Studies storage problems OSSIM of Session
1. Multiple Web Services to share data SESSION
Initially we in the development of OSSIM, to allow users to log in to multiple Web interface integration tools, such as four applications are B / S structure in OSSIM:
https://1.2.3.4/ Nagios
HTTPS / 1.2.3.4 / OCS
https://1.2.3.4/ntop
https://1.2.3.4/openvas
user login OSSIM system is unified, that is, a user name and password are in each module of the entire site can be used to log, each server share user data is easier to achieve, only need to set the back-end database servers, each server (Ntop, Nagios, openVas) access to data through a unified user interface. After the server when users log on, move on to another module to another server, still need to log in again, this is known as single sign-on, all of the prevailing problems, mapped to the technology, in fact, is how to share data between the servers SESSION problem.
2. SESSION principle
OSSIM front-end using mainly PHP, Python development until the problem is, let's look at how the PHP SESSION. The client (such as a browser) when you log on the website, the PHP page is accessed using session_start () to open the SESSION, this will lead to the client's unique identification SESSION ID. SESSION ID can be retained in two ways in the client, the SESSION ID is automatically added to the URL GET or a POST form, the default variable name is the PHPSESSID; the other is through COOKIE, SESSION ID is saved in COOKIE, the default, the COOKIE name is PHPSESSID. Here we mainly COOKIE will be described.
SESSION data is stored where? Of course, on the server side, but it is not stored in memory, but stored in a file or database. By default, set the php.ini SESSION (located /etc/php5/apache2/php.ini), save for the way files (session.save_handler = files), i.e., the data storage read-write SESSION file, rather SESSION save the file directory specified by the session.save_path, sess_ file name as a prefix, followed SESSION ID, such as: sess_c72665af28a8b14c0fe11afe3b59b51b. OSSIM database with "alienvault.sessions" the contents of the storage session.
If Sheremetyevo, SESSION file that may arise will be more, then you can set the hierarchical directory to save the file SESSION, efficiency will improve a lot, setting method is: session.save_path = "N; / path", N is graded series, save_path as the start directory. When writing to the file after the data is written SESSION, PHP will get to the client SESSION_ID, then according to the SESSION ID to the specified file directory SESSION find the appropriate SESSION file is created if not present, the last data serialization . SESSION data read operation flow is similar, the read out data to generate a corresponding variable SESSION.
3. Analyzing user rights
in OSSIM multi-user access control, achieved by the Session, it is determined by the user rights Session is the easiest way of processing permission judgment. After the user has successfully logged information is stored in the $ _SESSION [ "user"] in. In the page, it is determined $ _SESSION [ "user"] if the user information exists, if the user information stored in the Session, the user information is displayed on the page.
4. Sharing SESSION implementations
by introducing the principle SESSION, we find that, by default, each service will each generate SESSION ID for the same client, same as for a user's browser, assuming Ntop server generated SESSION ID is rohq43bpasoibp7g87knfm6er0, and is generated by the server Nagios a72665af28a8b14c0fe11afe3b59b51b. Further, PHP the SESSION data are respectively stored in the file system of the server.
After determining the problem, it can be addressed. SESSION want to share data, it is necessary to achieve two objectives: one is the same on each server must be the same SESSION ID generated by the client, and can be passed through the same cookie, that is to say each server must be able to read the same name PHP sESSID as a cookie; the other is a data storage SESSION / location must ensure that the servers are able to access.
To achieve the first goal is very simple, just to the cookie domain special settings, by default, COOKIE current server domain is the domain name / IP address.
OSSIM system administrator login to see from the outside only uses a user name and password, but there are multiple Web servers within the system, due to internal as well as correlation engine, the need for frequent call data for each Web systems, such Session read and write more frequently, If there is no good program will reduce system performance, the traditional method, using the Session-based file access, this shortcoming may have been a bottleneck on the disk IO operations, so deal with a small amount of data Session no problem (for OSSIM3.1 a small amount of data before the system), use Memcache to store Session data, while doing database cache memory directly by the way, but the drawback is down after the data is lost.
But there will be a large amount of data OSSIM4.3 and above systems Session, may not be competent, then you consider installing redis. Such as storage session service is restarted, all users must regain session ... instantaneous database will be great pressure, but with redis will not ...
