The WiFiMon Analysis Server (WAS) is the core component of WiFiMon which gathers and processes all the measurement data. The WAS receives the following data:
- Results of crowdsourced measurements streamed from End Users in the monitored WiFi networks.
- Results of deterministic measurements streamed from WiFiMon Hardware Probes in the monitored WiFi networks.
- RADIUS and DHCP logs from RADIUS and DHCP servers respectively.
- Wireless network performance metrics streamed from WiFiMon Hardware Probes.
The WAS mainly consists of two software components: (1) the WiFiMon Agent and (2) the WiFiMon GUI.
(1) WiFiMon Agent
The WiFiMon Agent is responsible for performing the following actions:
- The analysis of crowdsourced measurements. These measurements are received from End Users and WAS correlates them with information received from RADIUS and DHCP Logs when/if this information is available.
- The analysis of deterministic measurements. These measurements are received from WiFiMon Hardware Probes and WAS correlates them with information received from RADIUS and DHCP Logs when/if this information is available.
- The analysis of wireless network performance metrics received from WiFiMon Hardware Probes.
- Storing the results of analysis and correlation.
WiFiMon Agent can operate in a non-secure manner (non-secure WiFiMon Agent) when the crowdsourced and deterministic measurements are streamed over HTTP or in a secure manner (Secure WiFiMon Agent) if measurements are streamed over HTTPS.
(2) WiFiMon GUI
The WiFiMon GUI provides a graphical representation of the measurement results and various anayses as described above.
WAS Installation and Configuration Guide
This guide given below presents the commands required to install the WAS in a Debian-based distribution (Debian, Ubuntu, etc.). Other distributions may also be considered by adjusting the included commands appropriately. Our installation was tested in Ubuntu 20.04 LTS.
Prerequisites for the WiFiMon Analysis Station (WAS) Installation
To install WiFiMon Analysis Station (WAS) successfully, the following software components are required:
- WiFiMon Agent package (version 1.4.1)
- PostgreSQL (tested on version 12.7)
- Java 11
- Elasticsearch (tested on version 7.13.2)
- Kibana (tested on version 7.13.2)
- Logstash (required in case of correlation with RADIUS and DHCP Logs, tested on version 7.13.2)
The following ports must be available on the WAS. However, the ports may be changed manually depending on your needs:
- 5044: for Logstash
- 5432: for PostgreSQL
- 5601: for Kibana
- 8441: for WiFiMon GUI
- 8443: for WiFiMon Secure Agent
- 9000: for WiFiMon Non-secure Agent (optional)
- 9200: for communication with Elasticsearch
1. Overview of the WiFiMon Analysis Station (WAS) Installation
A summary of the mandatory steps for the installation (detailed in the linked sections below):
There are also some optional steps:
2. PostgreSQL
Installing PostgreSQL from a package manager requires using the following commands:
sudo apt-get install -y postgresql postgresql-contrib
By default, PostgreSQL is configured to listen on localhost. We suggest that this default configuration is not modified.
After the installation of PostgreSQL, the database and tables required by WiFiMon should be created. Detailed instructions are included in the following subsections.
2.1. Database and User Creation
The following code block includes the appropriate SQL commands required to create (i) a database that will store information related to Subnets and Access Points monitored by WiFiMon as well as accounts of users that can access the WiFiMon GUI and (ii) a user that will be able to access this database. The following commands create the (i) database "wifimon_database" and (ii) the user "wifimon_user" with password "wifimonpass". We strongly suggest that these example names are changed in production environments.
Accessing PostgreSQL requires becoming user "postgres". This is possible from the "root" user using the command “su postgres”. Afterwards, the terminal-based front-end of PostgreSQL is accessed using the command "psql".
CREATE USER wifimon_user WITH PASSWORD 'wifimonpass'; CREATE DATABASE wifimon_database OWNER wifimon_user;
After the creation of the database "wifimon_database", selecting this database is possible via the following command:
\c wifimon_database;
The following subsections include the commands that are necessary for the creation of the required tables.
