Lockdown: Setup / Usage

Running the Program

The code requires Java 1.6. The following are the files/directories in this distribution.

• Introduction (this file)
• Lockdown.jar: A compiled jar file is provided to be run directly.
• src: The directory contains all source codes. You may want to import into your favorite IDE for change/compilation of code.
• program_filter.conf: Required by parser. A list of key/value pairs for grouping application names. Sometimes the name is truncated and we do not want different names that essentially are the same application.
• signal.thread: Required by parser. 0 for normal, any positive number sends a stop signal to all parsing threads for safe exit (state consistency).
• IP.allow: Required by file\_server. An IP-based ACL list checked by the file server before sending data to the querying client (such as the viewer). Append your host's IP to this list.
• viwer.conf: Required by viewer. Contains all configuration parameters. You need to modify the following:
  • file server name and port
  • LDAP server name, port and other parameters for querying user ID to full name, affiliate, etc.
  • Your organization network prefix and cluster grouping prefix/sub-domain
• lib: Required by viewer. A directory contains all library used, such as Prefuse library for displaying graphs, JFreeChart for plotting charts.

Preparation

First, unpack this zip file and create a bunch of directories in order for the agent to upload files. Second, create a local account for the agent. Third, create two directories: ``log'' and ``startup'' at the same level where you put Lockdown.jar. Note the two directories need write privilege for the agent account, otherwise the agent cannot 'scp' the data into these directories.

Other directories/files that will be crated automatically if not exists such as ``Processed'', ``Processed_gzip'', ``GUI_DATA'', etc. They are explained in the two above figures.

Command line usage to run the program

Note: you may want to use nohup command to run the server/parser so it will continue to run even after you log off. The program output will be appended to nohup.out.

• Start the parser
  • To run: java max_VM_mem -jar Lockdown.jar NumOfThreads # daysAhead(0.5=48files) verbose(0=min) timing(0=no) minutes_between_each_round(0=once).
  • Example: nohup java -mx1500m -jar Lockdown.jar -parser 1 0.5 1 0 0.01 &
  • Note: Make sure all the directories are created as explained Sec II. The runner needs rwx for 'log' and 'startup' directory and rw for all files under these directories.
• Start the file server
  • To run: nohup java -jar Lockdown.jar -fileserver [port] &
  • Default TCP port is 8888
  • Note: Make sure the IP.allow list exists, repository_text directories have data to serve, and the runner has privilege to read LFS directory, read IP.allow file, and read/write privilege to repository_text directory and current working directory (for logging server activities purpose)
• Aggregator
  • Aggregate the finished/active records from LFS by extracting 'established' connections, save to one single text file.
  • The file server will automatically spawn a thread that call Aggregator. However, you may explicitly invoke this procedure.
  • To run: java -jar Lockdown.jar -aggregate [start(-1/UTC sec)] [end]
• Start the viewer
  • To run: java max_stack max_heap -jar Lockdown.jar -explorer [start_time][end_time]
  • Example: java -Xss1m -Xmx1000m -jar Lockdown.jar -explorer 10/23/2008 10/23/2008
  • Select time window to examine and click ``update'' button.

Download PDF LFS.pdf.