OpenFPC icon indicating copy to clipboard operation
OpenFPC copied to clipboard

Published 20 hours ago verified publisher icon leonward

extract.cgi not updated?

Open lps-rocks opened this issue 9 years ago • 4 comments

I get this error when attempting to use extract.cgi.

Is extract.cgi no longer used? Or has it been neglected from v0.2.1?

Error, Check server logs for more data Request format OFPC-v1 is depricated and no longer compatable with OFPC. Please update your OpenFPC Client

lps-rocks avatar Mar 19 '15 03:03 lps-rocks

Hi,

Yes it's not been updated and I was unfortunately distracted by real life in the middle of implementing a compatible yet more robust rest api. Apologies, I feel like I've done a disservice to those that used extract.cgi (I've had a few people contact me directly via email as well).

I'll try to forge out some time to get to a solution over the next few days. My bad.

leonward avatar Mar 19 '15 13:03 leonward

Life Happens. Just wasn’t sure if I was doing something wrong or what the deal has been.

Just so everyone knows rolling back to an older version does make the extract.cgi work. There are still releases at the old google code repository that work just fine.

On Mar 19, 2015, at 8:53 AM, Leon Ward [email protected] wrote:

Hi,

Yes it's not been updated and I was unfortunately distracted by real life in the middle of implementing a compatible yet more robust rest api. Apologies, I feel like I've done a disservice to those that used extract.cgi (I've had a few people contact me directly via email as well).

I'll try to forge out some time to get to a solution over the next few days. My bad.

— Reply to this email directly or view it on GitHub https://github.com/leonward/OpenFPC/issues/5#issuecomment-83589564.

lps-rocks avatar Mar 19 '15 23:03 lps-rocks

So I found some time. I've just pushed a version that now includes a basic restful API. There are slight differences in syntax and capabilities to what was available in the old cgi script, but I think it could be compatible with a few tweaks to your configuration. Give it a try on a test box somewhere, I don't have a system running Snorby anywhere so I'm looking for feedback. The installer script includes the API, but I've not yet added it to the .deb packages.

The one area you'll notice that is different is that the new API requires an API key, so authentication is far more usable than relying on a user to protect the CGI with basic_auth. I'm thinking that you may be able to set the URL to fetch the pcap from in Snorby to always include the apikey before the constraints, e.g.

curl -k https://localhost:4222/api/1/fetch?apikey=9EF2274C-F76D-_-__-_*********&dpt=53

If it doesn't work with Snorby, I can create a quick compatibility mode to hopefully keep of the need for any changes on that side.

Let me know what you discover. Notes for the API are in the /docs folder.

-L

leonward avatar May 11 '15 00:05 leonward

Sorry this took so long, I don't see any commits for extract.cgi.

Thanks!

lps-rocks avatar Jul 04 '15 08:07 lps-rocks