2.2. Creation of "subnets" Table
WiFiMon measures the performance of WiFi networks by embedding JavaScript code in frequently visited websites. Performance tests are triggered when End Users visit these websites and, in particular, after a web page is loaded so that browsing experience is not impacted by WiFiMon. Notably, these websites are not only visited by End Users residing in the monitored Subnets, but also from End Users outside them. Thus, alleviating the WAS from processing excessive traffic requires that performance tests consider measurements originating only from the WiFi networks that are monitored. To that end, a list of the registered Subnets from which End User measurements are processed by the WAS are maintained in "subnets" table. The creation of this table is detailed in the following code block.
CREATE TABLE subnets ( subnet text, subnet_id serial PRIMARY KEY );
2.3. Creation of "accesspoints" Table
Table "accesspoints" is used to store information related to the Access Points monitored by WiFiMon. This information includes the latitude and longitude of Access Points, the building and floor in which they are installed and additional notes about them. This information is later used to depict performance results of End User measurements per Access Point. The creation of the "accespoints" table is detailed in the following code block.
CREATE TABLE accesspoints ( apid serial PRIMARY KEY, mac text NOT NULL, latitude text, longitude text, building text, floor text, notes text);
2.4. Creation of "users" Table
Table "users" is used to store information related to WiFiMon Users. WiFiMon GUI can be accessed by two types of WiFiMon Users: ADMIN and USER. ADMIN has full privileges to the WiFiMon GUI. An ADMIN is capable of adding/removing registered Subnets and Access Points as well as adding/removing WiFiMon Users. In contrast, a USER can navigate through the WiFiMon GUI dashboards, but is incapable of performing administration actions. The creation of the "users" table is detailed in the following code block.
CREATE TABLE users ( id serial PRIMARY KEY, email text NOT NULL, password_hash text NOT NULL, role text NOT NULL);
2.5. Creation of "options" Table
Table "options" stores information related to privacy settings, e.g. hiding/showing End User specific data in the WiFiMon GUI. Correlation options are also included in this table. The creation of the "options" table is detailed in the following code block.
CREATE TABLE options ( optionsid serial PRIMARY KEY, userdata text NOT NULL, uservisualoption text NOT NULL, correlationmethod text NOT NULL );
Exiting the database is possible using the command "\q" within the terminal-based front-end of PostgreSQL.
Setting Privileges in PostgreSQL
Setting SELECT, INSERT, DELETE, UPDATE privileges for the database user, e.g. "wifimon_user" requires the following commands issued within the terminal-based front-end of PostgreSQL:
GRANT USAGE ON SCHEMA public to wifimon_user; GRANT CONNECT ON DATABASE wifimon_database to wifimon_user; \c wifimon_database GRANT USAGE ON SCHEMA public to wifimon_user; GRANT SELECT ON subnets, users, accesspoints, options TO wifimon_user; GRANT INSERT ON subnets, users, accesspoints, options TO wifimon_user; GRANT DELETE ON subnets, users, accesspoints, options TO wifimon_user; GRANT UPDATE ON accesspoints, options TO wifimon_user; GRANT USAGE, SELECT ON SEQUENCE subnets_subnet_id_seq TO wifimon_user; GRANT USAGE, SELECT ON SEQUENCE users_id_seq TO wifimon_user; GRANT USAGE, SELECT, UPDATE ON SEQUENCE options_optionsid_seq TO wifimon_user; GRANT USAGE, SELECT, UPDATE ON SEQUENCE accesspoints_apid_seq TO wifimon_user;
Exiting the database is possible using the command "\q" within the terminal-based front-end of PostgreSQL.
Create an admin account to login
An initial ADMIN WiFiMon User should be created for accessing the WiFiMon GUI. Within the terminal-based front-end of PostgreSQL, an ADMIN WiFiMon User is created using the commands in the following code block after connection to the WiFiMon database. Notably, passwords are stored hashed within the database.
\c wifimon_database INSERT INTO users VALUES ('1', 'admin@test.com', '$2a$06$AnM.QevGa4BPGg7hc3nEBua6stnbZ8h4PrCjSbDxW.LWL7t4MX8vO', 'ADMIN');
Inserting this entry to the "users" table creates an ADMIN WiFiMon User that is able to login in the WiFiMon GUI using the following credentials:
Email: admin@test.com
Password: admin1
This account can be later deleted from the WiFiMon GUI (after step 5). However, an ADMIN account should always be present in order to access the WiFiMon GUI and manage the WiFiMon Users, Access Points and Subnets. We strongly suggest that the password is changed from the WiFiMon GUI when the installation is complete (step 5).
