An alchemists view from the bar

Network Security Alchemy

OpenFPC in 2014

with 2 comments

They say that time files, and they’re right (damn them, whoever they are). Lots of things have been going on in my life over the last year, but hey you likely don’t care about that, you’re here because you’re interested to find out if OpenFPC is still alive and growing… and the answer is yes – but with a bit of a twist.

So here are the big changes and updates you may like to know about.

  • Hosting has been moved from Googlecode SVN to git on github (
  • I’ve removed the GUI components from the install because I’m struggling to maintain them. I only *ever* used the command line interface anyway, so I expect many others are the same. They’re still in the same git repo for now, but not included in the installer.
  • Session searching now functions from the command line
  • Distributed session databases, each nodes keeps it’s own session data locally
  • If multiple nodes are all linked by a proxynode*, a session search from that proxy will take place *at* all nodes and all results are combined before transmitting them back to the client
  • Multiple TZs are supported. Each node works correctly in it’s own TZ, and when data is combined from multiple nodes in different TZs it functions
  • Added support for parsing passivedns logs (really cool, I’ll put together a walk though of how that works sometime)
  • I’ve wrapped together a release called 0.9 that contains all of these
  • None of the services run as root

There is still a long list of things that I’d like to do with the project, for example I’ve been playing with dancer to provide a full rest api. The next thing I need to do however is update docs, find a stable place to host downloads, sort out the website, then work out what to do with the whole GUI thing for those that used it. All topics for another day.

*I really need to rename “proxy” in the openfpc context… If anyone has a better suggestion for a name I’m all ears.

You can download 0.9 here for now while I try and sort out the old website and turn it into something maintainable. Alternatively you could just clone it from github


Here is a quick teaser of it in use, searching for sessions destined for TCP:22 that started within the last 10 minutes.




Written by leonward

September 15, 2014 at 11:00 am

Posted in Uncategorized

2 Responses

Subscribe to comments with RSS.

  1. Hi Leon,

    Firstly thank you very much for all of your hard work – I really love OpenFPC and the functionality it provides.

    I put together a Forensic Analysis Toolkit, of which your system plays a large part, and whilst spinning up the most recent deployment I came across this post.

    My questions are as follows:

    Will the previous GUI work if I lay it over the top of the new 0.9 code? As the GUI is necessary in this deployment instance.

    Is it possible to have the GUI on a web server, with the database only on a separate (potentially remote) MySQL server and the OpenFPC Sensor (the application) running on it’s own box? I have a need to split it up this way but have not had chance to test as yet, so figured I may as well ask whilst I ask the 0.9 question above.

    Cheers for any information you can give.


    Michael Dongworth

    October 2, 2014 at 9:29 am

    • Hi,

      The GUI shells out to call openfpc-client to extract data today, the next thing on my todo list (and I’m hoping to get to it while on my next long-haul flight) is to add a restfull API to improve how extraction can be called form external tools – including openfpc GUI.
      I’m sure that I’ll be able to hack it together, but seeing as I really don’t know PHP, it will likely suck (…just as much as today).

      Can you tell me more about your use case and forensic toolkit? How do you use OpenFPC, what for, how much, what type of things do you for?


      October 3, 2014 at 4:11 pm

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: