You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

WiFiMon Analysis Station (WAS) receives:

  • Results of crowdsourced measurements streamed from End Users in the monitored WiFi networks.
  • Results of deterministic measurements streamed from WiFiMon Hardware Probes in the monitored WiFi networks.
  • RADIUS Logs from RADIUS Servers.
  • Wireless network performance metrics streamed from WiFiMon Hardware Probes.

Note that:

  • The above 4 types of information are independent of one another and WiFiMon Administrators may opt for not implementing one or more of them.
  • The WiFiMon Analysis Station may be located inside or outside of the monitored WiFi networks.

The WiFiMon Agent is a software component of the WiFiMon Analysis Station that: 

  • Analyzes crowdsourced measurements received from End Users and correlates them with information received from RADIUS Logs if this information is available.
  • Analyzes deterministic measurements received from WiFiMon Hardware Probes and correlates them with information received from RADIUS Logs if this information is available.
  • Analyzes wireless network performance metrics received from WiFiMon Hardware Probes.
  • Stores results of analysis and correlation.

The WiFiMon GUI is a software component closely associated with the WiFiMon Agent that allows the Administrators to inspect their monitored WiFi networks.

In the rest of the guide, we refer to the WiFiMon Agent as Non-Secure WiFiMon Agent if crowdsourced and deterministic measurements are streamed over HTTP or Secure WiFiMon Agent if measurements are streamed over HTTPS.

The guide presents the commands needed to install the WiFiMon Analysis Station (WAS) in a Debian-based distribution (Debian, Ubuntu, etc.). Other distributions can also be used, by adjusting the apt install commands appropriately.

0. Prerequisites to Install the WiFiMon Analysis Station (WAS)

To install WiFiMon Analysis Station (WAS) successfully, the following software components are required:

  • WiFiMon Agent package
  • PostgreSQL (required, tested on version 10.12)
  • Java 8
  • Elasticsearch (required, tested on version 7.4.2)
  • Kibana (required, tested on version 7.4.2)
  • Logstash (required in case of correlation with RADIUS and DHCP Logs, tested on version 7.4.2)

The following ports must be available on the WAS. However, the ports may be changed manually depending on your needs:

  • 5044: for Logstash
  • 5432: for PostgreSQL
  • 5601: for Kibana
  • 8441: for WiFiMon GUI
  • 8443: for WiFiMon Secure Agent
  • 9000: for WiFiMon Non-secure Agent (optional)
  • 9200: for communication with Elasticsearch

1. Overview of the WiFiMon Analysis Station (WAS) Installation

A summary of the mandatory steps for the installation (detailed in the linked sections below):

There are also some optional steps:

2. PostgreSQL

Installing PostgreSQL from a package manager requires using the following commands:

sudo apt-get install -y postgresql postgresql-contrib

By default, PostgreSQL is configured to listen on localhost. We suggest that this default configuration is not modified.

After the installation of PostgreSQL, the database and tables required by WiFiMon should be created.  Detailed instructions are included in the following subsections.

2.1. Database and User Creation

The following code block includes the appropriate SQL commands required to create (i) a database that will store information related to Subnets and Access Points monitored by WiFiMon as well as accounts of users that can access the WiFiMon GUI and (ii) a user that will be able to access this database. The following commands create the (i) database "wifimon_database" and (ii) the user "wifimon_user" with password "wifimonpass". We strongly suggest that these example names are changed in production environments.

Accessing PostgreSQL requires becoming user "postgres". This is possible from the "root" user using the command “su postgres”. Afterwards, the terminal-based front-end of PostgreSQL is accessed using the command "psql". 

CREATE USER wifimon_user WITH PASSWORD 'wifimonpass';
CREATE DATABASE wifimon_database OWNER wifimon_user;

After the creation of the database "wifimon_database", selecting this database is possible via the following command:

\c wifimon_database;


The following subsections include the commands that are necessary for the creation of the required tables.