3. Java Installation
WiFiMon currently supports Java 11. The required commands are the following:
sudo apt update sudo apt-get install -y openjdk-11-jdk openjdk-11-jre
Java installation can be verified with the following command:
java -version
Setting the JAVA_HOME variable requires (i) finding the installed Java alternatives using the following command "sudo update-alternatives --config java" and (ii) modifying the /etc/environment configuration file based on the output of the previous command. In our case, JAVA_HOME requires the following value:
JAVA_HOME="/usr/lib/jvm/java-11-openjdk-amd64"
Changes are applied with the following command:
source /etc/environment
4. Elasticsearch and Kibana
Installing Elasticsearch 7.13.2 and Kibana 7.13.2, requires executing the following commands:
- Elasticsearch 7.13.2
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.13.2-amd64.deb sudo dpkg -i elasticsearch-7.13.2-amd64.deb
- Kibana 7.13.2
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.13.2-amd64.deb sudo dpkg -i kibana-7.13.2-amd64.deb
Elasticsearch Configuration
In the configuration file of Elasticsearch (/etc/elasticsearch/elasticsearch.yml), the following lines should be inserted/changed. Notably, bold parts must be adjusted to the particular configuration of the reader. In the following, we configure Elasticsearch to be publicly accessible:
cluster.name: elasticsearch node.name: ${HOSTNAME} node.master: true node.voting_only: false node.data: true node.ingest: true node.ml: false cluster.remote.connect: false path.data: /var/lib/elasticsearch path.logs: /var/log/elasticsearch network.host: INSERT the Fully Qualified Domain Name (WAS_FQDN) to which the server listens discovery.seed_hosts: ["WAS_FQDN"] cluster.initial_master_nodes: ${HOSTNAME} xpack.ml.enabled: false xpack.security.enabled: false |
The Elasticsearch cluster should be started with the following command:
service elasticsearch restart
Verifying that Elasticsearch is running is possible via: netstat -tlnpu (ports 9200, 9300)
Notably, "cluster.initial_master_nodes" must be commented out after the first initialization of the Elasticsearch cluster. The above configuration assumes that the setup includes a single Elasticsearch node. Configuration for more advanced setups is available in the following WiFiMon guide "Streaming Logs Into ELK Cluster".
Kibana Configuration
After installing Kibana, the following configurations are required in the Kibana configuration file (/etc/kibana/kibana.yml). The following changes should be made in the corresponding sections/fields of the configuration file. Notably, bold parts must be adjusted to the particular configuration of the reader.
server.port: 5601 server.host: "WAS_FQDN" server.name: "wifimon-kibana" elasticsearch.hosts: ["http://WAS_FQDN:9200"] server.ssl.enabled: false |
Kibana should be started with the following command:
service kibana restart
Verifying that kibana is running is possible via: netstat -tlnpu (port 5601)
5. WiFiMon Installation
Installing WiFiMon requires the following commands:
wget http://83.97.95.167/manual/wifimon-agent-1.4.1.deb sudo apt-get update sudo apt-get install -y gdebi sudo gdebi wifimon-agent-1.4.1.deb
Afterwards, the following files will show up in /usr/lib/wifimon/ directory:
elasticsearch.sh: Script to create Elasticsearch indices
kibana-import.ndjson: JSON file to be imported in Kibana to create the necessary visualizations and dashboards
start.sh: Script for starting WiFiMon GUI and Agent
secure-processor-1.4.1.war: This incorporates both the WiFiMon Secure and Non-Secure Agent
ui-1.4.1.war: This incorporates the WiFiMon GUI
config: Directory with configuration files. Their parameters must be filled in.
