標籤:
最近做流量分析,用了下nfsen,在安裝的過程中遇到些問題,記錄下來.
首先最典型的問題是,安裝完成後,nfsen無法啟動,提示:
Starting nfcapd:(route)open() error existing pid file: Permission denied
而同樣的安裝步驟,在另一台伺服器上是正常的.折騰了一段時間並未找到原因(不會perl -.-),最後是通過把nfsen安裝在apache的使用者目錄下解決.
安裝需求包
yum install -y httpd php wget gcc make rrdtool-devel rrdtool-perl perl-MailTools perl-Socket6 flex byacc perl php-mysql
安裝nfdump
mkdir /root/soft/cd /root/soft/wget http://downloads.sourceforge.net/project/nfdump/stable/nfdump-1.6.11/nfdump-1.6.11.tar.gztar -zxvf nfdump-1.6.11.tar.gz cd nfdump-1.6.11./configure --enable-nfprofile --enable-nftrack --enable-sflow --with-rrdpath=/usr/bin/makemake install
安裝nfsen
mkdir /var/www/netflowchown apache:apache /var/www/netflowcd /root/soft/wget http://iweb.dl.sourceforge.net/project/nfsen/stable/nfsen-1.3.6p1/nfsen-1.3.6p1.tar.gztar zxvf nfsen-1.3.6p1.tar.gz cd nfsen-1.3.6p1/
cp etc/nfsen-dist.conf etc/nfsen.conf
將etc/nfsen.conf中對應的值設定為如下值
$BASEDIR = "/var/www/netflow"; $USER = "apache"; $WWWUSER = "apache"; $WWWGROUP = "apache"; %sources = ( upstream1‘ => { ‘port‘ => ‘9995‘, ‘col‘ => ‘#0000ff‘, ‘type‘ => ‘netflow‘ },);
開始安裝:
./install.pl etc/nfsen.conf
啟動nfsen:
/var/www/netflow/bin/nfsen start
配置下apche
vi /etc/httpd/conf/httpd.conf
<VirtualHost *:80> ServerAdmin [email protected] DocumentRoot /var/www/nfsen/ ServerName dummy-host.example.com</VirtualHost>
啟動apache,並訪問http://ip/nfsen.php
把nfsen添加到/etc/init.d/
touch /etc/init.d/nfsen
chmod +x /etc/init.d/nfsen
vim /etc/init.d/nfsen
添加如下內容
#!/bin/bash## chkconfig: - 50 50# description: nfsenDAEMON=/var/www/netflow/bin/nfsencase "$1" in start) $DAEMON start ;; stop) $DAEMON stop ;; status) $DAEMON status ;; restart) $DAEMON stop sleep 1 $DAEMON start ;; *) echo "Usage: $0 {start|stop|status|restart}" exit 1 ;;esacexit 0
安裝Nfsight外掛程式
cd /root/softwget http://sourceforge.net/projects/nfsight/files/nfsight-beta-20130323.tgz/downloadtar zxvf download cd nfsight-beta-20130323/
cp backend/nfsight.pm /var/www/netflow/plugins/mkdir /var/www/netflow/plugins/nfsightchown -R apache:apache /var/www/netflow/plugins/nfsightmkdir /var/www/nfsen/nfsightcp -r frontend/ /var/www/nfsen/nfsight/chown -R apache:apache /var/www/nfsen/nfsight
如果沒有安裝mysql,先安裝
yum install mysql-server
service mysqld start
chkconfig mysqld on
設定下mysql的root密碼為root
mysqladmin -uroot -p password ‘root’
這裡預設密碼是空,斷行符號即可
建立Mysql資料庫Nfsight:
mysql -u root -proot -e “create database nfsight;”
開啟瀏覽器,訪問如下地址,開始安裝
http://ip/nfsight/installer.php
Back-end settings設定頁中Path to data files設定為如下:/var/www/netflow/plugins/nfsight
將最後一步的設定檔添加到/var/www/netflow/etc/nfsen.conf對應的選項下.
