(2016-12-02)
Problem
How do I get nfsen 1.3.6p1 running on Fedora Server 25?
Disclaimer
Works for me, your milage may vary, some cars not for use with some sets, if this doesn't work then the only thing I'll do for you is feel bad for you on a best-effort basis, yadda yadda…
Solution
Prerequisites:
# dnf groupinstall 'web server'
# dnf install nfdump libpcap-devel perl-Sys-Syslog rrdtool-perl.x86_64 perl-IPC-SysV perl-MailTools perl-Socket6.x86_64
Get, build and install
fprobe.
Set up symlinks that nfsen wants:
# ln -s /usr/bin/nfcapd /usr/local/bin
# ln -s `which nfdump` /usr/local/bin
# ln -s `which nfprofile` /usr/local/bin
Set up the user account for nfsen:
# sudo useradd -G apache -d /var/lib/netflow netflow
# sudo chown netflow:apache ~netflow
# sudo chmod 750 ~netflow
Set a timezone in /etc/php.ini, the line will look something like
date.timezone = 'America/New_York'
Configure httpd:
- create the file /etc/httpd/conf.d/nfsen.conf:
Alias /nfsen /var/www/nfsen
<Directory /var/www/nfsen/>
DirectoryIndex nfsen.php
Options -Indexes
AllowOverride all
order allow,deny
allow from all
AuthType Basic
AuthUserFile /etc/httpd/conf/htpasswd.nfsen
AuthName "Access"
require valid-user
AddType application/x-httpd-php .php
php_flag magic_quotes_gpc on
php_flag track_vars on
</Directory>
Create the htpasswd.nfsen file:
# htpasswd -c /etc/httpd/conf/htpasswd.nfsen nfsen
Get
nfsen.
Configure nfsen.conf:
- $BASEDIR (I change it to live in /var/lib/netflow/nfsen-1.3 so that if I ever have multiple versions I can keep them separate)
- $WWWUSER/$WWWGROUP (change both to apache)
- %sources (remove the two samples, add your flow(s)); example to match the fprobe example above:
%sources = ( 'ns25-lan' => { 'port' => '999', 'col' => '#0000ff', 'type' => 'netflow' }, );
Edit the nfsen-provided file
libexec/NfSenRRD.pm:
- on line 76, change the $rrd_version from 1.5 to 1.6
Install nfsen:
# install.pl <your-nfsen.conf-file>
Make nfsen start at boot time:
Create /etc/systemd/system/nfsen.service:
[Unit]
Description=NfSen Service
After=network.target[Service]
Type=forking
PIDFile=/var/lib/netflow/nfsen-1.3/var/run/nfsend.pid
ExecStart=/var/lib/netflow/nfsen-1.3/bin/nfsen start
ExecStop=/var/lib/netflow/nfsen-1.3/bin/nfsen stop
Restart=on-abort[Install]
WantedBy=multi-user.target
...and enable it:
Set httpd to start at boot time:
Start httpd:
Start nfsen:
Note that for me it spits out a whole barf-load of perl warnings, but it still appears to work.
Start fprobe (making sure it is aimed at the right port):
# /usr/local/sbin/fprobe -fip -i eno1 -e 120 -q 10240 127.0.0.1:9999
...you should see something in 5 or 10 minutes.
More advanced
Create a /usr/local/sbin/start-fprobe script:
(Note: you may need to install vconfig if you are going to mess with vlans in this way!)
#!/bin/bash
# Note that destination ports have to match what is in ~netflow/nfsen/etc/nfsen.conf
INTER=ens224
HOME=nfsen3.gridwayit.local
ifup $INTER
vconfig add $INTER 57
ifconfig $INTER.57 up
/usr/local/sbin/fprobe -f"ip" -i $INTER.57 -e 120 -q 10240 $HOME:992
vconfig add $INTER 60
ifconfig $INTER.60 up
/usr/local/sbin/fprobe -f"ip" -i $INTER.60 -e 120 -q 10240 $HOME:991
...make it executable:
# chmod 744 /usr/local/sbin/start-fprobe
Create /etc/systemd/system/fprobe.service:
[Unit]
Description=fprobe
After=network-online.target
Wants=network-online.target[Service]
Type=forking
ExecStart=/usr/local/sbin/start-fprobe[Install]
WantedBy=multi-user.target
...and enable and start it:
# systemctl enable fprobe
# systemctl start fprobe