keystore: Directory where the Java Keystore should be stored in order to run WiFiMon Agent and GUI on HTTPS
Execution permissions are required for scripts elasticsearch.sh and start.sh. These are provided with the following commands:
chmod +x elasticsearch.sh chmod +x start.sh
Before the execution of script elasticsearch.sh, “curl” must be installed. This is possible using the following commands:
sudo apt-get update sudo apt-get install -y curl
Script elasticsearch.sh must be edited to match the interface the Elasticsearch cluster listens to. To that end, the variable FQDN with the elasticsearch.sh file should be substituted with the value of the "network.host" attribute in "/etc/elasticsearch/elasticsearch.yml" file. Script elasticsearch.sh will add the required indices and some initial data in the Elasticsearch cluster:
./elasticsearch.sh
In the sequel, Kibana index patterns should be configured from the Kibana User Interface. In Kibana, the "wifimon" index pattern can be created from Management/Stack Management/Index Patterns. The following details should be provided:
Index pattern: wifimon
- Time Filter field name: timestamp
Index pattern ID: wifimon_v0.1 (advanced options should be selected to see this field)
and the following details are required to create "probes" index (for the metrics collected from the WiFiMon Hardware Probes):
Index pattern: probes
- Time Filter field name: timestamp
Index pattern ID: probes_v0.1 (advanced options should be selected to see this field)
After the creation of index patterns, the necessary visualizations and dashboards should be imported. To that end, the kibana-import.ndjson file should be imported in the Management/Stack Management/Saved Objects tab.
Finally, WiFiMon properties should be configured in the files (secure-processor.properties, ui.properties) of the WiFiMon config directory. Notably, WiFiMon uses HMAC SHA-512 encryption to encrypt sensitive data (End User IP addresses, End User MAC addresses) that are stored in the Elasticsearch cluster and visualized by Kibana. In secure-processor.properties, the key of this algorithm must be defined (property "sha.key"). This key is of type String and the reader could select any well-formatted string, preferably of big length. This string is defined only in the secure-processor.properties configuration file.
Apart from the "sha.key" property, the WiFiMon administrator is required to provide the port on which the WAS listens (property "server.port"), i.e. 9000 for the case of the WiFiMon Non-Secure Agent. Later, this documentation demonstrates how to install the WiFiMon Secure Agent; the WiFiMon Administrator is then required to change the value of the "server.port" property to 8443 from 9000.
Moreover, the WiFiMon Administrator should set the value of the PostgreSQL properties according to what was provided in the 2nd step of this documentation. Based on the example values of our documentation, "spring.datasource.url" can be defined as "jdbc:postgresql://localhost:5432/wifimon_database" and "spring.datasource.username", "spring.datasource.password" properties can be defined as "wifimon_user", "wifimonpass" respectively. Please, make sure that you change the aforementioned password to secure your PostgreSQL database setup.
Afterwards, the WiFiMon Administrator is required to provide the name of the Elasticsearch cluster ("elasticsearch.clustername" property) that was provided in step 4 of this documentation (e.g. "elasticsearch" in this guide) and the FQDN Elasticsearch listens on for the "elasticsearch.host" property.
Finally, a JSON exporter is supported by WiFiMon. This exports measurements of hardware probes towards a JSON collector. It is designed for the eduroam JSON collector, but it could be adapted to the needs of the WiFiMon user. If you want to disable this process, property "json.collect" should be to "false", otherwise to "true". The URL of the JSON collector should be specified at the property "json.collector".
In ui.properties, the WiFiMon Administrator is expected to provide the values for the PostgreSQL properties (the same as in the secure-processor.properties file) as well as the Kibana properties. Specifically, the WiFiMon Administrator should insert the FQDN Kibana listens on ("server.host.name" property), the protocol used by Kibana ("kibana.protocol" property), which is "http" for the WiFiMon Non-Secure Agent (this step) or "https" for the WiFiMon Secure Agent (step 7 of this documentation) as well as the port Kibana listens to ("kibana.port" property), which is usually 5601. Finally, WiFiMon provides methods for checking if a new software version is available. To that end, the running version of the WiFiMon software is compared with the most recent version that is stored within a VM provided by GEANT. Moreover, this VM keeps some statistics of WiFiMon end users involving their IP address and running version. The purpose of this is to track how many users are currently utilizing WiFiMon and what versions. If the WiFiMon end user wants to be excluded from this process, "user.tracking" should be changed to "no".
