IMSpector, file?

soft0

Hey!

I upgraded to "1.0.1-SNAPSHOT-12-08-2006" on to my router, and then i tried to install IMSpector. The installation went fine and then i checked the "Enable file loggin", the protocols i wanted and the LAN interface.

So my question is now (maybe a stupid one): where do i find the "file"?

Sifter

I see two files in the /tmp directory which are named .imspectoricqcookie and .imspectorlog.  I also notice a directory /var/log/imspector, but that is also empty.

rsw686

If you have not, please upgrade the package to version 0.3

The logs will be under the /var/log/imspector directory. It will create subdirectories under that one for ICQ-AIM, MSN, etc. The sub directories only get created when they are saved to. So if no messages are being sent then you will just have an empty /var/log/imspector directory.

If you are sending messages and don't see the logs, from the console, select option 8 shell. Then issue the following commands to stop imspector and start it in debug mode.

killall imspector
imspector -d -c "/usr/local/etc/imspector/imspector.conf"

You will see output similiar to below when a message is sent. What client are you using, AIM 5.x series, AIM Pro, AIM Tritton, ICQ 5.1, Trillian, MSN, IRC etc. Be specific on the version. There have been improvements made since the 0.3 release to the ICQ/AIM support and depending on the client you use this might be why you are not seeing the messages get logged. If that is the case I can get you the updated files.

imspector: ICQ-AIM: Outgoing message, uin: rsw686 remoteid: Aslak333
imspector: ICQ-AIM: Plain-text message tag 2 found, len: 113
imspector: ICQ-AIM: Message string tag 0x0101 found, len: 102
imspector: 1 elements in imevents
imspector: Debug: Event: Client address: 10.10.1.150:1805
imspector: Debug: Event: Timestamp: 1165696322
imspector: Debug: Event: Protocol: ICQ-AIM
imspector: Debug: Event: Type: MSG_OUTGOING
imspector: Debug: Event: LocalID: rsw686
imspector: Debug: Event: RemoteID: Aslak333
imspector: Debug: Event: Data: test message

If your not seeing the above try logging onto your client and watching the debug output. You should see the following when a client logs onto aim/icq similar for other protocols.

imspector: ICQ-AIM: Login request, uin: rsw686
imspector: ICQ-AIM: Login response, uin: rsw686
imspector: Connection from: 10.10.1.150:1826
imspector: Finished with child: 10.10.1.150:1825
imspector: ICQ-AIM: Stored cookie, uin: rsw686
imspector: ICQ-AIM: Found cookie, uin: rsw686

The .imspectoricqcookie and .imspectorlog files in the /tmp directory are unix sockets for IMSpector. You don't want to modify those. IMSpector is multi-threaded and they handle the logging process and icq/aim screen name to cookie lookup.

whitto

Hello,

I have the same problem. I installed new pfSense (today), i installed  imspector package (which succeeded).
Imspector created directory for logging "/var/log/imspector/". But now I am chating on MSN, but no log file appears.
I would like to log only MSN protocol on both network interfaces (I have one WAN, one LAN and one OPT interface active), so I chose "Enable IMSpector", "LAN and OPT interfaces", "Listen on MSN protocol" and "Enable file logging".

I am running at the moment imspector in debug mode, but when executing command imspector -d -c "/usr/local/etc/imspector/imspector.conf" the output was:

# imspector -d -c "/usr/local/etc/imspector/imspector.conf"
imspector: Protocol Plugin name: IRC IMSpector protocol plugin
imspector: Protocol Plugin name: MSN IMSpector protocol plugin
imspector: Logging Plugin name: Debug IMSpector logging plugin
imspector: Logging Plugin name: File IMSpector logging plugin

I checked via ps, if any imspector process is running and I can see two of them:

# ps -ax | grep imspector
 2906  p0  I+     0:00.05 imspector -d -c /usr/local/etc/imspector/imspector.conf
 2907  p0  I+     0:00.02 imspector -d -c /usr/local/etc/imspector/imspector.conf
 3001  p1  R+     0:00.01 grep imspector

Now I have no idea, what to do.
Is it possible, that everything is running OK, but only that log file appears once per day or sth?
Should I set any proxy on my MSN client?

I am using gaim for MSN or MSN messenger 7.5. Not web or live versions.

Thanks for help!
Vito.

rsw686

The log file will appear immediately. The file(s) should be something like /var/log/imspector/MSN/localid/remoteid. Also when running in debug mode it will show you the messages as they are sent.

whitto

Hey,

hm… Now I am waiting for about half day and still nothing. I even tried making new folders inside and everything is working well (of course, I am logged in as root).
I am out of ideas.