2.2. Creation of "subnets" Table

WiFiMon measures the performance of WiFi networks by embedding JavaScript code in frequently visited websites. Performance tests are triggered when End Users visit these websites and, in particular, after a web page is loaded so that browsing experience is not impacted by WiFiMon. Notably, these websites are not only visited by End Users residing in the monitored subnets, but also from End Users outside them. Thus, alleviating the WAS from processing excessive traffic requires that performance tests consider measurements originating only from the WiFi networks that are monitored. To that end, a list of the registered subnets from which End User measurements are processed by the WAS are maintained in subnets table. The creation of this table is detailed in the following code block.

CREATE TABLE subnets (
subnet text,
subnet_id serial PRIMARY KEY );

2.3. Creation of "users" Table

WiFiMon GUI can be accessed by two types of WiFiMon Users: ADMIN and USER. ADMIN has full access to the WiFiMon GUI and can for example add/remove registered Subnets and Access Points, and add/remove Users. USER has limited rights and may only navigate through the measurements results and timeseries dashboards. Table users is used to store the WiFiMon Users information in the database.

CREATE TABLE users (
id serial PRIMARY KEY,
email text NOT NULL,
password_hash text NOT NULL,
role text NOT NULL);

2.4. Creation of "accesspoints" Table

Table accesspoints is used to store the Access Point information (latitude, longitude, building, floor, notes) in the database. This information is later used to depict the measurements per Access Point.

CREATE TABLE accesspoints (
apid serial PRIMARY KEY,
mac text NOT NULL,
latitude text,
longitude text,
building text,
floor text,
notes text);

2.5. Creation of "options" Table

Options table stores important privacy settings such as hiding or showing End User related data in the WiFiMon GUI. Correlation options are also included in this table.

CREATE TABLE options (
optionsid serial PRIMARY KEY,
userdata text NOT NULL,
uservisualoption text NOT NULL,
correlationmethod text NOT NULL
);

Now, exit from the database by entering \q.

Set Privileges

To set SELECT, INSERT, DELETE, UPDATE privileges to wifimon_user, follow the commands bellow:

su postgres

psql


GRANT USAGE ON SCHEMA public to wifimon_user;
GRANT CONNECT ON DATABASE wifimon_database to wifimon_user;

\c wifimon_database

GRANT USAGE ON SCHEMA public to wifimon_user;
GRANT SELECT ON subnets, users, accesspoints, options TO wifimon_user;
GRANT INSERT ON subnets, users, accesspoints, options TO wifimon_user;
GRANT DELETE ON subnets, users, accesspoints, options TO wifimon_user;
GRANT UPDATE ON accesspoints, options TO wifimon_user;
GRANT USAGE, SELECT ON SEQUENCE subnets_subnet_id_seq TO wifimon_user;
GRANT USAGE, SELECT ON SEQUENCE users_id_seq TO wifimon_user;
GRANT USAGE, SELECT, UPDATE ON SEQUENCE options_optionsid_seq TO wifimon_user;
GRANT USAGE, SELECT, UPDATE ON SEQUENCE accesspoints_apid_seq TO wifimon_user;


Exit from the database by entering \q.

Create an admin account to login

An initial ADMIN WiFiMon User should be created to allow access to the WiFiMon GUI.

su postgres

psql


\c wifimon_database

INSERT INTO users VALUES ('1', 'admin@test.com', '$2a$06$AnM.QevGa4BPGg7hc3nEBua6stnbZ8h4PrCjSbDxW.LWL7t4MX8vO', 'ADMIN');


By inserting this entry to the users table, you will be able to login as ADMIN with the following credentials (this account can be later deleted from the WiFiMon GUI; however, an ADMIN account should always be present in order to access the GUI and manage the WiFiMon Users, Access Points and Subnets):

Email: admin@test.com

Password: admin1

We suggest that you change your password from the WiFiMon GUI when the installation is complete (Section 5).

