IMSpector, file?
-
If you have not, please upgrade the package to version 0.3
The logs will be under the /var/log/imspector directory. It will create subdirectories under that one for ICQ-AIM, MSN, etc. The sub directories only get created when they are saved to. So if no messages are being sent then you will just have an empty /var/log/imspector directory.
If you are sending messages and don't see the logs, from the console, select option 8 shell. Then issue the following commands to stop imspector and start it in debug mode.
killall imspector
imspector -d -c "/usr/local/etc/imspector/imspector.conf"You will see output similiar to below when a message is sent. What client are you using, AIM 5.x series, AIM Pro, AIM Tritton, ICQ 5.1, Trillian, MSN, IRC etc. Be specific on the version. There have been improvements made since the 0.3 release to the ICQ/AIM support and depending on the client you use this might be why you are not seeing the messages get logged. If that is the case I can get you the updated files.
imspector: ICQ-AIM: Outgoing message, uin: rsw686 remoteid: Aslak333
imspector: ICQ-AIM: Plain-text message tag 2 found, len: 113
imspector: ICQ-AIM: Message string tag 0x0101 found, len: 102
imspector: 1 elements in imevents
imspector: Debug: Event: Client address: 10.10.1.150:1805
imspector: Debug: Event: Timestamp: 1165696322
imspector: Debug: Event: Protocol: ICQ-AIM
imspector: Debug: Event: Type: MSG_OUTGOING
imspector: Debug: Event: LocalID: rsw686
imspector: Debug: Event: RemoteID: Aslak333
imspector: Debug: Event: Data: test messageIf your not seeing the above try logging onto your client and watching the debug output. You should see the following when a client logs onto aim/icq similar for other protocols.
imspector: ICQ-AIM: Login request, uin: rsw686
imspector: ICQ-AIM: Login response, uin: rsw686
imspector: Connection from: 10.10.1.150:1826
imspector: Finished with child: 10.10.1.150:1825
imspector: ICQ-AIM: Stored cookie, uin: rsw686
imspector: ICQ-AIM: Found cookie, uin: rsw686The .imspectoricqcookie and .imspectorlog files in the /tmp directory are unix sockets for IMSpector. You don't want to modify those. IMSpector is multi-threaded and they handle the logging process and icq/aim screen name to cookie lookup.
-
Hello,
I have the same problem. I installed new pfSense (today), i installed imspector package (which succeeded).
Imspector created directory for logging "/var/log/imspector/". But now I am chating on MSN, but no log file appears.
I would like to log only MSN protocol on both network interfaces (I have one WAN, one LAN and one OPT interface active), so I chose "Enable IMSpector", "LAN and OPT interfaces", "Listen on MSN protocol" and "Enable file logging".I am running at the moment imspector in debug mode, but when executing command imspector -d -c "/usr/local/etc/imspector/imspector.conf" the output was:
# imspector -d -c "/usr/local/etc/imspector/imspector.conf" imspector: Protocol Plugin name: IRC IMSpector protocol plugin imspector: Protocol Plugin name: MSN IMSpector protocol plugin imspector: Logging Plugin name: Debug IMSpector logging plugin imspector: Logging Plugin name: File IMSpector logging plugin
I checked via ps, if any imspector process is running and I can see two of them:
# ps -ax | grep imspector 2906 p0 I+ 0:00.05 imspector -d -c /usr/local/etc/imspector/imspector.conf 2907 p0 I+ 0:00.02 imspector -d -c /usr/local/etc/imspector/imspector.conf 3001 p1 R+ 0:00.01 grep imspector
Now I have no idea, what to do.
Is it possible, that everything is running OK, but only that log file appears once per day or sth?
Should I set any proxy on my MSN client?I am using gaim for MSN or MSN messenger 7.5. Not web or live versions.
Thanks for help!
Vito. -
The log file will appear immediately. The file(s) should be something like /var/log/imspector/MSN/localid/remoteid. Also when running in debug mode it will show you the messages as they are sent.
-
Hey,
hm… Now I am waiting for about half day and still nothing. I even tried making new folders inside and everything is working well (of course, I am logged in as root).
I am out of ideas.Thanks for help,
Vito. -
When you run it in debug mode you should see the debug output when you connect to MSN and send messages. Do you get any of that? It will create the folders and files automatically.
-
Hm.. Strange.
When running in debug mode, I get only this output and nothing happens, even if I chat over MSN:# imspector -d -c "/usr/local/etc/imspector/imspector.conf" imspector: Protocol Plugin name: MSN IMSpector protocol plugin imspector: Listening on 0.0.0.0:16667 imspector: Logging Plugin name: Debug IMSpector logging plugin imspector: Logging Plugin name: File IMSpector logging plugin
And this is my config file:
# cat imspector.conf plugin_dir=/usr/local/lib/imspector msn_protocol=on file_logging_dir=/var/log/imspector icq_trace_error=on
I tried yet many other possibilities (turning imspector on for only one network interface, turning all protocols on and off, I tried also fetching and running that script which I found on some other topic (sh-update-imspector.sh) and it did not return any error).
