Core Tools and Plugins¶
Core Tool Explanations¶
There are currently nine core tools that Vent uses.
Enables comprehensive text search of syslog.
Watches the specified directory for any new files. If a new file is added, it is
added to a
A container that will watch a specific nic using
tcpdump to output pcap
files based on what was monitored. Has an interface located in
Commands -> Network Tap Interface in the main action menu.
The interface has six available actions:
- Create: Create a new container with a specified nic, tag, interval (in seconds), filter, and iterations. The container is also automatically started on creation.
- Delete: Delete a specified network tap container. Containers must be stopped before they are able to be deleted.
- List: Show all network tap containers. Will return container’s ID, if the container is
running or not, and the tag provided in
- NICs: Show all available network interfaces. Will return a list of the
names of the available NICs. Note for
Docker for Macit will show available network interfaces on the VM running the Docker daemon, not the network interface names on the Mac host.
- Start: Start a network tap container if it is exited. Will run with the same
options given to the container in
- Stop: Stop a network tap container.
Formats messages received from syslog and sends them to rmq_es_connector.
A key/value store that is used for the queuing system that
file drop sends to
rq_worker pulls out of.
A gateway between the messaging system and
elasticsearch. This way, the message
formatting system is not locked to
The tool that takes files from the
redis queue and runs plugins that deal with
those file extensions.
Management console to look at rq_worker’s active queue.
Standard logging system that adheres to the syslog standard. All tool containers send their information to syslog. If there’s some unexpected outputs or a container isn’t running properly, all information will be in this tool’s container.
Access this tool’s container with the command:
docker logs cyberreboot-vent-syslog-master
Core Tool and Plugin Actions¶
Short explanations of all actions available in the core tools and plugins sub-menu.
Add all latest core/plugin tools¶
Clone the latest version of the tool. This will not update or remove any tools that have already been added.
Build core/plugin tools¶
Build docker images from the Dockerfiles obtained from adding.
Clean core/plugin tools¶
Stop and remove the chosen tools’ containers.
Configure core/plugin tools¶
Edit a tool’s vent.template file found in the tool’s respective folder. Read more about Vent.template Files.
Disable core/plugin tools¶
Remove chosen tools from menus. For example, let’s say there were ten tools but only five were needed. Disabling the five unneeded tools would stop those tools from appearing on the other menus.
Enable core/plugin tools¶
Opposite of disable tools. Enables the tools so they can be seen again.
Inventory of core/plugin tools¶
Provides meta data regarding currently added core/plugin tools. It tells if a tool is built, enabled, the name of the image, and the if the tool is currently running.
Remove core/plugin tools¶
Remove a tool entirely. Any of that tool’s containers are also stopped and deleted. The tool must be added again if it is to be used.
Start core/plugin tools¶
Start the tools’ respective containers.
Stop core/plugin tools¶
Stop the tools’ respective containers.
Update core/plugin tools¶
Pulls the latest commit of the tool from its repo and builds it.