Recently do flow analysis, with the next Nfsen, in the installation process encountered some problems, recorded.
First, the most typical problem is that after the installation is complete, Nfsen cannot start, prompting:
Starting NFCAPD: (route) open () error existing PID File:permission denied
The same installation steps are normal on another server. It took a while to find the reason (not Perl-.-), and finally it was solved by installing Nfsen in the Apache user directory.
Installation Requirements Package
-y httpd php wget gcc make rrdtool-devel rrdtool-perl perl-MailTools perl-Socket6 flex byacc perl php-mysql
Installing Nfdump
mkdir /root/soft/cd /root/soft/wget http://downloads.sourceforge.net/project/nfdump/stable/nfdump-1.6.11/nfdump-1.6.11.tar.gztar -zxvf nfdump-1.6.11.tar.gz cd nfdump-1.6.11./configure --enable-nfprofile --enable-nftrack --enable-sflow --with-rrdpath=/usr/bin/makemake install
Installing Nfsen
mkdir /var/www/netflowchown apache:apache /var/www/netflowcd /root/soft/wget http://iweb.dl.sourceforge.net/project/nfsen/stable/nfsen-1.3.6p1/nfsen-1.3.6p1.tar.gztar zxvf nfsen-1.3.6p1.tar.gz cd nfsen-1.3.6p1/
CP etc/nfsen-dist.conf etc/nfsen.conf
Set the corresponding value in etc/nfsen.conf to the following value
$BASEDIR = "/var/www/netflow";$USER = "Apache";$WWWUSER = "Apache";$WWWGROUP = "Apache";%Sources=(upstream1' = ' + {'Port' = '9995', 'Col' = '#0000Ff', 'type' = 'NetFlow'},);
To start the installation:
./install.pl etc/nfsen.conf
Start Nfsen:
/var/www/netflow/bin/nfsen start
Configuration under Apche
Vi/etc/httpd/conf/httpd.conf
<VirtualHost *:80> ServerAdmin [email protected] DocumentRoot /var/www/nfsen/ ServerName dummy-host.example.com</VirtualHost>
Launch Apache, and access http://ip/nfsen.php
Add Nfsen to/etc/init.d/
Touch/etc/init.d/nfsen
chmod +x/etc/init.d/nfsen
Vim/etc/init.d/nfsen
Add the following content
#!/bin/bash## chkconfig:-# Description:nfsenDaemon=/var/www/netflow/bin/nfsen Case "$" inchStart$DAEMONstart;; Stop$DAEMONstop;; Status$DAEMONstatus;; Restart$DAEMONStop sleep1 $DAEMONstart;; *)Echo "Usage: $ {start|stop|status|restart}" Exit 1;;EsacExit 0
Installing the Nfsight Plugin
cd /root/softwget http://sourceforge.net/projects/nfsight/files/nfsight-beta-20130323.tgz/downloadtar zxvf download cd nfsight-beta-20130323/
cp backend/nfsight.pm /var/www/netflow/plugins/mkdir /var-R apache:apache /var/www/netflow/plugins/nfsightmkdir /var-r frontend/ /var/www/nfsen/nfsight/-R apache:apache /var/www/nfsen/nfsight
If MySQL is not installed, first install
Yum Install Mysql-server
Service mysqld Start
Chkconfig mysqld on
Set the root password of MySQL to root
mysqladmin-uroot-p password ' root '
Here the default password is empty, enter can be
New MySQL database nfsight:
Mysql-u root-proot-e "CREATE Database nfsight;"
Open the browser, access the following address, start the installation
http://ip/nfsight/installer.php
Back-end settings设置页中Path to data files设置为如下:/var/www/netflow/plugins/nfsight
Add the last step of the configuration file to the/var/www/netflow/etc/nfsen.conf corresponding option.
