[New Port] net-mgmt/ourmon: Network Monitoring and Anomaly Detection System

	Ourmon is a network management and anomaly detection system
	for performing various SNMP RMON-like network analysis
	tasks.  It uses the BSD bpf in combination with RRDTOOL as
	well as various "top talker" style tuples including:  top-N
	flows which include IP, TCP, UDP, and ICMP flows, top SYN
	senders, top TCP/UDP ports, top single IP src to many IP
	dst senders, top single IP src to L4 (TCP/UDP), top ICMP
	errors which includes UDP creators of ICMP errors and other
	tools for both network management and anomaly detection.
	RRDTOOL graphs include a year of baselined information.
	New RRDTOOL graphs may be designed with user-configured BPF
	expressions a la tcpdump.  Reports and logging for top
	talkers are also included.

	WWW: http://ourmon.cat.pdx.edu/ourmon/

PR:		ports/84530
Submitted by:	Charlie Schluting <manos@cs.pdx.edu>

6 files changed, 283 insertions, 0 deletions

diff --git a/net-mgmt/Makefile b/net-mgmt/Makefile
index 37e5d937d38a..3036eafa4837 100644
--- a/net-mgmt/Makefile
+++ b/net-mgmt/Makefile
@@ -113,6 +113,7 @@
     SUBDIR += nstreams
     SUBDIR += openvmps
     SUBDIR += oproute
+    SUBDIR += ourmon
     SUBDIR += p0f
     SUBDIR += p5-Altoids
     SUBDIR += p5-Cflow
diff --git a/net-mgmt/ourmon/Makefile b/net-mgmt/ourmon/Makefile
new file mode 100644
index 000000000000..feb90b2b18e2
--- /dev/null
+++ b/net-mgmt/ourmon/Makefile
@@ -0,0 +1,69 @@
+# New ports collection makefile for:    ourmon
+# Date created: 01 May 2005
+# Whom:         Charlie Schluting <manos@cs.pdx.edu>
+#
+# $FreeBSD$
+
+PORTNAME=       ourmon
+PORTVERSION=    2.5
+CATEGORIES=     net-mgmt
+MASTER_SITES=   http://ourmon.cat.pdx.edu/ourmon/
+DISTNAME=       ourmon25
+
+MAINTAINER=     manos@cs.pdx.edu
+COMMENT=        A libpcap-based network monitoring and anomaly detection system
+
+BUILD_DEPENDS=  ${LOCALBASE}/lib/libpcap.a:${PORTSDIR}/net/libpcap
+LIB_DEPENDS=    gd:$(PORTSDIR)/graphics/gd
+RUN_DEPENDS=    rrdtool:$(PORTSDIR)/net/rrdtool
+
+#IS_INTERACTIVE= yes
+WRKSRC=         ${WRKDIR}/mrourmon
+USE_PERL5=	yes
+NO_INSTALL_MANPAGES=	yes
+#NO_PACKAGE=	yes
+NO_BUILD=	yes
+
+# where to install ourmon and also
+# where we build the ourmon runtime-script with configure.pl
+# note: we use the work directory simply for unpacking
+
+# make simply states assumptions, unpacks the system, and puts it in PREFIX
+pre-build:
+	@${ECHO_MSG} "install dir is PREFIX=\"${PREFIX}/mrourmon\""
+	@${ECHO_MSG} "We do not install apache or some other web server for you.
+	@${ECHO_MSG} "You should know where your apache docs directory is before make install."
+	@${ECHO_MSG} "You should also know which network interface you want ourmon to use."
+	@${ECHO_MSG}
+	@${ECHO_MSG} "Ourmon may be installed on one CPU or two.  If you"
+	@${ECHO_MSG} "are only installing the front-end probe, you do"
+	@${ECHO_MSG} "not need Apache, hence we do not install it."
+	@${ECHO_MSG} "If you are installing the back-end graphics engine"
+	@${ECHO_MSG} "(which needs a web server) do install Apache first, and note"
+	@${ECHO_MSG} "where the htdocs web directory lives.  You will need"
+	@${ECHO_MSG} "that for ourmon configuration.  If you simply"
+	@${ECHO_MSG} "want to install ourmon with both front-end and back-end"
+	@${ECHO_MSG} "on one CPU, then install Apache first on that machine."