Starting the WiFiMon Secure Agent and WiFiMon GUI requires the following command:
./start.sh
6. WiFiMon Code Compilation
Note: This step is only required if the WiFiMon Code is modified by the reader to include new features.
The WiFiMon code can be obtained from the official repository (https://bitbucket.software.geant.org/projects/WFMON/repos/agent/browse). A requirement to compile WiFiMon code is Apache Maven. It can be installed via the following commands:
sudo apt-get update sudo apt-get install -y maven
Within the WiFiMon code folder (cd agent), the WiFiMon code ban be compiled using the following commands:
mvn clean install mvn package
Afterwards, WiFiMon war files should be copied in the /usr/lib/wifimon directory:
cp agent/wifimon-assembly/target/wifimon-agent-bin/secure-processor-1.4.1.war /usr/lib/wifimon/secure-processor-1.4.1.war cp agent/wifimon-assembly/target/wifimon-agent-bin/ui-1.4.1.war /usr/lib/wifimon/ui-1.4.1.war
7. Configuration of the WiFiMon Secure Agent
Configuration of the WiFiMon Secure Agent will be demonstrated using a Let’s encrypt certificate. Readers are free to use whatever certificate they prefer.
In the sequel, we assume that both the WAS and the WiFiMon Test Server (WTS) are installed within the same machine and thus, they depend on the same certificate. Notably, the WAS and the WTS could be installed in separate machines. Moreover, the configuration is demonstrated for an Apache web server. However, any web server could be selected.
Firstly, installation of certbot is required:
sudo apt-get update sudo apt-get install -y certbot
A certificate must be requested for the FQDN of the WAS/WTS, referred as WAS_FQDN:
certbot certonly --webroot -w /var/www/html -d WAS_FQDN
Note: Prior to this step, connections to port 80 must be allowed. If a web server is already installed on the machine, it should be temporarily stopped.
Issued certificates should be renewed regularly using the following command:
certbot renew
Next, generated certificates/keys will be inserted in the Apache configuration files. File /etc/apache2/sites-available/default-ssl.conf should be edited and the following lines should be changed based on the FQDN of the WAS/WTS, referred as WAS_FQDN.
SSLCertificateFile /etc/letsencrypt/live/WAS_FQDN/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/WAS_FQDN/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/WAS_FQDN/chain.pem |
Changes should be applied and SSL should be enabled using the following commands:
a2ensite default-ssl a2enmod ssl systemctl restart apache2
More information is available in the following links from which the above commands are taken:
https://www.server-world.info/en/note?os=Ubuntu_18.04&p=ssl&f=2
https://www.server-world.info/en/note?os=Ubuntu_18.04&p=httpd&f=8
The following files should be copied in /usr/lib/wifimon/keystore:
cp /etc/letsencrypt/live/WAS_FQDN/cert.pem /usr/lib/wifimon/keystore/cert.pem cp /etc/letsencrypt/live/WAS_FQDN/privkey.pem /usr/lib/wifimon/keystore/privkey.pem cp /etc/letsencrypt/live/WAS_FQDN/chain.pem /usr/lib/wifimon/keystore/chain.pem
Within /usr/lib/wifimon/keystore folder, PEM certificates should be converted to Java Keystore (JKS) format using the following commands:
openssl pkcs12 -export -in cert.pem -inkey privkey.pem -certfile cert.pem -out testkeystore.p12 keytool -importkeystore -srckeystore testkeystore.p12 -srcstoretype pkcs12 -destkeystore wifimon.jks -deststoretype JKS
Passwords should be provided when prompted and noted.
