It’s hackweek time again at SUSE, and we are using the time to improve SMB Traffic Analyzer. At some point we decided to move the whole SMB Traffic Analyzer software suite to QT4. This movement is fronted by Nanuk Krinner, who already implemented our realtime component smbtamonitor-qt. His work at hackweek 9 will improve the graph display, and it’s realtime movement. I am working on a port of the object selector of webSMBTA to QT4, and a solid integration of smbtaquery with smbtamonitor-qt. Once we have reached a certain point of integration, we will work on porting webSMBTA features to smbtamonitor-qt. We found it hard to deal with framework updates for webSMBTA. Since webSMBTA is based on smbtaquery too, it won’t be dead anytime soon, but we certainly will give more attention to the QT port in future.
Check out Hackweek 9, and explore all the cool ideas people have put on the table to hack on for a week!
We’ve got a slot at the Erlanger Linuxtag 2012 to present and demo SMB Traffic Analyzer version 1.2.6, which was released in July. Erlanger Linuxtag is organized by Erlug e.V., and will happen within the buildings of Medical Valley Center. Check out the schedule for this upcoming event!
Should you read this article in a blog roll, and have the impression what you read is from outer space, note this article is about the SMB Traffic Analyzer project, a software suite to provide statistical traffic analysis for Samba networks.Summary: with a development time of about a year SMB Traffic Analyzer (SMBTA from now on…) version 1.2.6 has risen out of our git repositories to represent a new milestone for the project, bringing full buckets of features and bug fixes to the table. With Nanuk Krinner, another developer joined the team and brought in completely new areas of SMBTA usage, by creating a component for desktop usage. To view all the details on this release, the tracker bug for this release can be viewed here, and the list of bugs being handled by this version is: 8167 8168 8172 8205 8206 8210 8232 8237 8270 8280 8288 8298 8321 8439 8496 8497 8919 8932 8934 9061
The whole real-time infrastructure has been redesigned and rebuilt. We have concentrated on making the interface simpler, and splitted the infrastructure into a very simple and lightweight generic client called “smbtamonitor-gen“, that can be called by a parent process (such as a graphical client), connect to smbtad and interface with the parent by unix domain sockets on the local machine. This allows us to develop more complex real time applications that don’t need to cope with the low level networking to smbtad. For a start, we have developed two basic real-time apps, a text mode client for the command line interface, called “smbtamonitor-cli” that does nothing else than posting traffic values on the command line and can be used as a foundation for more complex clients,
and Nanuk Krinner developed a first version of “smbtamonitor-qt“, a real-time application employing the QT library to allow a new level of usability and features on the desktop level. Although being seen as a starter, smbtamonitor-qt is already able to dynamically zoom in and out of Samba traffic in real-time, from a time range of a day, to a scale of up to 5 seconds ( bso#8932, bso#8919). Also we have fixed a crash in the smbtamonitor-gen component when a Samba object could not be identified (bso#8280).
Since SMBTA is not only about real-time, the project relies on a database to store Samba traffic that happened in the past. Here we track more detailed data, such as usernames, filenames, and ip addresses to name a few. The groundwork tool to allow for stable, complex and portable querying of this data is smbtaquery, which produces XML that allows other tools sitting on top of smbtaquery to interpret and create views out of the data. smbtaquery has relativly complex time functions that allow to limit queries over specific timeframes. The qouting mechanism in smbtaquery has been enhanced to allow more complex timestamps given as time delimiters in functions (bso#8169), and a segmentation fault when no database driver was given either in configuration or by command line, has been fixed (bso#9061).
We have fixed a segmentation fault in smbtaquery (bso#9061), and fixed a crash of smbtad when handling multiple real-time clients (bso#8934).
When updating from a former version of SMBTA, it was usually necessary to call “smbtad -C” to convert the existing database to the newer version where we have added features. Due to changes in the database scheme, that now includes integrated version control, smbtad just needs to be restarted, and it will check the database version against the format that it is running on, and convert the database fully automatically when needed. There are also new functions to smbtaquery to allow the user to check that any component is up to date. (bso#8206). smbtad will now also dynamically update the protocol version of VFS modulesthat are connecting to it. Therefore, within a “report” function, smbtaquery is able to tell the user
about the status of the whole software chain, and adds comments and notes to where it applies. For example, the VFS module, as coming from a specific Samba version, might already implement a few new features that are not yet used in SMBTA by smbtad and the rest of the tools. These features might be added later to the rest of the software suite, and smbtad simply ignores these features to stay compatible. The report function in smbtaquery is able to inform the user about this status. Last but not least, SMBTA 1.2.6 can also self check online for a new version of the software package, so that the user will be informed about the availability of a new version of SMBTA on it’s website.
