Updated README and added Debian install guide in docs

[sbarbett]

As requested, I made some changes to the README. Rather than remove the CLI instructions entirely, I separated it into two sections - one for creating the container via-CLI and one for Compose.

I also added an INSTALL.debian.md file to the docs directory, briefly outlining the process I took to get this running in my own particular environment.

Hope this helps and please let me know if anything is off.

[sbarbett]

@richb-hanover just wanted to see if you had an opportunity to test this out. I've been running this container for about a month now and it seems to be working well after I fixed the problem I was having with the lock file. I haven't actually needed to use it to troubleshoot any real problems with my network, but it's nice to have a visual interface where I can see traffic and correlate it to things I was doing at that time. This is much more lightweight than many of the other options that were available.

[richb-hanover]

Thanks for the note. I finally had a chance to try out the new Dockerfile. I had a few problems:

1. The MAINTAINER command in the Dockerfile threw an error in my Docker Desktop (version 4.36.0). Commenting it out that line let me move on. What's the right replacement for that command?

   richb@Mac-mini2 wvnetflow-dockerized % docker build -t wvnr_img .
   [+] Building 0.2s (2/2) FINISHED                                                                                 docker:desktop-linux
    => [internal] load build definition from Dockerfile                                                                             0.0s
    => => transferring dockerfile: 5.19kB                                                                                           0.0s
    => WARN: MaintainerDeprecated: Maintainer instruction is deprecated in favor of using label (line 5)                            0.0s
    => ERROR [internal] load metadata for docker.io/phusion/baseimage:0.9.22                                                        0.2s
   ------
    > [internal] load metadata for docker.io/phusion/baseimage:0.9.22:
   ------
   
    1 warning found (use docker --debug to expand):
        - MaintainerDeprecated: Maintainer instruction is deprecated in favor of using label (line 5)
    Dockerfile:4
    --------------------
       2 |     # From https://sourceforge.net/projects/wvnetflow/
       3 |
       4 | >>> FROM phusion/baseimage:0.9.22
       5 |     MAINTAINER Rich Brown <[email protected]>
       6 |
    --------------------
    ERROR: failed to solve: phusion/baseimage:0.9.22: failed to resolve source metadata for docker.io/phusion/baseimage:0.9.22: error getting credentials - err: exit status 1, out: `error getting credentials - err: exit status 1, out: `keychain cannot be accessed because the current session does not allow user interaction. The keychain may be locked; unlock it by running "security -v unlock-keychain ~/Library/Keychains/login.keychain-db" and try again``
    
    View build details: docker-desktop://dashboard/build/desktop-linux/desktop-linux/jagw3o594yoyb7pkilbhva9xt
   

2. The phusion image gave an error on my Mac M2 processor. Is there a way to make it work on Apple Silicon? Here's the error message from docker compose up -d. (And see the next note)

   ... lines deleted ...
    => => exporting layers                                                                                                                                             0.8s
    => => writing image sha256:357e0f1188f0af06366d9028eb330f7911e1eb6c3e87a6f084011a60b4f31615                                                                        0.0s
    => => naming to docker.io/library/wvnr_img                                                                                                                         0.0s
    => [wvnr] resolving provenance for metadata file                                                                                                                   0.0s
   [+] Running 2/0
    ✔ Network wvnetflow-dockerized_default                                                                                                                Created      0.0s
    ⠋ Container wvnr_img                                                                                                                                  Starting     0.0s
    ! wvnr The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested              0.0s
   Error response from daemon: Mounts denied:
   The path /path/to/your/netflow is not shared from the host and is not known to Docker.
   You can configure shared paths from Docker -> Preferences... -> Resources -> File Sharing.
   See https://docs.docker.com/desktop/settings/mac/#file-sharing for more info.
   richb@Mac-mini2 wvnetflow-dockerized % docker compose up -d
   [+] Running 1/0
    ⠋ Container wvnr_img                                                                                                                                  Starting     0.1s
    ! wvnr The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested              0.0s
   Error response from daemon: Ports are not available: exposing port UDP 0.0.0.0:2055 -> 0.0.0.0:0: listen udp 0.0.0.0:2055: bind: address already in use
   

3. I realize that "back in the day", I just grabbed the phusion container since it was the first one that worked. I wonder if there's a newer version, or another "distro" that would work better.

4. The final error message above (about port 2055) is caused by using another Netflow collector (Intermapper) on that box. Once we solve the other problems, I'll move wvnetflow over to port 2056...

[sbarbett]

Hi @richb-hanover ! Thanks for replying.

1. The MAINTAINER instruction was replaced with LABEL, I believe.

2. Fair observation on the baseimage. phusion/baseimage:0.9.22 is amd64-based, so it probably won't work well with Apple's arm processors. I have an M1 I can try it out on. I'd probably use debian:bullseye-slim.

I'll take a stab at modernizing the Dockerfile and follow up here shortly.

[sbarbett]

@richb-hanover After some tinkering, I've discovered that, unfortunately, the wvnetflow software doesn't compile on ARM-based systems due to processor architecture differences and unresolved issues in the source code. It's designed for x86/x64 architectures, and adapting it to support ARM would require modifications to the upstream project.

While making it ARM-compatible could be an appealing endeavor - allowing it to run on devices like a Raspberry Pi - it would involve a significant amount of work, which I currently don't have the bandwidth to take on.

Do you have another device with an Intel or AMD CPU where you could try running it instead?

[richb-hanover]

Oh, the hoops we jump through to deploy useful software...

• It doesn't seem worth it for either of us to do the work to convert it to ARM. (And if that source code hasn't been touched for seven years, it doesn't see likely they would do it, either.)
• Would you adjust the Dockerfile &c to remove the MAINTAINER?
• And do you know if there's a newer version of that phusion image? (If it's from seven years ago, that'd be 16.04? yikes!)
• I do have an X86 box where I could test the system. I can give that a try.