-- Rishi: Installation Instructions --

:: Requirements:
    - Python 2.4
    - Python Psyco (available at http://psyco.sourceforge.net/)
    - MySQLdb
    - JPGraph
    - proctitle (not required, but must be commented if it is not used)
	- http://rpm.pbone.net/index.php3/stat/3/srodzaj/2/search/python-proctitle-0.0.2-6.src.rpm
	- comment the import in line 44
	- comment line 639
:: At least one is needed:
    - pcapy (available at http://oss.coresecurity.com/projects/pcapy.html)
    - ngrep
    - pypcap (available at http://code.google.com/p/pypcap/source/checkout) - recommended

:: Installation:
    - download latest rishi tar
    - create new directory (e.g. rishi)
    - copy rishi tar to newly created directory
    - extract the tar
    - insert rishi table layout in MySQL database

    - change the rishi_main.conf file to fit your needs
        - set the correct network interface for rishi to listen on
	- set mysql server ip
        - set mysql username and password
        - set mysql table (default: rishi_storage)

    - start the software with "./rishi start"
    - stop the software with "./rishi stop"
    - restart the software with "./rishi restart"

:: No MySQL Logging
    - if you do not wish to use mysql, comment all "mysql"-stuff in core/worker_class.py

:: Website
    - edit connect.inc.php to fit your MySQL Server settings
    - edit jpgraph.php (e.g. /usr/share/jpgraph/jpgraph.php) and add following line if not already there:
	FF_ARIAL =>   array(FS_NORMAL=>'arial.ttf',   FS_BOLD=>'arialbd.ttf',   FS_ITALIC=>'ariali.ttf',   FS_BOLDITALIC=>'arialbi.ttf' ) ,
    - copy arial*.ttf from web directory to:
	/usr/X11R6/lib/X11/fonts/truetype/
	/usr/share/fonts/truetype/
    - this depends on which TTF directory is defined in your jpgraph.php

:: Logging
    - all logging information are stored in the "logs" directory

    - rishi.log
        - contains general information, errors, and alive messages of the threads
    - stdout.log
        - contains stripped information about all logged IRC connections
    - suspicious.log
        - contains more detailed information about all logged IRC connections
    - bots.log
        - contains information about all logged IRC connections with a final score greater or equal than the threshold
    - collector.log
        - contains information about the collector threads
    - worker.log
        - contains information and errors of the worker threads, as well as unmatched IRC traffic
    - botqueue.log
        - contains error information about the botqueue

:: Parameters
    - rishi can be executed with -a parameter to analyse a given file
        - each line of the file is considered an IRC nickname and will be checked against the analysis function
        - creates two new logfiles: detected.log and analysis.log

    - rishi can be executed with -u parameter to update the regular expressions