May 2013 - Splunk App for VMware
SplunkLive! Washington DC May 2013 - Splunk App for VMware
 
Как повысить доступность ЦОД? Введение в балансировщики трафика. Часть 2
Как повысить доступность ЦОД? Введение в балансировщики трафика. Часть 2Как повысить доступность ЦОД? Введение в балансировщики трафика. Часть 2
Как повысить доступность ЦОД? Введение в балансировщики трафика. Часть 2
 
iRODS Globus Connector
iRODS Globus ConnectoriRODS Globus Connector
iRODS Globus Connector
 
EMC SRM vs. Sentinel Navigator - Deep dive
EMC SRM vs. Sentinel Navigator - Deep diveEMC SRM vs. Sentinel Navigator - Deep dive
EMC SRM vs. Sentinel Navigator - Deep dive
 
18587936 squid-proxy-configuration-guide - [the-xp.blogspot.com]
18587936 squid-proxy-configuration-guide - [the-xp.blogspot.com]18587936 squid-proxy-configuration-guide - [the-xp.blogspot.com]
18587936 squid-proxy-configuration-guide - [the-xp.blogspot.com]
 
Installing tivoli system automation for high availability of db2 udb bcu on a...
Installing tivoli system automation for high availability of db2 udb bcu on a...Installing tivoli system automation for high availability of db2 udb bcu on a...
Installing tivoli system automation for high availability of db2 udb bcu on a...
 
VDCF Overview
VDCF OverviewVDCF Overview
VDCF Overview
 
Continuent Tungsten - Scalable Saa S Data Management
Continuent Tungsten - Scalable Saa S Data ManagementContinuent Tungsten - Scalable Saa S Data Management
Continuent Tungsten - Scalable Saa S Data Management
 
What’s New in Syncsort Ironstream 2.1
What’s New in Syncsort Ironstream 2.1What’s New in Syncsort Ironstream 2.1
What’s New in Syncsort Ironstream 2.1
 
Distributed Services Scheduling and Cloud Provisioning
Distributed Services Scheduling and Cloud ProvisioningDistributed Services Scheduling and Cloud Provisioning
Distributed Services Scheduling and Cloud Provisioning
 

