Install nfsen and plug-ins on centos
I recently used nfsen for Traffic Analysis and recorded some problems during the installation process.
First, the most typical problem is that nfsen cannot be started after the installation is complete. The following message is displayed:
Starting nfcapd :( route) open () error existing pid file: Permission denied
The same installation steps are normal on the other server. after a while, I did not find the reason (not perl -. -), and finally install nfsen in the apache user directory.
Installation requirement package
yum install -y httpd php wget gcc make rrdtool-devel rrdtool-perl perl-MailTools perl-Socket6 flex byacc perl php-mysql
Install nfdump
mkdir /root/soft/cd /root/soft/wget http://downloads.sourceforge.net/project/nfdump/stable/nfdump-1.6.11/nfdump-1.6.11.tar.gztar -zxvf nfdump-1.6.11.tar.gz cd nfdump-1.6.11./configure --enable-nfprofile --enable-nftrack --enable-sflow --with-rrdpath=/usr/bin/makemake install
Install nfsen
mkdir /var/www/netflowchown apache:apache /var/www/netflowcd /root/soft/wget http://iweb.dl.sourceforge.net/project/nfsen/stable/nfsen-1.3.6p1/nfsen-1.3.6p1.tar.gztar zxvf nfsen-1.3.6p1.tar.gz cd nfsen-1.3.6p1/
Cp etc/nfsen-dist.conf etc/nfsen. conf
Set the values in etc/nfsen. conf to the following values:
$BASEDIR = "/var/www/netflow"; $USER = "apache"; $WWWUSER = "apache"; $WWWGROUP = "apache"; %sources = ( upstream1' => { 'port' => '9995', 'col' => '#0000ff', 'type' => 'netflow' },);
Start installation:./install. pl etc/nfsen. conf
Start nfsen:/var/www/netflow/bin/nfsen start
Configure apche vi/etc/httpd/conf/httpd. conf
<VirtualHost *:80> ServerAdmin admin@example.com DocumentRoot /var/www/nfsen/ ServerName dummy-host.example.com</VirtualHost>
Start apache and access http: // ip/nfsen. php
Install the Nfsight plug-in
cd /root/softwget http://sourceforge.net/projects/nfsight/files/nfsight-beta-20130323.tgz/downloadtar zxvf download cd nfsight-beta-20130323/
cp backend/nfsight.pm /var/www/netflow/plugins/mkdir /var/www/netflow/plugins/nfsightchown -R apache:apache /var/www/netflow/plugins/nfsightmkdir /var/www/nfsen/nfsightcp -r frontend/ /var/www/nfsen/nfsight/chown -R apache:apache /var/www/nfsen/nfsight
If MySQL is not installed, install yum install mysql-server service mysqld start chkconfig mysqld on. Set the root password of mysql to root mysqladmin-uroot-p password 'root'. The default password is empty. Press enter.
Create a Mysql database Nfsight: mysql-u root-proot-e "create database nfsight ;"
Open your browser and visit the following address to start installing http: // ip/nfsight/installer. php.
On the Back-end settings page, set Path to data files to/var/www/netflow/plugins/nfsight.
Add the configuration file in the last step to the option corresponding to/var/www/netflow/etc/nfsen. conf.
@plugins = ([ '*', 'nfsight' ],);%PluginConf = (nfsight => { path => "/data/nfsen/plugins/nfsight", expiration => "180", network => { "10.2.1.0" => "24", "10.1.200.0" => "24", }, scanner_limit => "5", print_int_scanner => "1", print_ext_scanner => "1", print_int_client => "1", print_ext_client => "1", print_int_server => "1", print_ext_server => "1", print_int_invalid => "1", print_ext_invalid => "1", sql_host => "localhost", sql_port => "3306", sql_user => "nfsight", sql_pass => "nfsight", sql_db => "nfsight", },);
After the installation is complete, restart the service.
/Var/www/netflow/bin/nfsen stop/var/www/netflow/bin/nfsen start
Add scheduled task cronta-e 05 **** wget-no-check-certificate-q-O-http: // management: aggregate@127.0.0.1/nfsight/aggregate. php
Access http: // ip/nfsight
Install the PortTracker plug-in
Cd/root/soft/nfsen-1.3.6p1/contrib/PortTracker cp PortTracker. pm/var/www/netflow/plugins/cp PortTracker. php/var/www/nfsen/plugins/
You can create a directory path for storing PortTracker data in PortTracker. configure the PORTSDBDIR parameter in the pm configuration file vim/var/www/netflow/plugins/PortTracker. pm: Modify PORTSDBDIR to/var/www/netflow/ports-db/mkdir/var/www/netflow/ports-db/chown-R apache: apache/var/www/netflow/ports-db/chmod 775/var/www/netflow/ports-db/
Modify the Nfsen configuration file to add the plug-in information: vim/var/www/netflow/etc/nfsen. conf @ plugins = (# profile # module # ['*', 'demoplugin'], ['*', 'nfsight '], ['live ', 'porttracker'],);
Generate PortTracker data: nftrack-I-d/var/www/netflow/ports-db // If a VM cannot be connected or the system crashes, run the following command to generate sudo-u apache/usr/local/bin/nftrack-I-d/data/nfsen/ports-db/
Reload Nfsen:/var/www/netflow/bin/nfsen reload
Wait about 5 minutes to access the Nfsen interface and select Plugins to view the relevant information.
Install fprobe
Fprobe is used to route traffic to nfsen
yum install libpcap-develcd /root/softwget http://jaist.dl.sourceforge.net/project/fprobe/fprobe/1.1/fprobe-1.1.tar.bz2tar jxvf fprobe-1.1.tar.bz2cd fprobe-1.1./configuremakemake install
After the installation is complete, run the following command to import eth0 traffic to 192.168.1.121 fprobe-I eth0 192.168.1.121: 9996.
Installing HostStats plug-in
Hoststats can be used to display traffic conditions based on time.
Cd/root/softwget http://jaist.dl.sourceforge.net/project/hoststats/hoststats-1.1.5.tar.gztar zxvf hoststats-1.1.5.tar.gzcd hoststats-1.1.5. /install-libnfdump.shmkdir/var/www/hoststats. /configuremakemake install at this time, you will be prompted to confirm the installation path, enter/var/www/hoststatschwn apache: apache-R/var/www/hoststats start add to/etc/rc. local, start echo '/var/www/hoststats start'>/etc/rc. local
After the preceding steps are completed, wait a few minutes to view the interface on the plugins menu.
Install SURFmap
SURFmap can use google map to display ip connection information
yum install php-gd php-pdo sqlite php-mbstringservice httpd restartcd /root/softwarewget http://sourceforge.net/projects/surfmap/files/install.shchmod +x install.sh./install.sh
The program uses http://maps.google.com/maps by default. If you do not open a wall, you can change it to http://www.google.cn/maps/
cd /var/www/nfsen/plugins/SURFmapsed -i 's/maps.google.com/www.google.cn/g' `grep 'maps.google.com' -rl ./`
Restart nfsen. Wait a few minutes and check the page again./var/www/netflow/bin/nfsen reload.
Reference
http://www.haiyun.me/archives/netflow-nfsight-nfsen.htmlhttp://sourceforge.net/p/nfsight/wiki/Installation/http://steronius.blogspot.kr/2013/05/install-nfsight-plugin-for-nfsen-on.htmlhttp://blog.hackroad.com/operations-engineer/linux_server/3327.htmlhttp://www.shunze.info/forum/thread.php?threadid=1953&boardid=3&sid=aadc298e695d7f799db0b872563884b3&sid=aadc29