3. Java 8

To install Java 8, please see the instructions at HERE. These instructions are tested for a Debian 10 Installation and will install the OpenJDK 8 using the AdoptOpenJDK repository. The following commands are taken from the aforementioned link:

sudo apt update
sudo apt install apt-transport-https ca-certificates wget dirmngr gnupg software-properties-common
wget -qO - https://adoptopenjdk.jfrog.io/adoptopenjdk/api/gpg/key/public | sudo apt-key add -
sudo add-apt-repository --yes https://adoptopenjdk.jfrog.io/adoptopenjdk/deb/
sudo apt update
sudo apt install adoptopenjdk-8-hotspot

Verify that Java is installed with the following command: java -version

Set the JAVA_HOME variable: Print the Java alternatives in your system with "sudo update-alternatives --config java"

Make changes to the /etc/environment file based on the output of the previous command. For the adoptojdk-8-hotspot, enter:

JAVA_HOME="/usr/lib/jvm/adoptopenjdk-8-hotspot-amd64", i.e without /bin/java at the end.

Apply changes: source /etc/environment

Note that Ubuntu 18.04 repositories still include Java 8 which can be installed by:

apt-get install -y default-jdk default-jre

4. Elasticsearch and Kibana

To install Elasticsearch and Kibana, execute the following commands:

  • Elasticsearch 7.4.2

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.4.2-amd64.deb
sudo dpkg -i elasticsearch-7.4.2-amd64.deb

  • Kibana 7.4.2

wget https://artifacts.elastic.co/downloads/kibana/kibana-7.4.2-amd64.deb
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.4.2-amd64.deb.sha512
shasum -a 512 kibana-7.4.2-amd64.deb
sudo dpkg -i kibana-7.4.2-amd64.deb

Elasticsearch Configuration

In the configuration file of Elasticsearch (/etc/elasticsearch/elasticsearch.yml), insert/change the following lines. Note that, bold parts must be adjusted to your particular configuration. In the following, we configure Elasticsearch to be accessible from the outside of the WiFiMon Analysis Station

cluster.name: elasticsearch
node.name: ${HOSTNAME}
node.master: true
node.voting_only: false
node.data: true
node.ingest: true
node.ml: false
cluster.remote.connect: false
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: INSERT the Fully Qualified Domain Name (WAS_FQDN) to which the server listens
discovery.seed_hosts: [“INSERT the WAS_FQDN to which the server listens”]
cluster.initial_master_nodes: INSERT the HOSTNAME (not WAS_FQDN) of the server
xpack.ml.enabled: false
xpack.security.enabled: false

You may start the Elasticsearch cluster with: service elasticsearch restart

Verify that Elasticsearch is running via: netstat -tlnpu (ports 9200, 9300)

Note that "cluster.initial_master_nodes" must be commented out after the first initialization of your Elasticsearch cluster. The above configuration assumes that your setup includes only one Elasticsearch node. For more advanced setups, you may find information in the following WiFiMon guide "RADIUS Logs Streaming to Elasticsearch - Simulation".

Kibana Configuration

After the installation some configurations are required. Open the Kibana configuration file (/etc/kibana/kibana.yml) and make the following changes in the corresponding sections/fields of the configuration file. Note that, bold parts must be adjusted to your particular configuration.

server.port: 5601
server.host: “INSERT the Fully Qualified Domain Name (WAS_FQDN) to which the server listens
server.name: “wifimon-kibana”
elasticsearch.hosts: [“http://WAS_FQDN:9200”]
server.ssl.enabled: false

You may start Kibana with: service kibana restart

Verify that kibana is running via: netstat -tlnpu (port 5601)

5. WiFiMon Installation

To install WiFiMon, use the following commands:

wget https://fl-5-205.unil.cloud.switch.ch/wifimon-agent-0.1.1-SNAPSHOT.deb --no-check-certificate

sudo apt-get update
sudo apt-get install -y gdebi
sudo gdebi wifimon-agent-0.1.1-SNAPSHOT.deb

Afterwards, you will be able to see the following files in /usr/lib/wifimon/ directory of the installation computer:

  • elasticsearch.sh: Script to create Elasticsearch indices

  • kibana-import.ndjson: JSON file to be imported in Kibana to create the necessary visualizations and dashboards

  • start.sh: Script for starting WiFiMon GUI and Agent

  • secure-processor-0.1.1.war: This incorporates both the WiFiMon Secure and Non-Secure Agent.

