Agenda: exercises-netflow-nfsen.txt

File exercises-netflow-nfsen.txt, 3.0 KB (added by regnauld, 8 years ago)

Line
1	Network Management & Monitoring
2
3	NetFlow - NFSen - Exercise
4
5	0. If not already installed, install the following packages:
6
7	# apt-get install rrdtool
8	# apt-get install librrds-perl
9	# apt-get install librrdp-perl
10
11
12	1. Install nfdump
13
14	[Nfdump is the netflow flow collector]
15
16
17	# export INIT_VERBOSE=yes
18	# export VERBOSE=yes
19	# apt-get install nfdump
20
21	(the lines with VERBOSE are needed to work around a bug in the
22	package installation script)
23
24	---
25	Installed tools are :
26	nfcapd nfdump nfreplay nfexpire nftest nfgen
27	---
28
29
30	NFSen
31
32	1. Now get nfsen
33
34	$ wget http://freefr.dl.sourceforge.net/project/nfsen/stable/nfsen-1.3.5/nfsen-1.3.5.tar.gz
35
36	2. Setting up NfSen
37
38	$ tar -xzf nfsen-1.3.2.tar.gz
39	$ cd nfsen-1.3.2
40	$ cd etc
41	# cp nfsen-dist.conf nfsen.conf
42
43	Edit the nfsen.conf, and make the following changes:
44
45	- set the basedir variable
46
47	$BASEDIR = "/var/nfsen";
48
49	- set the path for the PREFIX where to find the nfdump tools:
50
51	# nfdump tools path
52	$PREFIX = '/usr/bin';
53
54	- set the users:
55
56	$USER = "netflow"
57	$WWWUSER = 'www-data';
58	$WWWGROUP = 'www-data';
59
60	- set the buffer size to something small, so we see data quickly
61
62	# Receive buffer size for nfcapd - see man page nfcapd(1)
63	$BUFFLEN = 2000;
64
65	- find the %sources definition, and change it to:
66
67	%sources = (
68	'rX' => { 'port' => '2002', 'col' => '#ff0000' },
69	);
70
71	(remember to replace 'X' with the number of your router)
72
73	- save the file, and exit.
74
75	3. Create a netflow user on the system.
76
77	# useradd -d /var/netflow -G www-data -m -s /bin/false netflow
78
79	4. Initiating nfsen
80
81	# cd ..
82	# perl install.pl etc/nfsen.conf
83
84	[press 'return' when asked where perl is located ]
85
86	5. Starting Nfsen
87
88	# cd /var/nfsen/bin
89	# ./nfsen start
90
91	(You can add the nfsen startup script to /etc/init.d/rc.local or somewhere similar to start it at bootup.)
92
93
94	6. Now we need to configure your router to export NetFlow flows.
95
96	Using the slides on NetFlow (slides 36 and following), configure
97	the IOS on your TLD router to export flows to your NOC, on port 2002
98	(as you configured in point 2.
99
100	Once you have done this, it will take some time for data to show up
101	in NFsen...
102
103	Watch your browser at http://pcX.mgmt/nfsen/nfsen.php
104
105	7. Add more sources:
106
107	Go back to where you extracted your nfsen distribution.
108
109	# cd nfsen-1.3.5
110	# vi etc/nfsen.conf
111
112	%sources = (
113	'rX' => { 'port' => '2002', 'col' => '#ff0000' },
114	'rY' => { 'port' => '2003', 'col' => '#ff0000' },
115	);
116
117	... where Y is the number of the router from one of your neighbors.
118
119	Save & close the file.
120
121	Now, ask your neighbor to add a NetFlow export destination -- by default
122	the IOS software supports 2 -- pointing at your NOC, on port 2003.
123
124	Once you have double checked with your neighbor that they have configured
125	netflow export, check with tcpdump on your NOC that you are seeing packets
126	on port 2003:
127
128	# tcpdump -n port 2003 and udp
129	...
130	^C
131
132
133	Finally, reconfigure and restart NFSen:
134
135	# perl install.pl etc/nfsen.conf
136
137	[press return when asked]
138
139	8. Start NFsen
140
141	# /var/nfsen/bin/nfsen stop
142	# /var/nfsen/bin/nfsen start
143
144	9. Check it out!
145
146	http://pcX.mgmt/nfsen/nfsen.php
147
148