Administrators will have a new function that allows to retrieve the configuration settings of a remote running smbtad instance. There are two versions of it, one returns a fully commented list of configuration settings, another is in a simpler format just listing all the configuration values. This function is of help in bug reports. It can be called from within webSMBTA.
Upon user requests, we adapted smbtad to also run on sqlite3, again. This time via libDBI, and all our initial tests worked fine as far as smbtad is involved. Tests using smbtatools are still pending and any user who wants to join testing smbtatools for sqlite3 is highly welcome (bso#8288).
The webSMBTA component now integrates user management and authentification, allowing for
users that have administrator-rights and normal users. Functions such as the remote configuration report of smbtad are only able to be used by administrator-class users. webSMBTA allows full user management within the web interface. More than one admistrator-class user can be added, and also as much users as wanted. (bso#8167).
In addition to this, webSMBTA stores the functions that a user has been running, and is able to restore the “workplace” of every user when logging in (bso#8496). Every function callable in webSMBTA now has a way to produce alternative output. That means, not only HTML, the user can also request the output in ASCII (or any other format we might support in future), and webSMBTA will offer the alternative format as a download. Related to this new feature, it also offers a print-view on every function it is running. (bso#8172). The webSMBTA functionality to select time modifiers has been enhanced and allows comfortably to select time ranges by using a calendar widget.
One of the really cool additions to webSMBTA is an integrated “global search”.
The user can just enter free form text and webSMBTA will search through the whole database while typing, and identify each objects it is going to find. Clicking on one of the found objects will automatically set the object chooser of webSMBTA to point at this object. This function greatly eases usability and offers a fascinating
way to search through a Samba network (bso#8237, bso#8298). To easy the way webSMBTA is handling the database, a “–test-db” option has been added to smbtaquery, allowing to only test the database connection, and do nothing else. This allows for better error handling within webSMBTA (bso#8270). For it’s internal operations, webSMTA is requesting some space to temporary store some helper files. The path on the filesystem to use these helper files has been hardcoded to /tmp in former versions, now a variable temporary storage path can be given by setting the Dir.tmpdir variable inside of webSMBTA (bso#8497), wich is of help on systems where the usual /tmp path is not reachable or an other temporary storage path has to be used. On a side note, webSMBTA has been ported and tested on rails 3.2 during the Hackweek event at SUSE in 2012.
Our project documentationis no longer available within the package.
Instead, Benjamin Brunner converted the whole documentation from asciiDOC to wiki format and moved it to SambWiki in an effort around the Hackweek8 event at SUSE. This will allow developers to quickly change the documentation in future, a motivational plus when it comes to maintain the documentation in relation to bugs and features Many thanks to Benjamin for this large effort, it marks a starting point for us to move SMBTA to a new homepage, which is in our plans.
We have once again changed the database format, this time for good hopefully. We have simplified the database format a lot to help making new features much more trivial and easier to implement. Additionally, we store more dynamic data in the database while smbtad is running, such as the number of connected modules, and from where (from which IP) they come from (bso#8205). A critical bug in smbtad has been fixed, that now assumes that any filename or path entries in the database have to be qouted. In former versions, filenames such as ‘ “hello world” ‘ could have caused problems when querying the database (bso#8232). smbtad now allows to bind to an interface address and works as well as within IPv4 and IPv6 networks (bso#8321).
Benchmarking and performance
tests have been run to show the speed penalty one gets from using SMBTA. By using the Phoronix testsuite, Robert Piasek has run a few tests employing exactly what smbtad was optimized for, and we have added the results to the package. Performance loss is one the most asked questions when we are doing presentations around SMBTA everywhere (bso#8210).
SMB Traffic Analyzer is free software, released under GPLv3. For more information, please visit it’s homepage.