+	@${ECHO_MSG}
+
+pre-install:
+.if exists(${PREFIX}/etc/ourmon.conf)
+    ${MV} ${PREFIX}/etc/ourmon.conf ${PREFIX}/etc/ourmon.conf.old
+.endif
+	$(CP) -R ${WRKSRC} ${PREFIX}
+
+# make install compiles and configures the system installing
+# all binaries in the local PREFIX/bin as well as asking
+# the user if he/she wants to install system start scripts
+# and modify /etc/crontab
+
+do-install:
+	cd ${PREFIX}/mrourmon && ${PERL5} configure.pl ${PREFIX}
+
+post-install:
+	@${ECHO_MSG} "Ourmon is installed in ${PREFIX}"
+	@${ECHO_MSG}
+	@${CAT} ${PKGMESSAGE}
+	@${ECHO_MSG}
+
+.include <bsd.port.mk>
diff --git a/net-mgmt/ourmon/distinfo b/net-mgmt/ourmon/distinfo
new file mode 100644
index 000000000000..ae114df92735
--- /dev/null
+++ b/net-mgmt/ourmon/distinfo
@@ -0,0 +1,2 @@
+MD5 (ourmon25.tar.gz) = 23353c42d2432793345b19ac0a77dfdb
+SIZE (ourmon25.tar.gz) =330622
diff --git a/net-mgmt/ourmon/pkg-descr b/net-mgmt/ourmon/pkg-descr
new file mode 100644
index 000000000000..fe5ab61c1b5f
--- /dev/null
+++ b/net-mgmt/ourmon/pkg-descr
@@ -0,0 +1,16 @@
+Ourmon is a network management and anomaly detection system for
+performing various SNMP RMON-like network analysis tasks.  It uses
+the BSD bpf in combination with RRDTOOL as well as various "top
+talker" style tuples including:  top-N flows which include IP, TCP,
+UDP, and ICMP flows, top SYN senders, top TCP/UDP ports, top single
+IP src to many IP dst senders, top single IP src to L4 (TCP/UDP),
+top ICMP errors which includes UDP creators of ICMP errors and other
+tools for both network management and anomaly detection.  RRDTOOL
+graphs include a year of baselined information.  New RRDTOOL graphs
+may be designed with user-configured BPF expressions a la tcpdump.
+Reports and logging for top talkers are also included.
+
+WWW: http://ourmon.cat.pdx.edu/ourmon/
+
+Created by: Jim Binkley <jrb@cs.pdx.edu>
+FreeBSD Port by: Charlie Schluting <manos@cs.pdx.edu>
diff --git a/net-mgmt/ourmon/pkg-message b/net-mgmt/ourmon/pkg-message
new file mode 100644
index 000000000000..e0d2bdc9dad6
--- /dev/null
+++ b/net-mgmt/ourmon/pkg-message
@@ -0,0 +1,28 @@
+For the FreeBSD port, we assume 
+
+/usr/local/mrourmon 
+
+is the base directory, although that can be overridden with
+the port Makefile.
+
+Read the INSTALL file in the ourmon base directory.
+**************************************************
+
+If you want to uninstall ourmon, read "uninstall.txt" in
+the base directory. 
+
+Be sure and inspect and modify the basic config file,
+at /usr/local/mrourmon/etc/ourmon.conf.  In particular
+set the notion of topn_syn home IP in the config file
+
+topn_syn_homeip  10.1.0.0       255.255.0.0
+
+to your home subnet and netmask.  
+
+After setting the config file up properly,
+in order to start the front-end probe process,
+named "ourmon", you must cd to the base directory  
+and run the ourmon probe from the start shellscript.
