The WiFiMon Analysis Station (WAS) is the core component of WiFiMon. The WAS receives the following data:
- Results of crowdsourced measurements streamed from End Users in the monitored WiFi networks.
- Results of deterministic measurements streamed from WiFiMon Hardware Probes in the monitored WiFi networks.
- RADIUS Logs from RADIUS Servers.
- Wireless network performance metrics streamed from WiFiMon Hardware Probes.
...
The
...
WAS mainly consists of two software components: (i) the WiFiMon Agent and (ii) the WiFiMon GUI.
The WiFiMon Agent is responsible for performing the following actions:
- The analysis of crowdsourced measurements. These measurements are
...
The WiFiMon Agent is a software component of the WiFiMon Analysis Station that:
- Analyzes crowdsourced measurements received from End Users and the WAS correlates them with information received from RADIUS and DHCP Logs when/if this information is available.
- Analyzes deterministic measurements The analysis of deterministic measurements. These measurements are received from WiFiMon Hardware Probes and the WAS correlates them with information received from RADIUS Logs and DHCP Logs when/if this information is available.
- Analyzes The analysis of wireless network performance metrics received from WiFiMon Hardware Probes.
- Stores Storing the results of analysis and correlation.
The WiFiMon GUI is a software component closely associated with the WiFiMon Agent that allows the Administrators to inspect their monitored WiFi networks depicts the results of the WiFiMon Agent analysis as described above.
In the rest of the guidesequel, we refer to the WiFiMon Agent as Non-Secure WiFiMon Agent if crowdsourced and deterministic measurements are streamed over HTTP or Secure WiFiMon Agent if measurements are streamed over HTTPS.
The This guide presents the commands needed required to install the WiFiMon Analysis Station (WAS) in WAS in a Debian-based distribution (Debian, Ubuntu, etc.). Other distributions can may also be used, considered by adjusting the apt install included commands appropriately.
0. Prerequisites to Install the WiFiMon Analysis Station (WAS)
...
- WiFiMon Agent package
- PostgreSQL (required, tested on version 10.12)
- Java 8
- Elasticsearch (required, tested on version 7.4.2)
- Kibana (required, tested on version 7.4.2)
- Logstash (required in case of correlation with RADIUS and DHCP Logs, tested on version 7.4.2)
...
A summary of the mandatory steps for the installation (detailed in the linked sections below):
There are also some optional steps:
Anchor PostgreSQL PostgreSQL
2. PostgreSQL
| PostgreSQL | |
| PostgreSQL |
...
Anchor letsencrypt letsencrypt
7. Configuration of the WiFiMon Secure Agent
| letsencrypt | |
| letsencrypt |
We will demonstrate the configuration Configuration of the WiFiMon Secure Agent with will be demonstrated using a Let’s encrypt certificate. WiFiMon Administrators Readers are free to use whatever certificates certificate they prefer.
In the followingsequel, we assume that both WiFiMon Analysis Station and WiFiMon the WAS and the WiFiMon Test Server (WTS) are installed in within the same server machine and thus, use they depend on the same certificate. WiFiMon Administrators may install them in separate servers.Notably, the WAS and the WTS could be installed in separate machines. Moreover, the configuration is demonstrated for an Apache web server. However, any web server could be selected.
Firstly, installation of certbot is requiredFirst, you have to install certbot:
sudo apt-get update
sudo apt-get install -y certbot
Request a A certificate must be requested for the FQDN of your serverthe WAS/WTS, referred as WAS_FQDN:
certbot certonly --webroot -w /var/www/html -d WAS_FQDN
Note: Before Prior to this step, you need to allow connections to your Apache Web Serverconnections to port 80 must be allowed. If a web server is already installed on the machine, it should be temporarily stopped.
Issued certificates can should be renewed withregularly using the following command: certbot renew
Next, we will insert generated certificates/keys will be inserted in the Apache configuration files. Edit file File /etc/apache2/sites-available/default-ssl.conf should be edited and change the following lines :should be changed based on the FQDN of the WAS/WTS, referred as WAS_FQDN.
| SSLCertificateFile /etc/letsencrypt/live/WAS_FQDN/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/WAS_FQDN/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/WAS_FQDN/chain.pem |
Apply changes and enable SSLChanges should be applied and SSL should be enabled using the following commands:
a2ensite default-ssl
a2enmod ssl
systemctl restart apache2
You may find more information More information is available in the following links from which the above commands are taken:
https://www.server-world.info/en/note?os=Ubuntu_18.04&p=ssl&f=2
https://www.server-world.info/en/note?os=Ubuntu_18.04&p=httpd&f=8
Copy these files The following files should be copied in /usr/lib/wifimon/keystore:
cp /etc/letsencrypt/live/WAS_FQDN/cert.pem /usr/lib/wifimon/keystore/cert.pem
cp /etc/letsencrypt/live/WAS_FQDN/privkey.pem /usr/lib/wifimon/keystore/privkey.pem
cp /etc/letsencrypt/live/WAS_FQDN/chain.pem /usr/lib/wifimon/keystore/chain.pem
Navigate to Within /usr/lib/wifimon/keystore folder. , PEM certificates should be converted to Java Keystore (JKS) format using the following commands:
openssl pkcs12 -export -in cert.pem -inkey privkey.pem -certfile cert.pem -out testkeystore.p12
keytool -importkeystore -srckeystore testkeystore.p12 -srcstoretype pkcs12 -destkeystore wifimon.jks -deststoretype JKS
Enter and note passwords Passwords should be provided when prompted and noted.
In /usr/lib/wifimon/config/secure-processor.properties, make the following changes should be made:
| server.port=8443 server.ssl.key-store=./keystore/wifimon.jks server.ssl.key-store-password=[PASSWORD_keystore] server.ssl.key-password=[PASSWORD_key] |
In /usr/lib/wifimon/config/ui.properties, make the following changes should be made:
| server.ssl.key-store=./keystore/wifimon.jks server.ssl.key-store-password=[PASSWORD_keystore] server.ssl.key-password=[PASSWORD_key] kibana.protocol=https |
Furthermore, change the following parameters of the file /etc/kibana/kibana.yml should be changed:
| server.ssl.enabled: true server.ssl.certificate: /usr/lib/wifimon/keystore/cert.pem server.ssl.key: /usr/lib/wifimon/keystore/privkey.pem |
Moreover, in your WiFiMon Test Server, change the WTS test pages, the agentPort should be agent from 9000 to 8443 in every testtool HTML page as well as http to https. Moreover, do not forget to change http http should be changed to https in /var/www/html/wifimon/js/nettest/nettest-swfobject.js. This is a file related to the NetTest testtool. More information about these parameters is included in the WiFiMon Test Server (WTS) installation guide.
WiFiMon is now configured to use HTTPS for WiFiMon GUI and Agent.
...