Nfsen
Jump to navigation
Jump to search
Description
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.
[fprobe] --> [nfcapd] --> [nfdump] --> [nfsen]
Installation
Prerequisites
$ sudo aptitude install rrdtool librrd-dev librrd4 librrds-perl librrdp-perl \ flex build-essential perl-byacc perl
Prior to installing nfsen, you also need to install following Perl dependencies:
$ sudo cpan cpan[1]> install Mail::Header cpan[2]> install Mail::Internet cpan[3]> exit
fprobe
$ sudo aptitude install fprobe
Once asked, choose your network interface (e.g. eth1) and the collector IP/port (localhost:9995)
nfdump
$ cd /data/src/ $ wget https://sourceforge.net/projects/nfdump/files/stable/nfdump-1.6.13/nfdump-1.6.13.tar.gz $ tar xzvf nfdump-1.6.13.tar.gz $ cd nfdump-1.6.13/ $ ./configure --prefix=/usr --enable-nfprofile $ make $ sudo make install
nfsen
$ cd /data/src/ $ wget https://sourceforge.net/projects/nfsen/files/stable/nfsen-1.3.7/nfsen-1.3.7.tar.gz $ tar xzvf nfsen-1.3.7.tar.gz $ cd nfsen-1.3.7/ $ cp etc/nfsen-dist.conf etc/nfsen.conf
Edit etc/nfsen.conf and modify according to your needs:
$BASEDIR = "/opt/nfsen";
$BINDIR="${BASEDIR}/bin";
$LIBEXECDIR="${BASEDIR}/libexec";
$CONFDIR="${BASEDIR}/etc";
$HTMLDIR = "/var/www/nfsen/";
$DOCDIR="${HTMLDIR}/doc";
$VARDIR="${BASEDIR}/var";
$PROFILESTATDIR="${BASEDIR}/profiles-stat";
$PROFILEDATADIR="${BASEDIR}/profiles-data";
$BACKEND_PLUGINDIR="${BASEDIR}/plugins";
$FRONTEND_PLUGINDIR="${HTMLDIR}/plugins";
$PREFIX = '/usr/bin';
$USER = "netflow";
$WWWUSER = "www-data";
$WWWGROUP = "www-data";
$BUFFLEN = 200000;
$SUBDIRLAYOUT = 1;
$ZIPcollected = 1;
$ZIPprofiles = 1;
$PROFILERS = 2;
$DISKLIMIT = 98;
$PROFILERS = 6;
%sources = (
'secbox' => { 'port' => '9995', 'col' => '#0000ff', 'type' => 'netflow' },
);
$low_water = 90;
$syslog_facility = 'local3';
@plugins = (
# profile # module
# [ '*', 'demoplugin' ],
);
%PluginConf = (
# For plugin demoplugin
demoplugin => {
# scalar
param2 => 42,
# hash
param1 => { 'key' => 'value' },
},
# for plugin otherplugin
otherplugin => [
# array
'mary had a little lamb'
],
);
$MAIL_FROM = '[email protected]';
$SMTP_SERVER = 'localhost';
$MAIL_BODY = q{
Alert '@alert@' triggered at timeslot @timeslot@
};
1;
Create netflow user (according to the conf file) for nfcapd:
$ sudo useradd -G www-data netflow $ id netflow uid=1003(netflow) gid=1003(netflow) groups=1003(netflow),33(www-data)
Install nfsen:
$ cd /data/src/nfsen-1.3.7/ $ sudo ./install.pl etc/nfsen.conf
Note
The script shows the following error at the end, don't worry! Create profile info for profile 'live'. Can not get semaphore: at libexec/Nfsync.pm line 48.
Configure nginx:
$ sudo aptitude install php5-fpm
Edit /etc/nginx/sites-available/default as follows:
server {
listen 80;
server_name localhost.local;
root /var/www;
index index.php index.html index.htm;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.users;
[...]
location /nfsen {
alias /var/www/nfsen/;
}
# pass the PHP scripts to FastCGI server listening on /var/run/php5-fpm.sock
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
[...]
}
Restart nginx and Start nfsen:
$ sudo systemctl restart nginx $ /opt/nfsen/bin/nfsen start
You can optionnaly create an automatic redirection as follows:
$ cd /var/www/nfsen/
$ cat index.php
<?php Header('Location: nfsen.php'); ?>
Start script
Create following script:
$ cat /usr/lib/systemd/system/nfsen.service [Unit] Description=Nfsen Netflow Sensor After=syslog.target network.target [Service] Type=forking ExecStart=/opt/nfsen/bin/nfsen start ExecStop=/opt/nfsen/bin/nfsen stop [Install] WantedBy=multi-user.target
Install:
$ sudo systemctl daemon-reload $ sudo systemctl enable nfsen.service
Start if not already started:
$ sudo systemctl start nfsen.service
Comments
Keywords: fprobe nfcapd nfdump nfsen netflow