Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Imspector-dev - new gui options and msn2011 support

    pfSense Packages
    3
    12
    2986
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • marcelloc
      marcelloc last edited by

      Hi all,

      I'm working in some updates to imspector package. Help testing these changes if you need/like/usr this tool.
      some options has changed / moved, backup your config before update.

      Thanks,
      Marcello Coutinho









      1 Reply Last reply Reply Quote 0
      • R
        rahvin9999 last edited by

        Hi Marcello,

        I know it is an old post but I wanted to leave some feedback

        I installed IMspector-dev 20111108 pkg v 0.3.1
        Because the normal IMspector package is not working.

        Let me start by saying that the new layout is a big improvement
        It Looks good and I can confirm that yahoo and MSN logging (to a file) works. For some reason ICQ/AIM and IRC do not seem to be logged
        IRC is most likely because I use a server with SSL enabled
        these are the protocols I use myself and could test, I did not try any of the other options

        Second I tried playing around with the ACLS but it does not seem to be functioning at all.
        I can fill in what I want here but it does not seem to do anything
        even a direct Deny All does not work

        I checked the config file in /usr/local/etc/imspector
        which has

        more imspector.conf
        plugin_dir=/usr/local/lib/imspector
        msn_protocol=on
        icq_protocol=on
        yahoo_protocol=on
        irc_protocol=on
        jabber_protocol=on
        gadu-gadu_protocol=on
        file_logging_dir=/var/imspector
        acl_filename=/usr/local/etc/imspector/acls.txt
        ssl=on
        ssl_ca_key=/usr/local/etc/imspector/ssl/ssl_ca_key.pem
        ssl_ca_cert=/usr/local/etc/imspector/ssl/ssl_ca_cert.pem
        ssl_key=/usr/local/etc/imspector/ssl/ssl_server_key.pem
        ssl_cert_dir=/usr/local/etc/imspector/ssl

        So the config file has acl_filename=/usr/local/etc/imspector/acls.txt set which gets updated if you input something via the GUI
        But even with a deny all all Set. Messages come trough. It seems that this file is ignored for some reason?

        Next things to test are the notifications and the bad word lists.

        Edit: forgot to mention that I use 2.0.1-RELEASE (i386)

        1 Reply Last reply Reply Quote 0
        • marcelloc
          marcelloc last edited by

          did you enabled the list on gui?

          what you have on acls.txt file?

          1 Reply Last reply Reply Quote 0
          • R
            rahvin9999 last edited by

            Yes in the Gui I enabled each and every Access List entry that i have tried

            For example right now i have a deny all all activated

            so if I list the file contents of acls.txt
            more /usr/local/etc/imspector/acls.txt
            deny all all

            I can see the deny all alll. But it is not doing anything, messages are still going trough and are being logged.

            Did a check if IMspector is reloading after each and every edit. It is, I can see it in the system log and I can see the messaging client(s) disconnect and then reconnect.

            1 Reply Last reply Reply Quote 0
            • R
              rahvin9999 last edited by

              Ok I have figured it out and all of this has to do how IMspector interprets the acls.txt file

              deny all
              deny all all
              does not work

              deny all
              works

              yahoo
              deny localname remotename
              works no @domain.xx needed

              msn
              deny localname remotename
              does not work

              deny local@domain.xx remote@domain.xx
              works

              Order
              If you have allow all all set as the first rule, every deny rules after it will work
              If you have deny all set as a rule, every allow rule that follows it will not work

              I was initially confused by the deny all all not working so i think this covers that part.

              What I also found is: when you add, modify or enable/disable a rule in the access list part of the GUI (or better said every time you click the save button) IMspector is automatically restarted. (good and easy but see my comments below)
              However when I Delete a rule IMspector is not automatically restarted. which leaves the rule deleted in the GUI active in acls.txt/imspector until you restart IMspector manually.

              as a comment on the auto restart:
              The restart of IMspector disconnects all the clients (MSN,Yahoo and so on) that are connected trough it.
              I see the advantage of the auto restart but if you are adding many rules or have to edit regularly I can imagine it can become quite tedious for the users.
              One possible solution would be to add a restart button to the page. With the notice that you need to restart IMspector once you are done editing.

              1 Reply Last reply Reply Quote 0
              • marcelloc
                marcelloc last edited by

                Thank's for the feedback,

                I'll try to include it on next package release…

                1 Reply Last reply Reply Quote 0
                • J
                  justinlc last edited by

                  I am still experiencing errors "ICQ-AIM: Error: Unable to parse snac packet, icq.20234.31" and the communication is not showing up in the log. Is there anything that can be done about that?

                  The IM client is trillian.

                  1 Reply Last reply Reply Quote 0
                  • marcelloc
                    marcelloc last edited by

                    Current pfsense package has the latest snapshot code from imspector.

                    If it still need some fixes, we have to wait a next imspector release (http://www.imspector.org)

                    1 Reply Last reply Reply Quote 0
                    • J
                      justinlc last edited by

                      Can the imspector-dev be compiled on a pfsense box? I would like to dump more information about why it can't parse. Maybe we can add the code ourselves.

                      1 Reply Last reply Reply Quote 0
                      • marcelloc
                        marcelloc last edited by

                        @justinlc:

                        Can the imspector-dev be compiled on a pfsense box? I would like to dump more information about why it can't parse. Maybe we can add the code ourselves.

                        just compile the package on a freebsd 8.1 using ports

                        If you find what is going on, please help imspector project and send it o it's maintainer.
                        Will be really helpfull  :)

                        1 Reply Last reply Reply Quote 0
                        • J
                          justinlc last edited by

                          That is the problem. I am a windows programmer and have only very little knowledge about FreeBSD. I'd basically need some kind of (virtual) image that is ready for programming because I don't know how to install a full FreeBSD image from scratch and installing all the necessary components to end up with a box that is ready to test imspector.

                          1 Reply Last reply Reply Quote 0
                          • marcelloc
                            marcelloc last edited by

                            maybe this post from haproxy can help you.

                            http://forum.pfsense.org/index.php/topic,42852.msg221708.html#msg221708

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post

                            Products

                            • Platform Overview
                            • TNSR
                            • pfSense
                            • Appliances

                            Services

                            • Training
                            • Professional Services

                            Support

                            • Subscription Plans
                            • Contact Support
                            • Product Lifecycle
                            • Documentation

                            News

                            • Media Coverage
                            • Press
                            • Events

                            Resources

                            • Blog
                            • FAQ
                            • Find a Partner
                            • Resource Library
                            • Security Information

                            Company

                            • About Us
                            • Careers
                            • Partners
                            • Contact Us
                            • Legal
                            Our Mission

                            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                            Subscribe to our Newsletter

                            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                            © 2021 Rubicon Communications, LLC | Privacy Policy