Network Management Workshop
NFSen

0. If not already installed, install the following packages:

# apt-get install rrdtool
# apt-get install librrds-perl
# apt-get install librrdp-perl


1. Install nfdump

[Nfdump is the netflow flow collector]


# export INIT_VERBOSE=yes
# export VERBOSE=yes
# apt-get install nfdump 

	(the lines with VERBOSE are needed to work around a bug in the
	package installation script)

---
Installed tools are :
nfcapd nfdump nfreplay nfexpire nftest nfgen
---


NFSen

1. Now get nfsen

$ wget http://freefr.dl.sourceforge.net/project/nfsen/stable/nfsen-1.3.2/nfsen-1.3.2.tar.gz

2. Setting up NfSen

$ tar -xzf nfsen-1.3.2.tar.gz
$ cd nfsen-1.3.2
$ cd etc
# cp nfsen-dist.conf nfsen.conf

Edit the nfsen.conf, and make the following changes:

- set the basedir variable

$BASEDIR = "/var/nfsen";

- set the users:

$USER = "netflow"
$WWWUSER = 'www-data';
$WWWGROUP = 'www-data';

- set the buffer size to something small, so we see data quickly

# Receive buffer size for nfcapd - see man page nfcapd(1)
$BUFFLEN = 2000;

- find the %sources definition, and change it to:

%sources = (
	'bb-gw'        => { 'port'    => '2222', 'col' => '#ff0000' },
	'pc1-5-gw'     => { 'port'    => '2223', 'col' => '#00ff00' },
	'pc6-10-gw'    => { 'port'    => '2224', 'col' => '#0000ff' },
	'pc11-15-gw'   => { 'port'    => '2225', 'col' => '#ffff00' },
);

- set the path for the PREFIX where to find the nfdump tools:

# nfdump tools path
$PREFIX = '/usr/bin';

- save the file, and exit.

3. Create a netflow user on the system. 

# useradd -d /var/netflow -G www-data -m -s /bin/false netflow

4. Initiating nfsen

# cd ..
# perl install.pl etc/nfsen.conf

[press 'return' when asked where perl is located ]

5. Starting Nfsen

# cd /var/nfsen/bin
# ./nfsen start

(You can add the nfsen startup script to /etc/init.d/rc.local or somewhere similar to start it at bootup.)

Watch your browser at http://localhost/nfsen/nfsen.php

6. Add more sources:

Go back to where you extracted your nfsen distribution.

# cd nfsen-1.3
# vi etc/nfsen.conf

%sources = (
'mgmtgw' => { 'port' => '2254', 'col' => '#0000ff' },
'lan1gw' => { 'port' => '2201','col' => '#00cc00' },
'lan3gw' => { 'port' => '2203','col' => '#000000' },
'lan4gw' => { 'port' => '2204','col' => '#ff0000' },
'nocgw' => { 'port' => '2205','col' => '#ffff00' },
);

Save & close.

# perl install.pl etc/nfsen.conf

[press return when asked]

7. Start NFsen

# /var/nfsen/bin/nfsen stop
# /var/nfsen/bin/nfsen start

8. Check it out!

http://localhost/nfsen/nfsen.php