+
+# cd /usr/local/mrourmon/bin
+# ./ourmon.sh start
diff --git a/net-mgmt/ourmon/pkg-plist b/net-mgmt/ourmon/pkg-plist
new file mode 100644
index 000000000000..ca2e4293c53b
--- /dev/null
+++ b/net-mgmt/ourmon/pkg-plist
@@ -0,0 +1,167 @@
+mrourmon/src/ourmon/copyright.h
+mrourmon/src/ourmon/pid.c
+mrourmon/ACKS
+mrourmon/CHANGE.LOG
+mrourmon/CHANGES
+mrourmon/INSTALL
+mrourmon/README
+mrourmon/TODO
+mrourmon/VERSION
+mrourmon/deb.sh
+mrourmon/etc/README
+mrourmon/etc/cbpfexamples.conf
+mrourmon/etc/crontab.sample
+mrourmon/etc/ourmon.conf
+mrourmon/scripts/README
+mrourmon/scripts/checkmon.sh
+mrourmon/src/README
+mrourmon/src/distros/freebsd/Makefile
+mrourmon/src/distros/freebsd/distinfo
+mrourmon/src/distros/freebsd/pkg-descr
+mrourmon/src/distros/freebsd/pkg-message
+mrourmon/src/distros/freebsd/x
+mrourmon/src/ourmon/Makefile.bsd
+mrourmon/src/ourmon/Makefile.linux
+mrourmon/src/ourmon/Makefile.solaris
+mrourmon/src/ourmon/TODO
+mrourmon/src/ourmon/barthash.c
+mrourmon/src/ourmon/bytecodes.h
+mrourmon/src/ourmon/changed.c
+mrourmon/src/ourmon/config.h
+mrourmon/src/ourmon/docs/morep2p.txt
+mrourmon/src/ourmon/docs/p2p.txt
+mrourmon/src/ourmon/ehash.c
+mrourmon/src/ourmon/filter.h
+mrourmon/src/ourmon/hashicmp.h
+mrourmon/src/ourmon/hashport.h
+mrourmon/src/ourmon/hashscan.c
+mrourmon/src/ourmon/hashscan.h
+mrourmon/src/ourmon/hashsort.c
+mrourmon/src/ourmon/hashsort.h
+mrourmon/src/ourmon/hashsyn.h
+mrourmon/src/ourmon/interfaces.c
+mrourmon/src/ourmon/ipanalyze.c
+mrourmon/src/ourmon/ircscan.c
+mrourmon/src/ourmon/ircscan.h
+mrourmon/src/ourmon/machdep.c
+mrourmon/src/ourmon/nonipanalyze.c
+mrourmon/src/ourmon/ourmon.c
+mrourmon/src/ourmon/ourmon.h
+mrourmon/src/ourmon/sample.configs/foo.conf
+mrourmon/src/ourmon/sample.configs/goo.conf
+mrourmon/src/ourmon/sample.configs/icmp.conf
+mrourmon/src/ourmon/sample.configs/ourmon.conf
+mrourmon/src/ourmon/sample.configs/ourmon.conf.2
+mrourmon/src/ourmon/sample.configs/portrange.conf
+mrourmon/src/ourmon/sample.configs/test.conf
+mrourmon/src/ourmon/sample.configs/x.conf
+mrourmon/src/ourmon/sig.c
+mrourmon/src/ourmon/stats.h
+mrourmon/src/ourmon/trigger.h
+mrourmon/src/ourmon/util.c
+mrourmon/src/testcode/Makefile
+mrourmon/src/testcode/README
+mrourmon/src/testcode/testri.c
+mrourmon/src/web.code/Makefile
+mrourmon/src/web.code/NOTDONEYET
+mrourmon/src/web.code/README
+mrourmon/src/web.code/README.logs
+mrourmon/src/web.code/drawtopn.c
+mrourmon/src/web.code/testdraw.sh
+mrourmon/src/web.code/topn_udp.png
+mrourmon/src/web.code/udptest.sh
+mrourmon/src/web.html/Makefile
+mrourmon/src/web.html/README
+mrourmon/src/web.html/bpf-emailsyns.html
+mrourmon/src/web.html/bpf-errors.html
+mrourmon/src/web.html/bpf-p2p.html
+mrourmon/src/web.html/bpf-ports.html
+mrourmon/src/web.html/bpf-protopkts.html
+mrourmon/src/web.html/bpf-subnets1.html
+mrourmon/src/web.html/bpf-tcpcontrol.html
