We've just released FlowBAT v1.5.3 which contains support for Ubuntu 16, along with several minor big fixes, performance enhancements, and installation script enhancements. You can download and install FlowBAT by following the instructions on your Installation page. If you run into any issues, please report them on our Github page.
We’re excited to announce the release of FlowBAT v1.3. This is a minor release containing new features, improvements to existing features, and bug fixes.
FlowBAT 1.3 changes the manner in which the application is executed. Because of this, the easiest way to upgrade FlowBAT is to download the installation script from this page and reinstall the application.
If you have existing content (users, saved queries, etc) that you would like to save, you can complete the following process:
Multiple User Support: You can now add multiple user accounts to FlowBAT. New user accounts can be added clicking your username at the top right of the screen, and choosing the User Administration option.
When adding users, you can assign them a role as an analyst or an administrator. Analysts can access all areas of the application other than user administration and SiLK server configuration. Those areas are limited to users with the administrator role.
Byte Calculations: Previously, byte count fields were only shown as bytes. Now, fields are shown to be easier to read. For example, 1024 bytes is now shown as 1 KB, 2014 kb is now shown as 1 MB, etc.
Country Code Support: Search results will now show country codes for IP addresses if a country code database is available. If you installed SiLK using the silkonabox.sh script, a database has been installed for you and should work automatically.
Service Controls: You can now start/stop/restart FlowBAT using standard service control commands. For example, in an Ubuntu installation you can use the following to start the application:
sudo service flowbat start
Bug Fixes and Other Enhancements
We’re excited to announce the release of FlowBAT v1.2. This is a minor release containing new features, improvements to existing features, and bug fixes.
Tuple Search: FlowBAT now allows users to filter data based on specific 5-tuple values, based on saved tuple files. These files are created similar to how lists are created. This is accomplished by selecting the “Tuple File” option in the main menu.
Once you’ve created a tuple file, you can reference it in the query builder by expanding the Additional Options section, shown here:
Tuple files can be referenced in the quick query area by using the --tuple-file command.
User Configurable Temp Directory: FlowBAT creates and stores temporary files when filtering flow data. Previously, these files were stored in the /tmp/ directory. Per request, we’ve added a configuration option that allows users to specify the global storage location for temporary RWF, RWS, and Tuple files. This option can be specified by accessing the SiLK server configuration screen and inputting a value into the Temporary Storage Directory input box. If no value is entered, the default location of /tmp/ will be used. You should ensure the directory you choose is writable by the FlowBAT application.
Save Quick Queries: When creating queries through the query builder interface, an option is now present to save the query for later use. This option can be found in the final query section of the query builder page.
Updating FlowBAT To update FlowBAT, browse to the application directory and run “git pull”. FlowBAT will perform an in place “hot” upgrade. No service restarts are required.
If you run into issues updating, please contact support at email@example.com.