| 1 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> | 
|---|
| 2 | <html xmlns="http://www.w3.org/1999/xhtml"> | 
|---|
| 3 | <head> | 
|---|
| 4 | <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> | 
|---|
| 5 | <meta http-equiv="Content-Style-Type" content="text/css" /> | 
|---|
| 6 | <meta name="generator" content="pandoc" /> | 
|---|
| 7 | <title></title> | 
|---|
| 8 | <style type="text/css">code{white-space: pre;}</style> | 
|---|
| 9 | <link rel="stylesheet" href="http://noc.ws.nsrc.org/configs/css/style.css" type="text/css" /> | 
|---|
| 10 | </head> | 
|---|
| 11 | <body> | 
|---|
| 12 | <div id="TOC"> | 
|---|
| 13 | <ul> | 
|---|
| 14 | <li><a href="#optional-tasks"><span class="toc-section-number">1</span> Optional Tasks</a><ul> | 
|---|
| 15 | <li><a href="#installing-the-porttracker-plugin-optional-or-as-reference"><span class="toc-section-number">1.1</span> Installing the PortTracker plugin (Optional or as reference)</a></li> | 
|---|
| 16 | <li><a href="#troubleshooting"><span class="toc-section-number">1.2</span> Troubleshooting</a></li> | 
|---|
| 17 | </ul></li> | 
|---|
| 18 | </ul> | 
|---|
| 19 | </div> | 
|---|
| 20 | <p>NetFlow - PortTracker Exercises</p> | 
|---|
| 21 | <h1 id="optional-tasks"><a href="#optional-tasks"><span class="header-section-number">1</span> Optional Tasks</a></h1> | 
|---|
| 22 | <h2 id="installing-the-porttracker-plugin-optional-or-as-reference"><a href="#installing-the-porttracker-plugin-optional-or-as-reference"><span class="header-section-number">1.1</span> Installing the PortTracker plugin (Optional or as reference)</a></h2> | 
|---|
| 23 | <p>This exercise assumes you already built nfdump from source with options <code>--enable-nfprofile</code> and <code>--enable-nftrack</code>, with nftrack installed under /usr/local/bin. If not, see exercise2-install-nfdump-nfsen.</p> | 
|---|
| 24 | <ul> | 
|---|
| 25 | <li>Make a directory for the nftrack data</li> | 
|---|
| 26 | </ul> | 
|---|
| 27 | <pre><code>$ sudo mkdir /var/ports-db | 
|---|
| 28 | $ sudo chown netflow /var/ports-db</code></pre> | 
|---|
| 29 | <ul> | 
|---|
| 30 | <li>Set the nftrack data directory in the PortTracker.pm module (which is under the nfsen source)</li> | 
|---|
| 31 | </ul> | 
|---|
| 32 | <pre><code>$ cd | 
|---|
| 33 | $ cd nfsen-1.3.6p1/contrib/PortTracker | 
|---|
| 34 | $ editor PortTracker.pm | 
|---|
| 35 |  | 
|---|
| 36 | Find the line: | 
|---|
| 37 |  | 
|---|
| 38 | my $PORTSDBDIR = "/data/ports-db"; | 
|---|
| 39 |  | 
|---|
| 40 | and change it to: | 
|---|
| 41 |  | 
|---|
| 42 | my $PORTSDBDIR = "/var/ports-db";</code></pre> | 
|---|
| 43 | <p>Save and exit from the file.</p> | 
|---|
| 44 | <ul> | 
|---|
| 45 | <li>Install the plugin into the NFSen distribution</li> | 
|---|
| 46 | </ul> | 
|---|
| 47 | <pre><code>$ sudo cp PortTracker.pm /var/nfsen/plugins/ | 
|---|
| 48 | $ sudo cp PortTracker.php /var/www/nfsen/plugins/</code></pre> | 
|---|
| 49 | <ul> | 
|---|
| 50 | <li>Add the plugin definition to the nfsen.conf configuration</li> | 
|---|