OSSIM the Web system designed to time-out 15 minutes will be written off, this is by Session achieve. Session is how to determine the client users? It is through the Session ID to determine the Session ID is randomly generated, it is possible to ensure the uniqueness and randomness, to ensure the safety of Session. If you do not set the general life cycle Session, the Session ID is stored in memory, close the browser after the ID is automatically logged out and re-request the page, to re-register a Session ID.
5.Memcache fought side by side with MySQL
memcache is a high-performance, distributed memory object caching system, by maintaining unity huge hash table in memory, it can be used to store Sessio, is read from memory when the system needs, thus greatly improving the read speed. All systems after OSSIM 4.1, using a Memcached This high-performance memory object caching system, used for dynamic Web applications, mainly for each database to read and write OSSIM cached to reduce the load on MySQL database, configuration file reader is referred to / usr / share / ossim / include / ossim_db.inc,In this way it is one of the OSSIM caching scheme. Readers may be wondering, MySQL itself both table_cache, query_cache mechanism, we see in the database with the following command:
MySQL> Show the Variables like '% query_cache%';
query constantly changing, constantly changing content table scene (OSSIM of storage, query is one such state) this kind of a simple caching system can not achieve the purpose of the database effectively alleviate the pressure. This is like provided in Apache mod_disk_cache and mod_mem_cache not really like to provide caching Web Server, such as Squid caching behind also need tools.
memcache to reduce the number of cache data read from the database by the object and in memory, so as to provide greater memory OSSIM system, helps memcache role, thereby improving overall performance. Furthermore, in order to observe the effect of cache visualization, you can use the tool to view memadmin.
Configure memcached:
/ etc / default / memcached open // control
/etc/memcached.conf // memcached configuration parameters
Ossim call memcache, port 11211 profiles /usr/share/ossim/www/forensics/includes/base_db.inc.php
/usr/share/php/adodb/adodb.inc .php
/usr/share/php/adodb/adodb-memcache.lib.inc.php
6 View memcache state
below we use the telnet command to test memcache work state, first enter the following command:
#telnet 127.0.0.1 11211
Note, Ossim Server default telnet no need to install their own, behind the "11211" represents memcache through selected port.
Then, direct input "stats" command can get the current memcache state.
Table 1- memcache status information
pid |
memcache server's process ID , 1416 |
uptime |
The number of seconds the server has been running , 12898 |
time |
The server's current unix timestamp , 1423550546 |
version |
memcache version 1.4.5 |
pointer_size |
Current pointer size of the operating system , 64 |
rusage_user |
Cumulative user time process , 0.220013 |
rusage_system |
Cumulative system time process , 0.144009 |
curr_connections |
Currently open connections , 6 |
total_connections |
Number of connections from the server after the start had been opened , 115 |
connection_structures |
Number assigned by the server connection structure , 14 |
cmd_get |
get command (get) the total number of requests , 1402 |
cmd_set |
set commands (save) the total number of requests , 778 |
get_hits |
The total number of hits , 829 |
get_misses |
The total number of misses , 573 |
limit_maxbytes |
Assigned to memcache memory size (bytes) , 13421778 |
If you need to reset the cache to a clean state, enter " flush_all " command.
7. Use memcache to store the Session
the Apache server PHP Session gave Memcached, so no matter what the IP connection points to the Web server will not matter, the configuration is simple, just add a statement in the PHP configuration file on it, but only if required memcache module installed memcache to store session on a write speed faster than many files, but would be more convenient when the plurality of servers need to share session, these servers are configured to use the same set of servers can memcached reduce the extra workload. The disadvantage is that session data is stored in memory, the persistence has been lacking, but the session data is not a big problem.
Note that, in using memcache OSSIM system aims to improve access speed, reducing the pressure MySQL database. By modifying the / etc / default / memcached profile ENABLE_MEMCACHED = yes / no control its switching.
OSSIM details, please refer to the best-selling book "Unix / Linux Network log analysis and traffic monitoring."
This article comes from " Li Chenguang original technology blog " blog, be sure to keep this source http://chenguang.blog.51cto.com/350944/1662608
Reproduced in: https: //my.oschina.net/chenguang/blog/613895