FlowBAT 1.3 Released

We’re excited to announce the release of FlowBAT v1.3. This is a minor release containing new features, improvements to existing features, and bug fixes.

Update Process

FlowBAT 1.3 changes the manner in which the application is executed. Because of this, the easiest way to upgrade FlowBAT is to download the installation script from this page and reinstall the application.

If you have existing content (users, saved queries, etc) that you would like to save, you can complete the following process:

1. If FlowBAT isn't already running then manually cd to the FlowBAT project directory and start meteor dev so that you can grab a copy of the db.
   
   # meteor --port 1800 run --settings settings/dev.json "$@"
   
   
2. Create a safe place to copy the db.
   
   # mkdir ~/fbdevbackup
   
   
3. Dump the db from the meteor dev instance of FlowBAT to ~/fbdevbackup
   
   # mongodump -h 127.0.0.1 --port 1801 -d meteor -o ~/fbdevbackup
   
   
4. Kill all currently running meteor processes
   
   # ps aux | grep meteor
   
   # kill [pid]
   
   
5. rm the old flowbat directory
   
   #rm -rf FLOWBATPATH
   
   
6. Install the new FlowBAT
   
   # ./install_flowbat_ubuntu.sh
   
   
7. Check that it is running (should have node main.js)
   
   #ps aux | grep node
   
   
8. Remove the current prod database in the running node instance.
   
   # mongo flowbat --eval "db.dropDatabase()"
   
   
9. Restore the dev backup to the prod node instance.
   
   # mongorestore -h 127.0.0.1:27017 -d flowbat ~/fbdevbackup/meteor/
   
   
10. Manually remove backup DB and location (optional)
    
    # rm -rf ~/fbdevbackup
    
    

New Features

Multiple User Support: You can now add multiple user accounts to FlowBAT. New user accounts can be added clicking your username at the top right of the screen, and choosing the User Administration option.

When adding users, you can assign them a role as an analyst or an administrator. Analysts can access all areas of the application other than user administration and SiLK server configuration. Those areas are limited to users with the administrator role.

Byte Calculations: Previously, byte count fields were only shown as bytes. Now, fields are shown to be easier to read. For example, 1024 bytes is now shown as 1 KB, 2014 kb is now shown as 1 MB, etc.

Country Code Support: Search results will now show country codes for IP addresses if a country code database is available. If you installed SiLK using the silkonabox.sh script, a database has been installed for you and should work automatically.

Service Controls: You can now start/stop/restart FlowBAT using standard service control commands. For example, in an Ubuntu installation you can use the following to start the application:

sudo service flowbat start

Bug Fixes and Other Enhancements

• Upgraded code base to support Meteor 1.1.0.2
• Default to installing country code pmap file which fixes country code bug
• Misc performance enhancements
• Installation script performance enhancements
  
• Updated SiLK and libfixbuf versions