  • ui-0.1.1.war: This incorporates the WiFiMon GUI.

  • config: Directory with configuration files that need to be filled in

  • keystore: Directory where the Java Keystore should be stored in order to run WiFiMon Agent and GUI on HTTPS

  • probes: Contains files related to the configuration of WiFiMon Hardware Probes.
  • subnets: Contains files related to the configuration of the different subnets visualization.

Give permissions to execute the scripts with the following commands:

chmod +x elasticsearch.sh
chmod +x start.sh

Before executing script elasticsearch.sh, you must install “curl”. This can be done using the following commands:

sudo apt-get update
sudo apt-get install -y curl

You should edit the elasticsearch.sh script based on what interface your Elasticsearch cluster listen on. You should provide the FQDN of the WAS or localhost if the WAS listens on localhost. Add the required indices and some initial data in the Elasticsearch cluster by executing the elasticsearch.sh script.

./elasticsearch.sh

Go to Kibana page, select Management and press Index Patterns to configure them. Insert the following to create wifimon index:

  • Index pattern: wifimon

  • Time Filter field name: timestamp

  • Index pattern ID: wifimon_v0.1 (press advanced options to see this field)

and the following to create radiuslogs index (for the correlation RADIUS Logs with measurements):

  • Index pattern: radiuslogs

  • Time Filter field name: Timestamp

  • Index pattern ID: radiuslogs_v0.1 (press advanced options to see this field)

and the following to create probes index (for the metrics collected from the WiFiMon Hardware Probes):

  • Index pattern: probes

  • Time Filter field name: timestamp

  • Index pattern ID: probes_v0.1 (press advanced options to see this field)

and the following to create dhcplogs index (for correlation with DHCP logs):

  • Index pattern: dhcplogs

  • Time Filter field name: timestamp

  • Index pattern ID: dhcplogs_v0.1 (press advanced options to see this field)

After you create the index pattern go to Saved Objects tab, press Import and import the kibana-import.ndjson to create the necessary visualizations and dashboards.

Go to config directory and fill in the configuration files (secure-processor.properties, ui.properties). You may ignore the processor.properties file. Note that WiFiMon uses HMAC SHA-512 encryption to encrypt sensitive data (End User IP addresses, End User MAC addresses) that are stored in the Elasticsearch cluster and visualized by Kibana. In secure-processor.properties, you have to define the key of this algorithm (type String).

Start the WiFiMon Secure Agent and WiFiMon GUI: ./start.sh

6. Compile WiFiMon Code

Note: This step is only required if you make changes to the WiFiMon Code, as the ones listed in sections below.

Get the WiFiMon code from the official repository (https://bitbucket.software.geant.org/projects/WFMON/repos/agent/browse). A requirement to compile WiFiMon code is Apache Maven. You can install it via the following commands:

sudo apt-get update
sudo apt-get install -y maven

Enter the WiFiMon code folder: cd agent

Compile the WiFiMon code using the following commands:

mvn clean install
mvn package

Copy the WiFiMon files in the /usr/lib/wifimon directory:

cp /agent/wifimon-assembly/target/wifimon-agent-bin/secure-processor-0.1.1-SNAPSHOT.war /usr/lib/wifimon/secure-processor-0.1.1.war
cp /agent/wifimon-assembly/target/wifimon-agent-bin/ui-0.1.1-SNAPSHOT.war /usr/lib/wifimon/ui-0.1.1.war

7. Configuring WiFiMon Secure Agent

We will demonstrate the configuration of the WiFiMon Secure Agent with a Let’s encrypt certificate. WiFiMon Administrators are free to use whatever certificates they prefer. In the following, we assume that both WiFiMon Analysis Station and WiFiMon Test Server are installed in the same server and thus, use the same certificate. WiFiMon Administrators may install them in separate servers.