@plugins= ([' * ',' Nfsight '],);%pluginconf = (nfsight={Path= "/data/nfsen/plugins/nfsight", expiration= " the", network={"10.2.1.0"= " the","10.1.200.0"= " the",}, Scanner_limit= "5", Print_int_scanner= "1", Print_ext_scanner= "1", print_int_client= "1", print_ext_client= "1", Print_int_server= "1", Print_ext_server= "1", Print_int_invalid= "1", Print_ext_invalid= "1", Sql_host= "localhost", Sql_port= "3306", Sql_user= "Nfsight", Sql_pass= "Nfsight", sql_db= "Nfsight", },);
After the installation is complete, restart the service
/var/www/netflow/bin/nfsen stop
/var/www/netflow/bin/nfsen start
Add a Scheduled task
Cronta-e
* * * * * wget–no-check-certificate-q-o-http://management:[email protected]/nfsight/aggregate.php
Access
Http://ip/nfsight
Installing the PortTracker Plugin
Cd/root/soft/nfsen-1.3.6p1/contrib/porttracker
CP porttracker.pm/var/www/netflow/plugins/
CP porttracker.php/var/www/nfsen/plugins/
Create a PortTracker data storage directory
The directory path can be configured in the Portsdbdir parameter in the PORTTRACKER.PM configuration file
vim/var/www/netflow/plugins/porttracker.pm
Modify the Portsdbdir parameter to/var/www/netflow/ports-db/
mkdir/var/www/netflow/ports-db/
Chown-r apache:apache/var/www/netflow/ports-db/
chmod 775/var/www/netflow/ports-db/
To modify the Nfsen configuration file add plug-in information:
Vim/var/www/netflow/etc/nfsen.conf
@plugins = (
# profile # Module
# [' * ', ' demoplugin '],
[' * ', ' nfsight '],
[' Live ', ' PortTracker '],
);
Generate PortTracker Data:
Nftrack-i-d/var/www/netflow/ports-db/
If the virtual machine fails to connect and the system collapses, use the following command to generate
Sudo-u apache/usr/local/bin/nftrack-i-d/data/nfsen/ports-db/
Reload Nfsen:
/var/www/netflow/bin/nfsen Reload
Wait 5 minutes or so to access the Nfsen interface Select plugins can see the corresponding information
Installing Fprobe
The fprobe is used to guide the flow to the Nfsen
yum install libpcap-develcd /root/softwget http://jaist.dl.sourceforge.net/project/fprobe/fprobe/1.1/fprobe-1.1.tar.bz2tar jxvf fprobe-1.1.tar.bz2cd fprobe-1.1./configuremakemake install
After the installation is complete, use the following command to import the eth0 traffic to the 192.168.1.121
Fprobe-i eth0 192.168.1.121:9996
Installed Hoststats plug-in
With Hoststats, the flow status can be displayed according to the time.
Cd/root/softwget http://jaist.dl.sourceforge.net/project/hoststats/hoststats-1.1.5.tar.gzTar zxvf hoststats-1.1. 5.Tar.GZCD Hoststats-1.1. 5./install-libnfdump.Shmkdir/var/www/hoststats./configuremakemake install this time will prompt to confirm the installation path, enter/var/www/hoststatschown Apache:apache- R/var/www/hoststats Start/var/www/hoststats/hoststats start Add to/ETC/RC.Local, boot up the Echo'/var/www/hoststats/hoststats start ' >>/etc/rc.Local
When the above steps are complete, wait a few minutes to see the interface on the Plugins menu.
Installing Surfmap
Surfmap can show IP connectivity via Google Maps
install php-gd php-pdo sqlite php-mbstringservice httpd restartcd /root/softwarewget http://sourceforge.net/projects/surfmap/files/installinstall.sh./install.sh
The program by default with Http://maps.google.com/maps, do not turn over the wall words cannot open, so change into http://www.google.cn/maps/
‘s/maps.google.com/www.google.cn/g‘`grep ‘maps.google.com‘ -rl ./`
Restart Nfsen, wait a few minutes, then look at the interface.
/var/www/netflow/bin/nfsen Reload
Reference links
http://www.haiyun.me/archives/netflow-nfsight-nfsen.htmlhttp://sourceforge.net/p/nfsight/wiki/Installation/http://steronius.blogspot.kr/2013/05/install-nfsight-plugin-for-nfsen-on.htmlhttp://blog.hackroad.com/operations-engineer/linux_server/3327.htmlhttp://www.shunze.info/forum/thread.php?threadid=1953&boardid=3&sid=aadc298e695d7f799db0b872563884b3&sid=aadc298e695d7f799db0b872563884b3
Installing Nfsen and plugins on CentOS