@plugins = ([ ‘*‘, ‘nfsight‘ ],);%PluginConf = (nfsight => { path => "/data/nfsen/plugins/nfsight", expiration => "180", network => { "10.2.1.0" => "24", "10.1.200.0" => "24", }, scanner_limit => "5", print_int_scanner => "1", print_ext_scanner => "1", print_int_client => "1", print_ext_client => "1", print_int_server => "1", print_ext_server => "1", print_int_invalid => "1", print_ext_invalid => "1", sql_host => "localhost", sql_port => "3306", sql_user => "nfsight", sql_pass => "nfsight", sql_db => "nfsight", },);
安裝完成後,重啟服務
/var/www/netflow/bin/nfsen stop
/var/www/netflow/bin/nfsen start
添加計劃任務
cronta -e
05 * * * * wget –no-check-certificate -q -O - http://management:[email protected]/nfsight/aggregate.php
訪問
http://ip/nfsight
安裝PortTracker外掛程式
cd /root/soft/nfsen-1.3.6p1/contrib/PortTracker
cp PortTracker.pm /var/www/netflow/plugins/
cp PortTracker.php /var/www/nfsen/plugins/
建立PortTracker資料存放目錄
目錄路徑可以在PortTracker.pm設定檔中的PORTSDBDIR參數配置
vim /var/www/netflow/plugins/PortTracker.pm
修改PORTSDBDIR參數為/var/www/netflow/ports-db/
mkdir /var/www/netflow/ports-db/
chown -R apache:apache /var/www/netflow/ports-db/
chmod 775 /var/www/netflow/ports-db/
修改Nfsen設定檔添加外掛程式資訊:
vim /var/www/netflow/etc/nfsen.conf
@plugins = (
# profile # module
# [ ‘*’, ‘demoplugin’ ],
[ ‘*’, ‘nfsight’ ],
[ ‘live’, ‘PortTracker’ ],
);
產生PortTracker資料:
nftrack -I -d /var/www/netflow/ports-db/
//如果是虛擬機器出現無法串連,系統垮掉的現象時,使用如下命令產生
sudo -u apache /usr/local/bin/nftrack -I -d /data/nfsen/ports-db/
重新載入Nfsen:
/var/www/netflow/bin/nfsen reload
等5分鐘左右訪問Nfsen介面選擇Plugins即可看到相應資訊
安裝fprobe
fprobe用於把流量導給nfsen
yum install libpcap-develcd /root/softwget http://jaist.dl.sourceforge.net/project/fprobe/fprobe/1.1/fprobe-1.1.tar.bz2tar jxvf fprobe-1.1.tar.bz2cd fprobe-1.1./configuremakemake install
安裝完成後,使用如下命令將eth0的流量匯入到192.168.1.121
fprobe -i eth0 192.168.1.121:9996
安裝HostStats外掛程式
用hoststats,可以根據時間來顯示流量狀況.
cd /root/softwget http://jaist.dl.sourceforge.net/project/hoststats/hoststats-1.1.5.tar.gztar zxvf hoststats-1.1.5.tar.gzcd hoststats-1.1.5./install-libnfdump.shmkdir /var/www/hoststats./configuremakemake install這個時候會提示要確認安裝路徑,輸入/var/www/hoststatschown apache:apache -R /var/www/hoststats啟動/var/www/hoststats/hoststats start添加到/etc/rc.local,開機啟動echo ‘/var/www/hoststats/hoststats start‘ >> /etc/rc.local
以上步驟完成後,稍等幾分鐘,即可在plugins菜單上看到介面.
安裝SURFmap
SURFmap可以通過google map來展示ip串連情況
yum install php-gd php-pdo sqlite php-mbstringservice httpd restartcd /root/softwarewget http://sourceforge.net/projects/surfmap/files/install.shchmod +x install.sh./install.sh
程式預設用http://maps.google.com/maps,不翻牆的話打不開,所以改成http://www.google.cn/maps/
cd /var/www/nfsen/plugins/SURFmapsed -i ‘s/maps.google.com/www.google.cn/g‘ `grep ‘maps.google.com‘ -rl ./`
重啟nfsen,稍等幾分鐘,再看介面.
/var/www/netflow/bin/nfsen reload
參考連結
http://www.haiyun.me/archives/netflow-nfsight-nfsen.htmlhttp://sourceforge.net/p/nfsight/wiki/Installation/http://steronius.blogspot.kr/2013/05/install-nfsight-plugin-for-nfsen-on.htmlhttp://blog.hackroad.com/operations-engineer/linux_server/3327.htmlhttp://www.shunze.info/forum/thread.php?threadid=1953&boardid=3&sid=aadc298e695d7f799db0b872563884b3&sid=aadc298e695d7f799db0b872563884b3
在centos上安裝nfsen及外掛程式