First, you have to install certbot:

sudo apt-get update
sudo apt-get install -y certbot

Request a certificate for the FQDN of your server:

certbot certonly --webroot -w /var/www/html -d WAS_FQDN

Note: Before this step, you need to allow connections to your Apache Web Server.

Issued certificates can be renewed with: certbot renew

Next, we will insert generated certificates/keys in the Apache configuration files. Edit file /etc/apache2/sites-available/default-ssl.conf and change the following lines:

SSLCertificateFile /etc/letsencrypt/live/WAS_FQDN/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/WAS_FQDN/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/WAS_FQDN/chain.pem

Apply changes and enable SSL:

a2ensite default-ssl
a2enmod ssl
systemctl restart apache2

You may find more information in the following links:

https://www.server-world.info/en/note?os=Ubuntu_18.04&p=ssl&f=2

https://www.server-world.info/en/note?os=Ubuntu_18.04&p=httpd&f=8

Copy these files in /usr/lib/wifimon/keystore:

cp /etc/letsencrypt/live/WAS_FQDN/cert.pem /usr/lib/wifimon/keystore/cert.pem
cp /etc/letsencrypt/live/WAS_FQDN/privkey.pem /usr/lib/wifimon/keystore/privkey.pem
cp /etc/letsencrypt/live/WAS_FQDN/chain.pem /usr/lib/wifimon/keystore/chain.pem

Navigate to /usr/lib/wifimon/keystore folder. PEM certificates should be converted to Java Keystore (JKS) format:

openssl pkcs12 -export -in cert.pem -inkey privkey.pem -certfile cert.pem -out testkeystore.p12
keytool -importkeystore -srckeystore testkeystore.p12 -srcstoretype pkcs12 -destkeystore wifimon.jks -deststoretype JKS

Enter and note passwords when prompted.

In /usr/lib/wifimon/config/secure-processor.properties, make the following changes:

server.port=8443
server.ssl.key-store=./keystore/wifimon.jks
server.ssl.key-store-password=[PASSWORD_keystore]
server.ssl.key-password=[PASSWORD_key]

In /usr/lib/wifimon/config/ui.properties, make the following changes:

server.ssl.key-store=./keystore/wifimon.jks
server.ssl.key-store-password=[PASSWORD_keystore]
server.ssl.key-password=[PASSWORD_key]
kibana.protocol=https

Furthermore, change the following parameters of the file /etc/kibana/kibana.yml:

server.ssl.enabled: true
server.ssl.certificate: /usr/lib/wifimon/keystore/cert.pem
server.ssl.key: /usr/lib/wifimon/keystore/privkey.pem

Moreover, in your WiFiMon Test Server, change the agentPort from 9000 to 8443 in every testtool HTML page as well as http to https. Moreover, do not forget to change http to https in /var/www/html/wifimon/js/nettest/nettest-swfobject.js.

WiFiMon is now configured to use HTTPS for WiFiMon GUI and Agent.

8. Configuring ELK Stack Security (X-Pack)

We will secure the ELK stack using a self-signed certificate. First, you have to create the file “/usr/share/elasticsearch/instances.yml” with the following contents:

instances:
      - name: elasticsearch
        dns: WAS_FQDN
        ip: WAS_IP

Note: In case you also configure Logstash, instances.yml requires additional information. Please, see the following WiFiMon guide "RADIUS Logs Streaming to Elasticsearch - Simulation". You should combine the information provided in these two guides to fully configure the WiFiMon Analysis Server.

