[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


howtos:software:nfsen [2019/02/21 11:42 (UTC)] (current) – Rename from install_nfsen_on_slackware markand
Line 1: Line 1:
 +<!-- Add your text below. We strongly advise to start with a Headline (see button bar above). -->
 +====== Install nfdump/nfsen on Slackware ======
  
 +======Concepts you should know:======
 +A device is setup to constantly send out netflow information, it is not polled.
 +
 +A receiver listens for the netflow information 'streams' from devices and processes them.
 +
 +======How to install======
 +
 +**A) Install/configure Apache**
 +1) enable php
 +
 +
 +**B) Configure the Cisco router to send netflow**
 +
 +1) Login to the Cisco router:
 +
 +   # telnet <YOUR ROUTER IP>
 +   gw>enable
 +
 +
 +2) Configure the desired interface:
 +
 +   nm-gw# configure terminal
 +   nm-gw(config)# interface S0/0
 +   nm-gw(config)# ip route-cache flow
 +   nm-gw(config)# exit
 +
 +
 +3) Repeat for all interfaces you want.
 +
 +   nm-gw# configure terminal
 +   nm-gw(config)# interface F0/1
 +   nm-gw(config)# ip route-cache flow
 +   nm-gw(config)# exit   
 +
 +4) Set the flow destination and break long flows into 5 minute segments:
 +
 +   nm-gw# ip flow-export destination <YOUR NFSEN BOX IP> 9996 
 +   nm-gw# ip flow-export version 5
 +   nm-gw# ip flow-cache timeout active 5
 +
 +
 +5) Make the changes permanent:
 +
 +   nm-gw# snmp-server ifindex persist
 +   nm-gw# ^Z
 +   nm-gw# write mem
 +
 +
 +6) Verify that it works:
 +
 +   nm-gw# show ip flow export
 +   nm-gw# show ip cache flow
 +
 +
 +
 +**C) Install NFDUMP**
 +
 +1) Install nfdump.  MAKE SURE "--enable-nfprofile" is set during .configure.
 +
 +     At the time of this writing, there is a nfdump SBo pending approval. It has nfprofile enabled.
 +
 +
 +**D) Install NFSEN**
 +
 +1) Install RRDTool via SBo
 +
 +2) Install MailTools (Perl) via SBo
 +
 +3) Install Socket6 via CPAN
 +
 +     perl -MCPAN -e 'install Socket6'
 +
 +4) tar -svf nfsen-1.3.6p1.tar.gz
 +
 +5) cd nfsen-1.3.6p1
 +
 +6) Add nfsen dirs
 +
 +     mkdir /data
 +     mkdir /data/nfsen
 +
 +7) cp ./etc/nfsen-dist.conf /etc
 +
 +
 +8) Edit /etc/nfsen-dist.conf
 +
 +     FROM: $HTMLDIR    = "/var/www/nfsen/";
 +     TO:   $HTMLDIR    = "/var/www/htdocs/nfsen/";
 +     
 +     FROM: $USER    = "netflow";
 +     TO: $USER    = "apache";
 +     
 +     FROM: $WWWUSER  = "www";
 +     TO: $WWWUSER  = "apache";
 +     
 +     FROM: $WWWGROUP = "www";
 +     TO: $WWWGROUP = "apache";
 +     
 +     FROM: $PREFIX  = '/usr/local/bin';
 +     TO: $PREFIX = '/usr/bin/';
 +     
 +     FROM: 'upstream1'    => { 'port' => '9995', 'col' => '#0000ff', 'type' => 'netflow' },
 +     and
 +     FROM: 'peer1'        => { 'port' => '9996', 'IP' => '172.16.17.18' },
 +     TO: 'sitename' => { 'port' => '9995', 'col' => '#0000ff', 'type' => 'netflow' },
 +     and/or
 +     TO: 'sitename' => { 'port' => '9996', 'IP' => '172.16.17.18' },
 +     
 +     If you use the 'port only' version, each device will have to come in on it's own port.
 +     If you use the 'IP' version, all devices can come in on the same port.
 +     
 +     You can send all the flows in on one port and use filters to separate them.
 +
 +7) cd /data/nfsen/bin/nfsen start
 +
 +
 +
 +**If installed correctly, you should be able to open your web browser and see stuff**
 +
 +     http://<YOU NFESENBOX>/nfsen/nfsen.php
 +
 +
 +
 +
 +====== Sources ======
 +<!-- If you are copying information from another source, then specify that source -->
 +<!-- * Original source: [[http://some.website.org/some/page.html]] -->
 +<!-- Authors are allowed to give credit to themselves! -->
 +<!-- * Originally written by [[wiki:user:xxx | User X]] -->
 +<!-- * Contributions by [[wiki:user:yyy | User Y]] -->
 +
 +<!-- Please do not modify anything below, except adding new tags.-->
 +<!-- You must remove the tag-word "template" below before saving your new page -->
 +{{tag>howtos software nfsen nfdump network_monitoring needs_attention author_arfon}}
 howtos:software:nfsen ()