-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathhack.txt
72 lines (51 loc) · 3.16 KB
/
hack.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
SQL console:
kc exec -it chi-netmeta-netmeta-0-0-0 -- clickhouse-client -mn
Kafka console consumer:
kc exec netmeta-kafka-0 -c kafka -- bin/kafka-console-consumer.sh --bootstrap-server netmeta-kafka-bootstrap:9092 --topic flow-messages
CentOS 8 iptables-legacy:
```
FROM fedora:32
RUN INSTALL_PKGS="iptables" && \
dnf install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \
dnf clean all -y
```
podman build -t netmeta-toolbox:latest .
podman run --privileged --rm --net=host netmeta-toolbox:latest iptables-legacy -S
Show consumer groups:
kc exec netmeta-kafka-0 -c kafka -- bin/kafka-consumer-groups.sh --bootstrap-server netmeta-kafka-bootstrap:9092 --describe --offsets --all-groups
tcpdump pod:
nsenter --net=/proc/$(pidof goflow)/ns/net tcpdump -i any
Interactively run SQL migrations:
kc exec -it chi-netmeta-netmeta-0-0-0 -- clickhouse-client -mn < schema/1_init.up.sql
kc exec -it chi-netmeta-netmeta-0-0-0 -- clickhouse-client -mn < schema/1_init.down.sql
Using kafkacat:
kubectl run kafkacat -i --rm=true --image=confluentinc/cp-kafkacat:latest --restart=Never -- kafkacat -b netmeta-kafka-bootstrap:9092 -L
goflow metrics debugging:
curl -s [::1]:18080/metrics | grep -v ^#
Remotely debug running goflow process:
go get github.com/go-delve/delve/cmd/dlv
cp /proc/$(pidof goflow)/exe /goflow
go/bin/dlv --listen "10.42.0.1:2345" --headless --api-version=2 --accept-multiclient attach $(pidof goflow)
rm /goflow
Manually adjust TTL:
alter table default.flows_raw modify ttl Date + toIntervalDay(20);
List oldest partitions:h
select distinct partition from system.parts limit 10;
Drop partitions:
alter table flows_raw drop partition '2020-06-15';
alter table flows_raw drop partition '2020-06-16';
alter table flows_raw drop partition '2020-06-17';
...
Rebuild services:
scripts/build_containers.sh && (cd deploy/single-node/services && cue apply)
risinfo queries:
select dictGetUInt32('risinfo', 'asnum', tuple(reinterpretAsFixedString(toIPv6('::1.1.1.1'))));
select dictGetUInt32('risinfo', 'asnum', tuple(reinterpretAsFixedString(SrcAddr))) AS SrcAsn, count(*) from flows_raw group by SrcAsn order by count(*) desc limit 20;
select dictGetString('autnums', 'name', toUInt64(3320));
select dictGetString('autnums', 'country', toUInt64(3320));
Change portmirror sampleraddress data:
create table flows_raw_old ENGINE = MergeTree() PARTITION BY Date ORDER BY (TimeReceived, FlowDirection, SamplerAddress, SrcAS, DstAS, SrcAddr, DstAddr) AS SELECT
if(SamplerAddress == toIPv6('::OLD_ADDRESS'), toIPv6('::ffff:NEW_ADDRESS'), toIPv6('::0.0.0.0')) as SamplerAddress, * from flows_raw where SamplerAddress != toIPv6('::0.0.0.0');
INSERT INTO flows_raw SELECT Date,FlowType,SequenceNum,TimeReceived,SamplingRate,FlowDirection,SamplerAddress,TimeFlowStart,TimeFlowEnd,Bytes,Packets,SrcAddr,DstAddr,EType,Proto,SrcPort,DstPort,InIf,OutIf,SrcMac,DstMac,SrcVlan,DstVlan,VlanId,IngressVrfId,EgressVrfId,IPTos,ForwardingStatus,IPTTL,TCPFlags,IcmpType,IcmpCode,IPv6FlowLabel,FragmentId,FragmentOffset,BiFlowDirection,SrcAS,DstAS,NextHop,NextHopAS,SrcNet,DstNet from flows_raw_old;
ALTER TABLE flows_raw DELETE WHERE SamplerAddress = toIPv6('::OLD_ADDRESS') Settings mutations_sync=1;
drop table flows_raw_old;