Then, you will generate the certificate of the Certificate Authority (CA) and its corresponding key. Use the following command:

/usr/share/elasticsearch/bin/elasticsearch-certutil ca --ca-dn CN=’WiFiMon CA’ --days 3650 --keysize 4096 --out wifimon-ca.zip --pass --pem

This command will create the file “wifimon-ca.zip” in /usr/share/elasticsearch directory. Unzip this file using the following command:

unzip /usr/share/elasticsearch/wifimon-ca.zip

Then, you will generate the self-signed certificate and the corresponding key. Use the following command:

/usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca-cert /usr/share/elasticsearch/ca/ca.crt --ca-key /usr/share/elasticsearch/ca/ca.key --days 1234 --in /usr/share/elasticsearch/instances.yml --keysize 4096 --out wifimon-certs.zip --pass --pem

This command will create wifimon-certs.zip file in /usr/share/elasticsearch directory. Unzip this file using the following command:

unzip /usr/share/elasticsearch/wifimon-certs.zip

Create directories /etc/elasticsearch/certs and /etc/kibana/certs. Copy files ca.crt, elasticsearch.key and elasticsearch.crt in the aforementioned directories and in /usr/lib/wifimon/keystore.

mkdir /etc/elasticsearch/certs
mkdir /etc/kibana/certs
cp /usr/share/elasticsearch/ca/* /etc/elasticsearch/certs/
cp /usr/share/elasticsearch/ca/* /etc/kibana/certs/
cp /usr/share/elasticsearch/elasticsearch/* /etc/elasticsearch/certs/
cp /usr/share/elasticsearch/elasticsearch/* /etc/kibana/certs/
cp /usr/share/elasticsearch/ca/* /usr/lib/wifimon/keystore/
cp /usr/share/elasticsearch/elasticsearch/* /usr/lib/wifimon/keystore/

Then, you will configure the elasticsearch keystore. Use the following command:

/usr/share/elasticsearch/bin/elasticsearch-keystore create

Add certificate key passphrase for HTTP communication protocol. Use the following command and enter the certificate key passphrase when prompted:

/usr/share/elasticsearch/bin/elasticsearch-keystore add xpack.security.http.ssl.secure_key_passphrase

Add certificate key for transport communication protocol and enter the certificate key passphrase:

/usr/share/elasticsearch/bin/elasticsearch-keystore add xpack.security.transport.ssl.secure_key_passphrase

Execute the following command:

/usr/share/elasticsearch/bin/elasticsearch-keystore list

and verify that you have the following:

keystore.seed
xpack.security.http.ssl.secure_key_passphrase
xpack.security.transport.ssl.secure_key_passphrase

In /etc/elasticsearch/elasticsearch.yml add the following and restart the Εlasticsearch cluster:

xpack.security.enabled: true   (you have previously set this value to false)
xpack.security.http.ssl.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: full
xpack.security.http.ssl.key: /etc/elasticsearch/certs/elasticsearch.key
xpack.security.http.ssl.certificate: /etc/elasticsearch/certs/elasticsearch.crt
xpack.security.http.ssl.certificate_authorities: /etc/elasticsearch/certs/ca.crt
xpack.security.transport.ssl.key: /etc/elasticsearch/certs/elasticsearch.key
xpack.security.transport.ssl.certificate: /etc/elasticsearch/certs/elasticsearch.crt
xpack.security.transport.ssl.certificate_authorities: /etc/elasticsearch/certs/ca.crt

Generate passwords for the built-in users. Note the passwords as they are not provided again. Inside directory /usr/share/elasticsearch/bin/, use the following command:

./elasticsearch-setup-passwords auto -u "https://WAS_FQDN:9200"

Configure Kibana keystore using the following command:

sudo -u kibana /usr/share/kibana/bin/kibana-keystore create

Use the following command and provide “kibana” as the username:

sudo -u kibana /usr/share/kibana/bin/kibana-keystore add elasticsearch.username

Use the following command and provide the password of the “kibana” built-in user:

sudo -u kibana /usr/share/kibana/bin/kibana-keystore add elasticsearch.password

Use the following command and provide the elasticsearch.key passphrase:

sudo -u kibana /usr/share/kibana/bin/kibana-keystore add server.ssl.keyPassphrase

Execute the following command:

sudo -u kibana /usr/share/kibana/bin/kibana-keystore list

and verify that you have the following:

elasticsearch.username
elasticsearch.password
server.ssl.keyPassphrase

In /etc/kibana/kibana.yml, add the following and restart Kibana:

elasticsearch.hosts: [“https://WAS_FQDN:9200”]
elasticsearch.ssl.certificateAuthorities: [ “/etc/kibana/certs/ca.crt” ]
elasticsearch.ssl.verificationMode: full

Make sure that certificates and keys in /etc/elasticsearch/certs/, /etc/kibana/certs/ and /usr/lib/wifimon/keystore/ are accessible by both Εlasticsearch and Kibana.

