Install NFSEN (Centos 6 & Fedora 20)
Found myself having to do this a few times now and it usually ends up being quite messy in the end so some nice clean instructions from a real sysadmin. All credit goes to @gowmonster. I've tested this guide against Fedora 20 and Centos 6. This guide follows Centos 6 but the commands are more or less the same.
NFSEN is an awesome (and opensource!) netflow collector supporting various versions of netflow, sflow and recently ipfix. It can also make the start of a DDOS mitigation system :D
Install the required packages:
yum install httpd php perl perl-TimeDate perl-Pod-Escapes perl-Pod-Simple perl-Test-Pod perl-MailTools libdbi lua mysql-server net-snmp-utils perl-rrdtool gcc make flex rrdtool-devel byacc perl-Socket6
Download the latest sources for NFSEN and NFDUMP into the same directory e.g /tmp. Now lets extract and install nfdump
tar -zxvf nfdump-1.6.11.tar.gz
tar -zxvf nfsen-1.3.6p1.tar.gz
mv nfdump-1.6.11 /usr/local/src/
mv nfsen-1.3.6p1 /usr/local/src/
cd /usr/local/src/nfdump-1.6.11/
./configure --enable-nfprofile
make
make install
make clean
Now to setup and install NFSEN (this is just an example config file)
cd ../nfsen-1.3.6p1/
cat > etc/nfsen.conf << EOF
# Example Config file!
$BASEDIR = "/usr/local/nfsen";
$BINDIR="${BASEDIR}/bin";
$LIBEXECDIR="${BASEDIR}/libexec";
$CONFDIR="${BASEDIR}/etc";
$HTMLDIR = "/var/www/nfsen/";
$DOCDIR="${HTMLDIR}/doc";
$VARDIR="${BASEDIR}/var";
$PROFILESTATDIR="${BASEDIR}/profiles-stat";
$PROFILEDATADIR="${BASEDIR}/profiles-data";
$BACKEND_PLUGINDIR="${BASEDIR}/plugins";
$FRONTEND_PLUGINDIR="${HTMLDIR}/plugins";
$PREFIX = '/usr/local/bin'; $USER = "apache";
$WWWUSER = "apache";
$WWWGROUP = "apache";
$EXTENSIONS = 'all';
$SUBDIRLAYOUT = 1;
$ZIPcollected = 1;
$ZIPprofiles = 1;
$PROFILERS = 2;
$DISKLIMIT = 98;
$PROFILERS = 6;
# Exporters are defined here. Name is what will be displayed in NFSEN
%sources = (
'ASA1.m00nie.com' => { 'port' => '9992', 'col' => '#000000', 'type' => 'netflow' },
'6513.m00nie.com' => { 'port' => '9993', 'col' => '#000000', 'type' => 'netflow' },
);
$low_water = 90;
$syslog_facility = 'local3';
@plugins = (
);
%PluginConf = (
demoplugin => {
param2 => 42,
param1 => { 'key' => 'value' },
},
otherplugin => [
'mary had a little lamb'
],
);
$MAIL_FROM = 'your@from.example.net';
$SMTP_SERVER = 'localhost';
$MAIL_BODY = q{
Alert '@alert@' triggered at timeslot @timeslot@
};
1;
EOF
mkdir /var/www/nfsen/
./install.pl etc/nfsen.conf</blockquote>
Setup httpd:
/sbin/chkconfig httpd on
vi /etc/httpd/conf/httpd.conf
below line Alias /error/ "/var/www/error/" add
Alias /nfsen/ "/var/www/nfsen/"
Save the file & service httpd start
Now to make an init script so we can auto start NFSEN on boot etc.
cat > /etc/init.d/nfsen <<EOF
#!/bin/bash
#
# chkconfig: - 50 50
# description: nfsen
DAEMON=/usr/local/nfsen/bin/nfsen
case "$1" in
start)
$DAEMON start
;;
stop)
$DAEMON stop
;;
status)
$DAEMON status
;;
restart)
$DAEMON stop
sleep 1
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|status|restart}"
exit 1
;;
esac
exit 0
EOF
Make our init script executable, configure to start on boot and start the service now :)
chmod 755 /etc/init.d/nfsen
chkconfig nfsen on
service nfsen start
Send it some flows on the ports you configured then browse to http://myserver/nfsen, job done hopefully. Just remember it make take some time to populate depending on how often your exporter sends templates.
m00nie