Install NFSEN (Centos 6 & Fedora 20)

Install NFSEN (Centos 6 & Fedora 20)

Found myself having to do this a few times now and it usually ends up being quite messy in the end so some nice clean instructions from a real sysadmin. All credit goes to @gowmonster. I've tested this guide against Fedora 20 and Centos 6. This guide follows Centos 6 but the commands are more or less the same.

NFSEN is an awesome (and opensource!) netflow collector supporting various versions of netflow, sflow and recently ipfix. It can also make the start of a DDOS mitigation system :D

Install the required packages:

yum install httpd php perl perl-TimeDate perl-Pod-Escapes perl-Pod-Simple perl-Test-Pod perl-MailTools libdbi lua mysql-server net-snmp-utils perl-rrdtool gcc make flex rrdtool-devel byacc perl-Socket6

Download the latest sources for NFSEN and NFDUMP into the same directory e.g /tmp. Now lets extract and install nfdump

tar -zxvf nfdump-1.6.11.tar.gz
tar -zxvf nfsen-1.3.6p1.tar.gz

mv nfdump-1.6.11 /usr/local/src/
mv nfsen-1.3.6p1 /usr/local/src/

cd /usr/local/src/nfdump-1.6.11/
./configure --enable-nfprofile
make
make install
make clean

Now to setup and install NFSEN (this is just an example config file)

cd ../nfsen-1.3.6p1/
cat > etc/nfsen.conf << EOF
# Example Config file!
$BASEDIR = "/usr/local/nfsen";
$BINDIR="${BASEDIR}/bin";
$LIBEXECDIR="${BASEDIR}/libexec";
$CONFDIR="${BASEDIR}/etc";
$HTMLDIR = "/var/www/nfsen/";
$DOCDIR="${HTMLDIR}/doc";
$VARDIR="${BASEDIR}/var";
$PROFILESTATDIR="${BASEDIR}/profiles-stat";
$PROFILEDATADIR="${BASEDIR}/profiles-data";
$BACKEND_PLUGINDIR="${BASEDIR}/plugins";
$FRONTEND_PLUGINDIR="${HTMLDIR}/plugins";
$PREFIX = '/usr/local/bin'; $USER = "apache";
$WWWUSER = "apache";
$WWWGROUP = "apache";
$EXTENSIONS = 'all';
$SUBDIRLAYOUT = 1;
$ZIPcollected = 1;
$ZIPprofiles = 1;
$PROFILERS = 2;
$DISKLIMIT = 98;
$PROFILERS = 6;

# Exporters are defined here. Name is what will be displayed in NFSEN
%sources = (

'ASA1.m00nie.com' => { 'port' => '9992', 'col' => '#000000', 'type' => 'netflow' },
'6513.m00nie.com' => { 'port' => '9993', 'col' => '#000000', 'type' => 'netflow' },
);

$low_water = 90;
$syslog_facility = 'local3';
@plugins = (
);
%PluginConf = (
demoplugin => {
param2 => 42,
param1 => { 'key' => 'value' },
},
otherplugin => [
'mary had a little lamb'
],
);
$MAIL_FROM = 'your@from.example.net';
$SMTP_SERVER = 'localhost';
$MAIL_BODY = q{
Alert '@alert@' triggered at timeslot @timeslot@
};
1;
EOF

mkdir /var/www/nfsen/
./install.pl etc/nfsen.conf</blockquote>

Setup httpd:

/sbin/chkconfig httpd on

vi /etc/httpd/conf/httpd.conf

below line Alias /error/ "/var/www/error/" add

Alias /nfsen/ "/var/www/nfsen/"

Save the file & service httpd start

Now to make an init script so we can auto start NFSEN on boot etc.

cat > /etc/init.d/nfsen <<EOF
#!/bin/bash
#
# chkconfig: - 50 50
# description: nfsen
DAEMON=/usr/local/nfsen/bin/nfsen

case "$1" in
start)
$DAEMON start
;;
stop)
$DAEMON stop
;;
status)
$DAEMON status
;;
restart)
$DAEMON stop
sleep 1
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|status|restart}"
exit 1
;;
esac

exit 0
EOF

Make our init script executable, configure to start on boot and start the service now :)

chmod 755 /etc/init.d/nfsen
chkconfig nfsen on
service nfsen start

Send it some flows on the ports you configured then browse to http://myserver/nfsen, job done hopefully. Just remember it make take some time to populate depending on how often your exporter sends templates.

m00nie