In /usr/lib/wifimon/config/secure-processor.properties, the following changes should be made:
server.port=8443 server.ssl.key-store=./keystore/wifimon.jks server.ssl.key-store-password=[PASSWORD_keystore] server.ssl.key-password=[PASSWORD_key] |
In /usr/lib/wifimon/config/ui.properties, the following changes should be made:
server.ssl.key-store=./keystore/wifimon.jks server.ssl.key-store-password=[PASSWORD_keystore] server.ssl.key-password=[PASSWORD_key] kibana.protocol=https |
Furthermore, the following parameters of the file /etc/kibana/kibana.yml should be changed:
server.ssl.enabled: true server.ssl.certificate: /usr/lib/wifimon/keystore/cert.pem server.ssl.key: /usr/lib/wifimon/keystore/privkey.pem |
Moreover, in the WTS test pages, the agentPort should be agent from 9000 to 8443 in every testtool HTML page as well as http to https. Moreover, http should be changed to https in /var/www/html/wifimon/js/nettest/nettest-swfobject.js. This is a file related to the NetTest testtool. More information about these parameters is included in the WiFiMon Test Server (WTS) installation guide.
WiFiMon is now configured to use HTTPS for WiFiMon GUI and Agent.
8. Configuring ELK Stack Security (X-Pack)
In the sequel, we will secure the ELK stack using the X-Pack Elastic Stack extension and self-signed certificates. This section follows the complementary guide "Streaming Logs Into ELK Cluster" that is included in the WiFiMon documentation and mainly focuses on what configuration is needed regarding interfacing X-Pack with the WiFiMon code and the Secure Process and UI property files. Notably, the complementary guide "Streaming Logs Into ELK Cluster" details more advanced setups, e.g. multi-node clusters. However, in this section we focus on explaining the configuration required for a single-node setup.
Following the subsection 3.4 from the complementary guide, we assume that the WiFiMon User has generated the following certificates and keys:
- ca.crt and ca.key: These are the certificate and private key of the Certificate Authoritaty (CA).
- elasticsearch.crt and elasticsearch.key: These are the certificate and private key for Elasticsearch.
- kibana.crt and kibana.key: These are the certificate and private key for Kibana.
Note that certificates are issued for a FQDN. In this single-node setup, both Elasticsearch and Kibana certificates will be issued for the FQDN of the WAS.
After issuing the certificates and generating the required private keys, you should copy them to the appropriate folders:
mkdir /etc/elasticsearch/certs mkdir /etc/kibana/certs cp /usr/share/elasticsearch/ca/* /etc/elasticsearch/certs/ cp /usr/share/elasticsearch/ca/* /etc/kibana/certs/ cp /usr/share/elasticsearch/elasticsearch/* /etc/elasticsearch/certs/ cp /usr/share/elasticsearch/elasticsearch/* /etc/kibana/certs/ cp /usr/share/elasticsearch/ca/* /usr/lib/wifimon/keystore/ cp /usr/share/elasticsearch/elasticsearch/* /usr/lib/wifimon/keystore/
Then, you should configure the Elasticsearch keystore based on the information provided in the subsection 10.1 of the complementary WiFiMon guide.
In /etc/elasticsearch/elasticsearch.yml the following information should be added and the Εlasticsearch cluster should be then restarted:
xpack.security.enabled: true (you have previously set this value to false) xpack.security.http.ssl.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: full xpack.security.http.ssl.key: /etc/elasticsearch/certs/elasticsearch.key xpack.security.http.ssl.certificate: /etc/elasticsearch/certs/elasticsearch.crt xpack.security.http.ssl.certificate_authorities: /etc/elasticsearch/certs/ca.crt xpack.security.transport.ssl.key: /etc/elasticsearch/certs/elasticsearch.key xpack.security.transport.ssl.certificate: /etc/elasticsearch/certs/elasticsearch.crt xpack.security.transport.ssl.certificate_authorities: /etc/elasticsearch/certs/ca.crt |
Next, passwords for the built-in users should be generated according to the information of the subsection 4.4 provided in the complementary WiFiMon guide for the FQDN of the WAS in this single-node setup. These passwords are not provided again and should be noted.
The next step is to configure Kibana keystore as explained in the subsection 10.2 of the complementary WiFiMon guide.
In /etc/kibana/kibana.yml, the following details should be added and Kibana should be restarted:
elasticsearch.hosts: ["https://WAS_FQDN:9200"] elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/certs/ca.crt" ] elasticsearch.ssl.verificationMode: full |
Note: Make sure that certificates and keys in /etc/elasticsearch/certs/, /etc/kibana/certs/ and /usr/lib/wifimon/keystore/ are accessible by both Εlasticsearch and Kibana.