+mrourmon/src/web.html/bpf-unreach.html
+mrourmon/src/web.html/bpf-vpns.html
+mrourmon/src/web.html/cast.html
+mrourmon/src/web.html/flow.html
+mrourmon/src/web.html/icmpcodes.txt
+mrourmon/src/web.html/icmperror.html
+mrourmon/src/web.html/index.html
+mrourmon/src/web.html/indexstatic.html
+mrourmon/src/web.html/info.html
+mrourmon/src/web.html/info.topipa.html
+mrourmon/src/web.html/ipportscan.html
+mrourmon/src/web.html/ipproto.html
+mrourmon/src/web.html/iprange1.html
+mrourmon/src/web.html/ipscan.html
+mrourmon/src/web.html/irc.html
+mrourmon/src/web.html/l2proto.html
+mrourmon/src/web.html/netww.html
+mrourmon/src/web.html/ourarch.png
+mrourmon/src/web.html/pkts.html
+mrourmon/src/web.html/realhtml.txt
+mrourmon/src/web.html/size.html
+mrourmon/src/web.html/tcp3.html
+mrourmon/src/web.html/tcpports.html
+mrourmon/src/web.html/tcpscan.html
+mrourmon/src/web.html/tcpsyn.html
+mrourmon/src/web.html/tingting.html
+mrourmon/src/web.html/topn_icmp.html
+mrourmon/src/web.html/topn_ip.html
+mrourmon/src/web.html/topn_tcp.html
+mrourmon/src/web.html/topn_udp.html
+mrourmon/src/web.html/topnstat.html
+mrourmon/src/web.html/tworm.html
+mrourmon/src/web.html/udperror.html
+mrourmon/src/web.html/udpports.html
+mrourmon/src/web.html/udpscan.html
+mrourmon/src/web.html/udpweight.html
+mrourmon/uninstall.txt
+mrourmon/src/ourmon/hashicmp.c
+mrourmon/src/ourmon/hashport.c
+mrourmon/src/ourmon/hashsyn.c
+mrourmon/src/ourmon/trigger.c
+mrourmon/configure.pl
+mrourmon/makeclean.sh
+mrourmon/scripts/monupdate.sh
+mrourmon/scripts/runourmon.pl
+mrourmon/src/ourmon/cprogram.c
+mrourmon/src/ourmon/cprogram.h
+mrourmon/src/ourmon/filter.c
+mrourmon/src/ourmon/hashsort
+mrourmon/src/ourmon/monconfig.c
+mrourmon/src/ourmon/sample.configs/doit.sh
+mrourmon/src/ourmon/sample.configs/ourmon.sh
+mrourmon/src/ourmon/sample.configs/readit.sh
+mrourmon/src/ourmon/sample.configs/runourmon.sh
+mrourmon/src/testcode/testri
+mrourmon/src/web.code/batchip.sh
+mrourmon/src/web.code/batchipall.sh
+mrourmon/src/web.code/daily.pl
+mrourmon/src/web.code/irc.pl
+mrourmon/src/web.code/mklogdir.sh
+mrourmon/src/web.code/monbackup.pl
+mrourmon/src/web.code/notdoneyet/makepics.pl
+mrourmon/src/web.code/ombatchip.pl
+mrourmon/src/web.code/ombatchipsrc.pl
+mrourmon/src/web.code/ombatchsyn.pl
+mrourmon/src/web.code/omupdate.pl
+mrourmon/src/web.code/omupdate.sh
+mrourmon/src/web.code/tcpworm.pl
+mrourmon/src/web.code/topipa.pl
+mrourmon/src/web.code/wormtolog.pl
+
+@dirrm mrourmon/tmp
+@dirrm mrourmon/src/web.html
+@dirrm mrourmon/src/web.code/notdoneyet
+@dirrm mrourmon/src/web.code
+@dirrm mrourmon/src/testcode
+@dirrm mrourmon/src/ourmon/sample.configs
+@dirrm mrourmon/src/ourmon/docs
+@dirrm mrourmon/src/ourmon
+@dirrm mrourmon/src/distros/freebsd
+@dirrm mrourmon/src/distros
+@dirrm mrourmon/src
+@dirrm mrourmon/scripts
+@dirrm mrourmon/etc
+@dirrm mrourmon/bin
+@dirrm mrourmon