During Hackweek8 @ SUSE, Benjamin Brunner has finished the conversion of our ASCIIdoc based documentation set to the SambaWiki. The SMBTA development team considers this as a major step to a new website for SMB Traffic Analyzer. It is our idea to no longer maintain the ASCIIdoc based documentation, but instead keep the Wiki documentation up to date, delivering tarballs of it within the smbtatools package for offline usage.
Still, there are a few places here and there where the documentation needs to be fine tuned, but the main work is done, and we are more than happy with the result! This enables individual developers of the team to easily add and change the documentation when it is required. Thank you Benjamin!
Well last weeks have been pretty busy. With a 10 hours flight, we arrived at San Francisco to get to San Diego to visit the Teradata Partners conference, an excellent event that included good discussions and lots of acceptance and recognition for SUSE Linux. I liked the way talks have been organized, or to say it in other words it was a matter of downloading an Android app to always have the overview. We served the SUSE booth at the conference, got involved into lots of discussions about the OS, and I was even happier in the moments when people asked questions on openSUSE – this is showing clearly that the project is well known! To leave some words on San Diego is very simple: Gaslamp Quarter, I’ll be back, and have a few more beers at Rock Bottom!
We then drove from San Diego to Salt Lake City by car. Having some days of vacation in between, this was the best choice. During our travel we stopped by and visited San Diego Zoo, the Joshua Tree national park, Zion national park, and Bryce Canyon.
In Salt Lake, Novell’s Brainshare conference was about to start. And guess what I’ve had the chance to present SMB Traffic Analyzer at this amazing conference! I’ve had the presentation two times actually, presenting the very latest development snapshot of SMBTA and while it was not visited by so many people, the ones who listened have been very tough and showed great interest, giving me the chance to make new contacts, and lots of discussion about Samba and SMB Traffic Analyzer, and openSUSE. So to bring this to an end: Brainshare was exciting!
SMB Traffic Analyzer is developing healthy. I was presenting Benjamin Brunner’s work on the real-time search function, user management, and the very latest statistic functions in webSMBTA. We haven’t had a release in the last months, which is unusual for SMBTA. That is actually caused by features we want to implement for the release. These features, such as SVG graphics for usage diagrams are not yet done,and I am working on it.
You guess it, we finally got a slot for a presentation at the wonderful openSUSE conference for SMBTA. To me, it is remarkable to see a project like SMBTA being presented at OSC because it is not really something related to openSUSE. It’s not that SMBTA improves your boot time, or discusses details of the buildservice, or makes your life with the openSUSE distribution better in any way. SMBTA is very likely not even interesting to the casual user, except for some administrators.
That said, SMBTA was born inside of the openSUSE infrastructure, growing to a project used on different distributions and operating systems, such as Solaris. And the one thing we can really say is that we exploited all the services that make up openSUSE to the core. We used the openSUSE Buildservice from the beginning, and we use appliances created by SUSE Studio for both demoing and developing SMBTA.
With the recent release of Samba 3.6.0, among it’s top changes like full SMB2 support and other major features, it is also prime time for SMBTA. The Virtual File System layer module that supports our current infrastructure is included in this release of the Samba CIFS server and that marks a milestone for our project. SMBTA is already used in production at some sites, and the release of Samba 3.6.0 will hopefully forward this trend.
Benjamin Brunner and me will give an introduction talk to SMB Traffic Analyzer at the openSUSE conference and most likely live-demo the software chain. We’ll welcome anyone interested to join our presentation at OSC!
… is a point in time where I think it makes sense to show off a few of the things we are working on. While we will introduce deep changes to the database this time, and are working on a way to establish integrated version control for all components of SMB Traffic Analyzer, we will also have some features that simply rock for end users.
Such as Benjamin Brunner of the development team has taken the search function to a new level by creating a simple way to fuzzy search your full Samba network:
Other stuff we are working on for SMBTA 1.2.6 are about making it easier for the administrator to inspect and check the SMBTA setup. Among these, SMBTA 1.2.6 will be able to tell which VFS modules have connected, which protocol version was used by them, and where they did come from. Should it be required, for example for bugreports, the smbtad configuration can be retrieved in an easy way through smbtatools. SMBTA 1.2.6 components will self check for version updates and can tell the administrator what needs to be done in case of configuration errors.