Next, you will configure the WiFiMon Agent properties. Create the truststore for X-Pack:

keytool -import -trustcacerts -alias root -file /usr/lib/wifimon/keystore/ca.crt -keystore /usr/lib/wifimon/keystore/truststore.jks

Create the keystore for X-Pack:

cat /usr/lib/wifimon/keystore/elasticsearch.crt /usr/lib/wifimon/keystore/elasticsearch.key > /usr/lib/wifimon/keystore/combined.crt

keytool -import -trustcacerts -alias yourdomain -file /usr/lib/wifimon/keystore/combined.crt -keystore /usr/lib/wifimon/keystore/keystore.jks

Edit /usr/lib/wifimon/config/secure-processor.properties and add the following lines:

xpack.security.enabled=true
ssl.certificate.type=keystore
ssl.http.user.username=elastic
ssl.http.user.password=[elastic built-in user password]
ssl.http.keystore.filepath=/usr/lib/wifimon/keystore/keystore.jks
ssl.http.keystore.password=[keystore.jks password]
ssl.http.truststore.filepath=/usr/lib/wifimon/keystore/truststore.jks
ssl.http.truststore.password=[truststore password]
ssl.http.key.password=[elasticsearch.key password]


9. Links to Installed Software

The installation is now complete and you can access:

The WiFiMon GUI at https://WAS_FQDN:8441/login (see Figure 1)

The Kibana admin page at https://WAS_FQDN:5601


Figure 1: WiFiMon login page

Credentials to login as ADMIN (see paragraph 1.1):

Email: admin@test.com

Password: admin1


Once you login, you will be able to see the following tabs at the top of the WiFiMon GUI:

  • Overview: Overview of the measurements in current day, automatically updated every 30 seconds

  • Measurements: Measurements in current day, automatically updated every 30 seconds

  • Timeseries: This tab includes measurements from all monitored subnets.

    • Download Timeseries for current day, automatically updated every 30 seconds

    • Upload Timeseries for current day, automatically updated every 30 seconds

    • Ping Timeseries for current day, automatically updated every 30 seconds

  • Subnets: This tab includes measurments from each monitored subnet separately.

  • HWProbes: This tab includes measurements from each monitored WiFiMon Hardware Probe separately.

  • Statistics:

    • Pie Statistics for current day, automatically updated every 30 seconds (Error: Reference source not found)

    • Table Statistics for current day, automatically updated every 30 seconds

  • Maps:

    • Clients Maps, map with the measurement count from clients location in current day, automatically updated every 30 seconds (Error: Reference source not found)

    • APs Maps, map with the measurement count from APs location in current day, automatically updated every 30 seconds

  • Configuration:

    • Subnets: Add/remove subnets that are allowed to perform measurements

    • Access Points: Add remove information (MAC, latitude, longitude, etc.) about access points (necessary to depict measurements in APs Maps page)

    • Users: Add/remove users to login to the WiFiMon GUI (role "USER" does not have access "Configuration" and "Guide" tabs)

    • Privacy / Correlation: Hide/show user-related data, select the method to allow the correlation between measurements, client IP and AP MAC

  • Guide: Instruction on how to embed scripts (to perform measurements) to websites and locally install the available performance tests (NetTest, boomerang, speedtest/HTML5)

  • Help: Instruction on how to get help

As a first step you should add the subnet of your WiFi network to allow measurements.


 

Figure 2: Overview tab of WiFiMon GUI


 

Figure 3: Subnet tab of WiFiMon GUI



Figure 4: HWProbes tab (Performance metrics)


Figure 5: HWProbes tab (Wireless network metrics)

  • No labels