FastNetMon Advanced relies on MongoDB for configuration storage. It does not store traffic here or metrics but it stores every configuration option. MongoDB is crucial for FastNetMon to function properly.

FastNetMon uses upstream version of MongoDB from official site.

By default both FastNetMon daemon and fcli command line tool connect directly to MongoDB. Both tools use login “fastnetmon_user” and password from file /etc/fastnetmon/keychain/.mongo_fastnetmon_password.

For debugging purposes you can login into MongoDB with admin password following way:

mongo admin --username administrator --password `sudo cat /etc/fastnetmon/keychain/.mongo_admin`
use fastnetmon

For new installations you will need to use mongosh tool for management:

mongosh --username administrator --password `sudo cat /etc/fastnetmon/keychain/.mongo_admin`
use fastnetmon

Optionally, you can set your own connection information for MongoDB using configuration file /etc/fastnetmon/fastnetmon.conf with following information:

{
  "mongodb_host": "127.0.0.1",
  "mongodb_port": 27017,
  "mongodb_database_name": "fastnetmon",
  "mongodb_username": "fastnetmon_user",
  "mongodb_auth_source": "admin"
}

After that, please put password for mongodb_username to file /etc/fastnetmon/keychain/.mongo_fastnetmon_password.

In addition to configuration storage FastNetMon may store attack information in JSON format. You can enable this behavior following way:

sudo fcli set main mongo_store_attack_information true
sudo fcli commit

Attack information will be stored in collections with names attacks and mitigations. Data stored into attacks collection uses same format as web hook callbacks and JSON callback scripts.

For flow spec bans we store data into mitigations collection in following format:

{ "_id" : ObjectId("61254d9e09f2c264c71a152f"), "active" : true, "mitigation_source" : "automatic", "affected_host" : "0.0.0.0/32", "mitigation_type" : "flow_spec", "mitigation_uuid" : "f2411460-3904-4610-83f3-62632a9ba2a3", "details" : { "uuid" : "f2411460-3904-4610-83f3-62632a9ba2a3", "source_prefix" : "152.228.221.228/32", "destination_prefix" : "192.168.1.112/32", "destination_ports" : [ 34772 ], "source_ports" : [ 443 ], "packet_lengths" : [ 1492 ], "protocols" : [ "tcp" ], "fragmentation_flags" : [ "dont-fragment" ], "tcp_flags" : [ "ack|push" ], "action_type" : "discard", "action" : {  } } }

FastNetMon has logic to try connecting to MongoDB multiple times and you may find it in log file /var/log/fastnetmon/fastnetmon.log:

2022-08-11 12:28:20,459 [INFO] This is 1 try to connect to MongoDB
2022-08-11 12:28:20,459 [DEBUG] Start MongoDB connection checking
2022-08-11 12:28:20,459 [INFO] PING mongodb database fastnetmon
2022-08-11 12:28:20,460 [ERROR] Could not ping MongoDB: No suitable servers found (`serverSelectionTryOnce` set): [connection refused calling ismaster on '127.0.0.1:27017']: generic server error
2022-08-11 12:28:20,460 [INFO] Will do second try in 5 seconds
2022-08-11 12:28:25,460 [INFO] This is 2 try to connect to MongoDB
2022-08-11 12:28:25,460 [DEBUG] Start MongoDB connection checking
2022-08-11 12:28:25,460 [INFO] PING mongodb database fastnetmon
2022-08-11 12:28:25,460 [ERROR] Could not ping MongoDB: No suitable servers found (`serverSelectionTryOnce` set): [connection refused calling ismaster on '127.0.0.1:27017']: generic server error
2022-08-11 12:28:25,460 [INFO] Will do second try in 5 seconds
2022-08-11 12:28:30,460 [INFO] This is 3 try to connect to MongoDB
2022-08-11 12:28:30,460 [DEBUG] Start MongoDB connection checking
2022-08-11 12:28:30,460 [INFO] PING mongodb database fastnetmon
2022-08-11 12:28:30,461 [ERROR] Could not ping MongoDB: No suitable servers found (`serverSelectionTryOnce` set): [connection refused calling ismaster on '127.0.0.1:27017']: generic server error
2022-08-11 12:28:30,461 [INFO] Will do second try in 5 seconds

fcli has similar logic and it tries multiple times to establish connection to MongoDB:

sudo fcli
2022/08/11 12:48:35 We cannot establish connection with MongoDB: server selection error: context deadline exceeded, current topology: { Type: Unknown, Servers: [{ Addr: 127.0.0.1:27017, Type: Unknown, Last error: connection() error occurred during connection handshake: dial tcp 127.0.0.1:27017: connect: connection refused }, ] } Attempt number: 1

To investigate root cause of issues with MongoDB we recommend checking daemon status first:

sudo systemctl status mongod

And output for MongoDB instance looks like:

● mongod.service - MongoDB Database Server
   Loaded: loaded (/lib/systemd/system/mongod.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2022-08-11 12:29:46 BST; 3s ago
     Docs: https://docs.mongodb.org/manual
 Main PID: 8921 (mongod)
   CGroup: /system.slice/mongod.service
           └─8921 /usr/bin/mongod --config /etc/mongod.conf

Aug 11 12:29:46 fastlab1 systemd[1]: Started MongoDB Database Server.

If “Active” field differs from “active” then you may have issues with MongoDB.

In addition to systemd service status you may check that MongoDB process is running:

ps aux|grep mongo
mongodb    8921  0.3  0.2 1009456 73424 ?       Ssl  12:29   0:03 /usr/bin/mongod --config /etc/mongod.conf
odintsov   9465  0.0  0.0  12940   968 pts/0    S+   12:47   0:00 grep --color=auto mongo

First thing to check is your disk space usage. You need to have at least 10G of spare disk space for MongoDB to operate correctly, you can check disk space usage this way:

df -h

To find more reasons about issues with MongoDB we recommend checking log file /var/log/mongodb/mongod.log.

In addition to log file you may check systemd service logs this way:

sudo journalctl -u mongod -n 1000 -f

In case when your server runs out of disk space MongoDB terminates it’s daemons to prevent data corruption and you will need to start it again manually. You need to allocate more disk space to server or free up existing disk space. We recommend carefully investigating which service used all disk space to avoid same cases in future. It can be done using following command:

sudo systemctl start mongod

And then you need to restart FastNetMon as it depends on MongoDB:

sudo systemctl restart fastnetmon

You can check that FastNetMon is running well using fcli command:

sudo fcli show total_traffic_counters

24/7 Tech Support

support@fastnetmon.com

Email Us

sales@fastnetmon.com