Next, the WiFiMon Agent properties should be configured. The truststore for X-Pack will be created using the following command:
keytool -import -trustcacerts -alias root -file /usr/lib/wifimon/keystore/ca.crt -keystore /usr/lib/wifimon/keystore/truststore.jks
The keystore for X-Pack will be created using the following commands:
cat /usr/lib/wifimon/keystore/elasticsearch.crt /usr/lib/wifimon/keystore/elasticsearch.key > /usr/lib/wifimon/keystore/combined.crt keytool -import -trustcacerts -alias yourdomain -file /usr/lib/wifimon/keystore/combined.crt -keystore /usr/lib/wifimon/keystore/keystore.jks
File /usr/lib/wifimon/config/secure-processor.properties should be edited and the following lines should be added:
xpack.security.enabled=true ssl.certificate.type=keystore ssl.http.user.username=elastic ssl.http.user.password=[elastic built-in user password] ssl.http.keystore.filepath=/usr/lib/wifimon/keystore/keystore.jks ssl.http.keystore.password=[keystore.jks password] ssl.http.truststore.filepath=/usr/lib/wifimon/keystore/truststore.jks ssl.http.truststore.password=[truststore.jks password] ssl.http.key.password=[elasticsearch.key password] |
9. The WiFiMon GUI
The installation is now complete. The WiFiMon GUI can be accessed at: https://WAS_FQDN:8441/login (see Figure 1)
The Kibana UI is available at https://WAS_FQDN:5601
Figure 1: WiFiMon login page
Credentials to login as ADMIN (see Section 2.5):
Email: admin@test.com
Password: admin1
The following tabs are available from the WiFiMon GUI:
Overview: Overview of the measurements for the current day, automatically updated every 30 seconds
Measurements: Measurements for the current day, automatically updated every 30 seconds
Subnets: This tab includes performance measurements for WiFiMon End Users (not WiFiMon Hardware Probes) in the monitored Subnets. By default, the measurements of all WiFiMon End Users are depicted regardless of the Subnet they reside. Visualizing measurements for a specific Subnet requires adding a Kibana filter (along with the existing one) from the "Add filter" option on top. For the example subnet a.b.c.d/xx, the Kibana filter is "requesterSubnet is a.b.c.d/xx".
HWProbes: This tab includes measurements from the monitored WiFiMon Hardware Probes (not WiFiMon End Users) in the monitored Subnets. By default, the measurements of all WiFiMon Hardware Probes are depicted. Visualizing measurements for a specific WiFiMon Hardware Probe requires adding a Kibana filter (along with the existing one) from the "Add filter" option on top. Each WiFiMon Hardware Probe is assigned a number. For the measurements of the WiFiMon Hardware Probe assigned the number "1", the required Kibana filter is "probeNo is 1". Assigning a number in each WiFiMon Hardware Probe is possible via the "testtool" attribute of the WiFiMon monitored test pages. More information is available in the WiFiMon Test Server installation guide.
Statistics:
Pie Statistics for current day, automatically updated every 30 seconds
Table Statistics for current day, automatically updated every 30 seconds
Maps:
Clients Maps, map with the measurement count from clients location in current day, automatically updated every 30 seconds
APs Maps, map with the measurement count from APs location in current day, automatically updated every 30 seconds
Configuration:
Subnets: Add/remove Subnets that are allowed to perform measurements
Access Points: Add remove information (MAC, latitude, longitude, etc.) about Access Points (necessary to depict measurements in APs Maps page)
Users: Add/remove users to login to the WiFiMon GUI (role "USER" does not have access "Configuration" and "Guide" tabs)
Privacy / Correlation: Hide/show user-related data, select the method to allow the correlation between measurements, client IP and AP MAC
Guide: Instruction on how to embed scripts (to perform measurements) to websites and locally install the available performance tests (NetTest, boomerang, speedtest/HTML5)
Help: Instruction on how to get help
- Check for updates: Check for newer versions of WiFiMon software.
As a first step you should add the Subnet of your WiFi network to allow measurements.
Figure 2: Overview tab of WiFiMon GUI
Figure 3: Subnets tab of WiFiMon GUI
Figure 4: HWProbes tab (Performance metrics)