Thanks for downloading specter.

For the impatient
-----------------

If you want to go with the defaults (which are generally OK), simply do:

  ./configure && make && sudo make install

Configuration file lands into /usr/local/etc/specter.conf by default.
Read the documentation (available at
<http://joker.linuxstuff.pl/specter/docs.html>) and start logging!



Installation
------------

1. Linux kernel

First you will need a 2.4.x or 2.6.x kernel.  If you have a
kernel >= 2.4.18-pre8, it already has the kernel suport for ULOG
(ipt_ULOG.o), only make sure that it was compiled in. If you want to
use nfmark method, check if your kernel was compiled with
CONFIG_IP_NF_MATCH_MARK, CONFIG_IP_NF_TARGET_MARK and
CONFIG_IP_NF_MANGLE options.

If you have an older kernel version (between 2.4.0 and 2.4.18-pre6),
you can use the patch-o-matic system of netfilter/iptables, as
described in the following section.


2. ipt_ULOG module from netfilter/iptables patch-o-matic

You only need to read this chapter if you have a 2.4.x
kernel <= 2.4.18-pre6.

In order to put the ipt_ULOG module into your kernel source, you need
the latest iptables package, or even better: the latest CVS
snapshot. A description how to obtain this is provided on the
netfilter homepage <http://www.netfilter.org/>.

To run patch-o-matic, just type

  make patch-o-matic

in the userspace directory of netfilter CVS.


3. specter

3.1. Recompiling the source

Latest version of specter's code is available on launchpad
(https://code.launchpad.net/specter/) To get it you need a bazaar
client (http://bazaar-vcs.org/). Issue the following command:

  bzr branch lp:specter

and newest sources should appear in specter/ subdirectory.

You can also download a pre-packaged sources from
<http://joker.linuxstuff.pl/specter/> although those may not be as
recent as the one in the bazaar repository.

If you want to build specter with MySQL support, type './configure
--with-mysql'.  You may also have to specify the path of the mysql
libraries using '--with-mysql=path'.  To build specter without MySQL
support, just use './configure'.

The same procedure applies to PostgreSQL support (use './configure
--with-pgsql' with or without path to libraries).

If you have other applications using libipulog library contained with
this package, you may consider building it shared. To enable this, use
'./configure --with-sharedlib'.

If you have sophisticated configuration and need more than default 32
execution groups, you can redefine SPECTER_GROUPS_MAX by using
'--with-group-max=value' configuration option. That won't have any
consequences to speed until you actually make use of these groups. But
please note that netlink grouping allows you to specify only 32
groups, and that limit is kernel-driven. Use nfmarks instead.

To compile and install the program, call 'make install'. Old
configuration files won't be overwritten, so don't worry. You can also
run 'make install-strip' to discard redundant symbols from specter
binary.

3.2. Binary packages

If you're happy with defaults, there's possibility to install specter
from binary package. Debian (http://packages.debian.org/specter) and
Ubuntu (http://packages.ubuntu.com/specter) have up-to-date specter
packages. You can download other packages from project's homepage:
<http://joker.linuxstuff.pl/specter/>.


4. Front-ends

There are several front-ends for viewing logs generated by specter.
Although they where designed for ulogd, there should be no problem
with using them with specter. Here are few links to that kind of
projects:

 * CCZE: http://freshmeat.net/projects/ccze/
 * Pothos: http://sourceforge.net/projects/pothos/
 * ulogd frontend: http://johoho.eggheads.org/files/ulogd_php.tar.bz2
 * ulog-monitor: http://freshmeat.net/projects/ulogmonitor/ (copy of
   the source can be found here:
   <http://joker.linuxstuff.pl/files/ulog-monitor_0.3.tar.bz2>)

You can also find sample PHP query script in contrib/.