SMB Traffic Analyzer @ Samba Xp 2009

  • 1. SMB Traffic Analyzer Holger Hetterich L3 Support Engineer SUSE Linux Products GmbH
  • 2. What is SMB Traffic Analyzer? Milestone 1 (current development) ➔ ➔Collect metadata of write and read processes on one or more samba servers. ➔Store data in a SQL queryable container. ➔Provide statistics based on this data, and visualize them Milestone 2 (long term goals) → later in this talk ➔ Testing 2
  • 3. SMB Traffic Analyzer: Overview Samba Server >= 3.2.x and concept Connection via smb_traffic_analyzer either unix domain- VFS module or internet socket. Stad daemon program, Feeds a database with incoming Client Data from the VFS module, configuration Accepts queries from clients storage, run SQL Storage of meta- queries data, maintenance of the database Stadview client program, Testing Visualizing collected data SQL enabled database 3
  • 4. The VFS module in detail Samba Server >= 3.2.x smb_traffic_analyzer VFS module Stad daemon program, Feeds a database with incoming Data from the VFS module, Accepts queries from clients Stadview client program, Testing Visualizing collected data SQL enabled database 4
  • 5. Looking at VFS smb_traffic_analyzer(1) “Sit in the VFS layer of samba, watch any Read or Write- file operation, and send data about this operations via network to a receiver.” ➔Introduced into the samba source tree at September 25, 2008 ➔Included in 3.2.x and 3.3.x, SLE11 ships it. ➔Fully transparent VFS module ➔Configured easily via smb.conf Testing ➔Can operate either on a unix domain socket or on an internet socket 5
  • 6. Looking at VFS smb_traffic_analyzer(2) – what data is stored? •Length of a data transfer in bytes •If the transfer was a Read or Write access •The name of the file involved in the transfer •The name of the user who initiated the transfer •The name of the domain under which the transfer happened Testing •A timestamp including date and time to the millisecond 6
  • 7. Looking at VFS smb_traffic_analyzer(3) A sample share configured for smb_traffic_analyzer. [pool1] path=/pool1 read only = No vfs objects = smb_traffic_analyzer smb_traffic_analyzer:host = localhost smb_traffic_analyzer:port = 3490 Or activating the object in the global section activates all shares: [global] vfs objects = smb_traffic_analyzer smb_traffic_analyzer:host = localhost smb_traffic_analyzer:port = 3490 7
  • 8. Looking at VFS smb_traffic_analyzer(4) – Is this legal at all? Exposing user related data is illegal in many countries. Two ways of anonymization: PREFIX + Hash-number: you can still recognize individual users: smb_traffic_analyzer:anonymize_prefix = User PREFIX: map any username to one string. smb_traffic_analyzer:anonymize_mode = Total Testing 8
  • 9. Samba Server The stad daemon in detail >= 3.2.x smb_traffic_analyzer VFS module Stad daemon program, Feeds a database with incoming Data from the VFS module, Accepts queries from clients Stadview client program, Testing Visualizing collected data SQL enabled database 9
  • 10. Looking at the stad daemon(1) “Be as fast as possible at accepting data from the VFS module, put the data into a SQL enabled storage. At the same time, maintain the database at the user's wish, and accept SQL queries about the data from clients.” ➔Configured via command line or ini-style config file ➔Caching data into the sytem RAM ➔Accepts multiple clients and VFS modules Testing 10
  • 11. Looking at the stad daemon(2) Simplest possible way to run stad: $ stad ­i 3490 - use database /var/lib/staddb with sqlite3 - accept VFS connection on internet socket port 3490 - accept client connections on internet socket port 3491 Advanced configuration is done in a config file, see the manpage. 11
  • 12. Looking at the stad daemon(3) – data processing plugins Why not a simple text file? Stad supports a plugin architecture for it's data processing. If there is no interest in a networked client or SQL queryable information, an other plugin can do the output. Currently shipping: - sqlite3 Plugin - CSV text file plugin (loadable with OpenOffice, Excel and friends) In Development: - MySQL Plugin - syslog plugin 12
  • 13. Looking at the stad daemon(4) – performance impact Thinkpad X61 configured as “all in one” system, copying 2.8 GB in 3.381 file objects to a share. → running stad, the database and the samba server Performance reduction : 39 % By changing the conservative default parameters of stads system RAM usage, enlarging it's memory area to hold data packages for the db, it was possible to reach a Performance reduction: 12% Dell QuadCore Desktop system as Samba server, and Blade server running stad and the db, copying 4.8 GB to a share. → stad and db separated from the samba server 13 Performance reduction : 16%
  • 14. Looking at the stad daemon(5) – storage is limited Without a regulating process, the database that is maintained by stad would grow and grow. This parameters in the config file will run the maintenance process every hour, and delete any data that is older than 5 days from the database.        [maintenance]        maintenance_timer = 01:00:00        maintenance_timer_config = 5,00:00:00 14
  • 15. Looking at the stad daemon(6) – stadtorture - A test utility for stad Stadtorture is a tool utilizing libsmbclient to produce traffic on a server. → creates a file set on two samba shares → copies files around with pauses → can record it's own run and playback → turn into a benchmarking tool 15
  • 16. Samba Server The stadview program in detail >= 3.2.x smb_traffic_analyzer VFS module Stad daemon program, Feeds a database with incoming Data from the VFS module, Accepts queries from clients Stadview client program, Testing Visualizing collected data SQL enabled database 16
  • 17. Looking at the stadview program(1) Show statistics about the data stored in the database. Update this information in real-time. Also try not to crash while being demonstrated at sambaXP :) At some day, run on the Windows platform. → utilitzing GTK and Cairo graphics → easy output to different devices → no local configuration → manage multiple sessions on a stad server 17
  • 18. Looking at the stadview program(2) Demonstration 18
  • 19. Where do we go to? ➔ Milestone 2 (long term goals) ➔Create appliances for stad: ➔Out of the box samba server/stad/stadview ➔Out of the box stad/stadview ready for network integration ➔Secure connections between VFS module/stad/stadview. ➔Collect any VFS operations (like full-audit) ➔Make table based applets for stadview ➔Make samba / stad a native Microsoft Event Testing Viewer Source ➔Have stadview running on Windows 19
  • 20. SMB Traffic analyzer – project data Homepage: http://holger123.wordpress.com/smb-traffic-analyzer/ Any component is GPLv3. Documentation: Detailed manpages with examples for all components. Around five people are working on SMB Traffic analyzer project since January 2008. Main contact in case of questions, patches or suggestions: ozzy@metal-district.de (Holger Hetterich) hhetter@novell.com 20
  • 21. SMB Traffic analyzer http://holger123.wordpress.com/smb-traffic-analyzer/ QUESTIONS AND ANSWERS 21