| 51 | </ul> | 
|---|
| 52 | <pre><code>$ cd /var/nfsen/etc | 
|---|
| 53 | $ sudo editor nfsen.conf</code></pre> | 
|---|
| 54 | <ul> | 
|---|
| 55 | <li>Find the plugins section and make it look like this:</li> | 
|---|
| 56 | </ul> | 
|---|
| 57 | <pre><code>@plugins = ( | 
|---|
| 58 | [ 'live', 'PortTracker'], | 
|---|
| 59 | ); </code></pre> | 
|---|
| 60 | <p>Save and exit from the file.</p> | 
|---|
| 61 | <ul> | 
|---|
| 62 | <li>Initialize the PortTracker database files</li> | 
|---|
| 63 | </ul> | 
|---|
| 64 | <pre><code>$ sudo -u netflow nftrack -I -d /var/ports-db</code></pre> | 
|---|
| 65 | <p>(This can take a LONG time! - 8 GB worth of files will be created)</p> | 
|---|
| 66 | <ul> | 
|---|
| 67 | <li>Set the permissions so the netflow user running nfsen, and the www-data user running the Web interface, can access the porttracker data.</li> | 
|---|
| 68 | </ul> | 
|---|
| 69 | <pre><code>$ sudo chown -R netflow:www-data /var/ports-db | 
|---|
| 70 | $ sudo chmod 775 /var/ports-db | 
|---|
| 71 | $ sudo chmod 664 /var/ports-db/*</code></pre> | 
|---|
| 72 | <ul> | 
|---|
| 73 | <li>Restart NfSen</li> | 
|---|
| 74 | </ul> | 
|---|
| 75 | <pre><code>$ sudo service nfsen reload</code></pre> | 
|---|
| 76 | <ul> | 
|---|
| 77 | <li>Check for success:</li> | 
|---|
| 78 | </ul> | 
|---|
| 79 | <pre><code>$ grep -i 'porttracker.*success' /var/log/syslog | 
|---|
| 80 | Oct 12 13:19:35 pc1 nfsen[28005]: Loading plugin 'PortTracker': Success | 
|---|
| 81 | Oct 12 13:19:35 pc1 nfsen[28005]: Initializing plugin 'PortTracker': Success</code></pre> | 
|---|
| 82 | <ul> | 
|---|
| 83 | <li>Wait some minutes, and go the the nfsen GUI</li> | 
|---|
| 84 | </ul> | 
|---|
| 85 | <pre><code>http://pcX.ws.nsrc.org/nfsen/nfsen.php</code></pre> | 
|---|
| 86 | <p>... and select the Plugins tab.</p> | 
|---|
| 87 | <blockquote> | 
|---|
| 88 | <p>You may get an error that "No plugins available!": if so, quit and re-start your browser.</p> | 
|---|
| 89 | <p>You may get "Error reading stat". You will need to wait a few minutes before NfSen will begin to show the graphs.</p> | 
|---|
| 90 | </blockquote> | 
|---|
| 91 | <p>At this point you are done. Congratulations!</p> | 
|---|
| 92 | <h2 id="troubleshooting"><a href="#troubleshooting"><span class="header-section-number">1.2</span> Troubleshooting</a></h2> | 
|---|
| 93 | <p>If you get "Error reading stat", check the /var/ports-db directory for 2 additional files: portstat24.txt and portstat.txt like this:</p> | 
|---|
| 94 | <pre><code>$ ls -l /var/ports-db/portstat* | 
|---|
| 95 | -rw-r--r-- 1 netflow www-data     512 Jul 17 21:20 /var/ports-db/portstat24.txt | 
|---|
| 96 | /var/ports-db/portstat.txt</code></pre> | 
|---|
| 97 | <p>If either is missing then this will cause the problem. Make sure that nfsen can write in that directory.</p> | 
|---|
| 98 | <p>You can get additional debugging by setting <code>$DEBUG = 1</code> in /var/www/nfsen/conf.php, and then looking in /var/tmp/nfsen.log</p> | 
|---|
| 99 | </body> | 
|---|
| 100 | </html> | 
|---|