Thanks for help,
Vito.

rsw686

When you run it in debug mode you should see the debug output when you connect to MSN and send messages. Do you get any of that? It will create the folders and files automatically.

whitto

Hm.. Strange.
When running in debug mode, I get only this output and nothing happens, even if I chat over MSN:

# imspector -d -c "/usr/local/etc/imspector/imspector.conf"
imspector: Protocol Plugin name: MSN IMSpector protocol plugin
imspector: Listening on 0.0.0.0:16667
imspector: Logging Plugin name: Debug IMSpector logging plugin
imspector: Logging Plugin name: File IMSpector logging plugin

And this is my config file:

# cat imspector.conf
plugin_dir=/usr/local/lib/imspector
msn_protocol=on
file_logging_dir=/var/log/imspector
icq_trace_error=on

I tried yet many other possibilities (turning imspector on for only one network interface, turning all protocols on and off, I tried also fetching and running that script which I found on some other topic (sh-update-imspector.sh) and it did not return any error).

Just for info: imspector is my only package and I have only two nat/firewall rules for entering my pfSense from the web (http and ssh).

Any Idea, what is wrong?
Thanks,
Vito.

rsw686

Just dawned on me. Are you leaving MSN signed on while changing the settings. You need to sign on to MSN again after you start imspector. Otherwise it will not get redirected through imsepctor.

whitto

Hey,

I thought that could be an issue, yes. Now I waited for couple of days, I am now sure that everybody re-logged to msn. But still nothing.
Should I try ICQ or some other IM protocol?

Thanks for help!
Vito.

whitto

I thought there might be another disturbing thing… My personal firewall from zonelabs. I have ZoneAlarm Security Suite installed, which should scan also my IM traffic. But now i turned IM security off and still nothing.

Is my case hopeless?

rsw686

I don't understand what is going on. The founder of SmoothWall wrote the code and it is included in SmoothWall Express. I have worked with him to add many enhancements. He uses MSN exclusively and I have also verified that it works. Have you tried other protocols? I've been running IMSpector for months now. The only thing that comes to mind is you have some firewall / nat rules above that is blocking it from going to IMSpector.

whitto

Thanks for help, I see that it's hopeless case. But I can tell you that I have NO rules (except of two for entering my pfsense from other location). I will try other protocols soon as I arrive home again. Will tell you when I succeed!

Best regards,
Vito.

rsw686

Could you run the following command on the pfSense box. It will show the rules created by IMSpector. I'm wondering if the rules are not being put into place.

pfctl -aimspector -sn

You should get output similiar to

rdr pass on fxp1 inet proto tcp from any to any port = 1863 -> 127.0.0.1 port 16667
rdr pass on fxp1 inet proto tcp from any to any port = aol -> 127.0.0.1 port 16667
rdr pass on fxp1 inet proto tcp from any to any port = mmcc -> 127.0.0.1 port 16667

What version of pfSense are you running? The anchor for pf was added beginning on 1.0.1-SNAPSHOT-11-24-2006. If your running a version older than that you will need to upgrade to get IMSpector to work.

In one way I hope this is the problem as it would explain everything. Hopefully this didn't waste too much of your time. I didn't even think about it since it is mentioned in the package description.

rsw686

If you get it working you should run the below command to update IMSpector. I have added in real time log viewer.

fetch -o - http://wgnrs.dynalias.com:81/pfsense/imspector/sh-update-imspector.sh | sh -

whitto

Me idiot. I am really sorry for "spamming" the forum. Of course, I made it finally. As I wrote on my first post here

…I installed new pfSense (today)...

I did not do anything wrong. But the point is that I downloaded last release which was not "snapshot". I noticed yesterday, that even if I downloaded it on 2007, my version was dating October 2006. And of course updating did not succeed. Today I downloaded latest "iso" snapshot and installed it fresh, installed also imspector package and it is working perfect now.

Once again, many thanks to rsw686 for help!
Vito.

rsw686

Glad you got it working. The forum is here to help people out, I don't mind at all.  :)

akula169

I'm using MySQL logging.

Which, with the update you posted, works just fine - I can see the entries in the MySQL database.

However, the entries do not show up in the IMSpector LogViewer in the pfSense interface.

rsw686

@akula169:

I'm using MySQL logging.

Which, with the update you posted, works just fine - I can see the entries in the MySQL database.

However, the entries do not show up in the IMSpector LogViewer in the pfSense interface.

The log viewer only supports file based logs.

simpat1zq

I'm not sure if this should go here or if i need a new thread:

Is the imspector log file supposed to empty out with every reboot? imspector works fine, but after i reboot the log folder is empty. Is there some setting i'm missing?

Also, the word "viwer"(viewer) is misspelled on the log page. I have the build from about 3 days ago, so i'm not sure if it's fixed.

thx.