Just for info: imspector is my only package and I have only two nat/firewall rules for entering my pfSense from the web (http and ssh).
Any Idea, what is wrong?
Thanks,
Vito. -
Just dawned on me. Are you leaving MSN signed on while changing the settings. You need to sign on to MSN again after you start imspector. Otherwise it will not get redirected through imsepctor.
-
Hey,
I thought that could be an issue, yes. Now I waited for couple of days, I am now sure that everybody re-logged to msn. But still nothing.
Should I try ICQ or some other IM protocol?Thanks for help!
Vito. -
I thought there might be another disturbing thing… My personal firewall from zonelabs. I have ZoneAlarm Security Suite installed, which should scan also my IM traffic. But now i turned IM security off and still nothing.
Is my case hopeless?
-
I don't understand what is going on. The founder of SmoothWall wrote the code and it is included in SmoothWall Express. I have worked with him to add many enhancements. He uses MSN exclusively and I have also verified that it works. Have you tried other protocols? I've been running IMSpector for months now. The only thing that comes to mind is you have some firewall / nat rules above that is blocking it from going to IMSpector.
-
Thanks for help, I see that it's hopeless case. But I can tell you that I have NO rules (except of two for entering my pfsense from other location). I will try other protocols soon as I arrive home again. Will tell you when I succeed!
Best regards,
Vito. -
Could you run the following command on the pfSense box. It will show the rules created by IMSpector. I'm wondering if the rules are not being put into place.
pfctl -aimspector -sn
You should get output similiar to
rdr pass on fxp1 inet proto tcp from any to any port = 1863 -> 127.0.0.1 port 16667
rdr pass on fxp1 inet proto tcp from any to any port = aol -> 127.0.0.1 port 16667
rdr pass on fxp1 inet proto tcp from any to any port = mmcc -> 127.0.0.1 port 16667What version of pfSense are you running? The anchor for pf was added beginning on 1.0.1-SNAPSHOT-11-24-2006. If your running a version older than that you will need to upgrade to get IMSpector to work.
In one way I hope this is the problem as it would explain everything. Hopefully this didn't waste too much of your time. I didn't even think about it since it is mentioned in the package description.
-
If you get it working you should run the below command to update IMSpector. I have added in real time log viewer.
fetch -o - http://wgnrs.dynalias.com:81/pfsense/imspector/sh-update-imspector.sh | sh -
-
Me idiot. I am really sorry for "spamming" the forum. Of course, I made it finally. As I wrote on my first post here
…I installed new pfSense (today)...
I did not do anything wrong. But the point is that I downloaded last release which was not "snapshot". I noticed yesterday, that even if I downloaded it on 2007, my version was dating October 2006. And of course updating did not succeed. Today I downloaded latest "iso" snapshot and installed it fresh, installed also imspector package and it is working perfect now.
Once again, many thanks to rsw686 for help!
Vito. -
Glad you got it working. The forum is here to help people out, I don't mind at all. :)
-
I'm using MySQL logging.
Which, with the update you posted, works just fine - I can see the entries in the MySQL database.
However, the entries do not show up in the IMSpector LogViewer in the pfSense interface.
-
I'm using MySQL logging.
Which, with the update you posted, works just fine - I can see the entries in the MySQL database.
However, the entries do not show up in the IMSpector LogViewer in the pfSense interface.
The log viewer only supports file based logs.
-
I'm not sure if this should go here or if i need a new thread:
Is the imspector log file supposed to empty out with every reboot? imspector works fine, but after i reboot the log folder is empty. Is there some setting i'm missing?
Also, the word "viwer"(viewer) is misspelled on the log page. I have the build from about 3 days ago, so i'm not sure if it's fixed.
thx.
-
I'm not sure if this should go here or if i need a new thread:
Is the imspector log file supposed to empty out with every reboot? imspector works fine, but after i reboot the log folder is empty. Is there some setting i'm missing?
Also, the word "viwer"(viewer) is misspelled on the log page. I have the build from about 3 days ago, so i'm not sure if it's fixed.
thx.
I fixed the spelling mistake. I never even noticed it. Thanks.
As far as the logs being emptied on reboot it I'll have to look into that.
-
I changed the log directory to /var/imspector for now. Reinstall the package, navigate to the imspector settings page and click change.
If you want to keep your current logs you can stop the package, move the logs from /var/log/imspector to /var/imspector and then do the above.
We're going to look into making a /var/log/persistent directory so the logs will probably get moved to /var/log/persistent/imspector in the future. I will update this thread if/when that occurs.