Commands preceded with "$" imply that you should execute the command as a general user - not as root.
Commands preceded with "#" imply that you should be working as root.
Commands with more specific command lines (e.g. "rtrX>" or "mysql>") imply that you are executing commands on remote equipment, or within another program.
These instructions assume you are the root user. If you are not, prepend ''sudo'' to the shell commands (the ones that aren't at ''mysql>'' prompts) or temporarily invoke root privileges with ''sudo -s''.
The nfdump and NfSen software has already been installed on your Campus Network Monitoring and Management Server by the workshop instructors. All you will need to do is complete its configuration for your campus and set it running, collecting flow information from your campus border router.
If you are interested in reading how the software was installed, please consult the notes describing the installation of nfdump and NfSen. As with LibreNMS, it is quite straightforward, once you know how!
NfSen should already have been running from the time the workshop instructors started your campus NMM server running. To check, log in to the NMM server and then:
$ ps ax | grep nfsen should show something like:
538 ? S 0:00 /usr/local/bin/nfcapd -w -D -p 9996 -u netflow -g www-data -B 2000 -S 1 -P /var/nfsen/var/run/p9996.pid -z -I bdr1 -l /var/nfsen/profiles-data/live/bdr1
549 ? Ss 0:04 /usr/bin/perl -w /var/nfsen/bin/nfsend
550 ? Ss 0:00 /var/nfsen/bin/nfsend-commAlso check in /var/log/syslog to see if a very useful plugin called PortTracker has loaded successfully. You should see something like this being reported:
srv1 nfsen[550]: Frontend module 'PortTracker.php' found
srv1 nfsen[550]: Loading plugin 'PortTracker': Success
srv1 nfsen[550]: PortTracker: Init
srv1 nfsen[550]: Initializing plugin 'PortTracker': Success
srv1 nfsen[550]: plugin 'PortTracker': Profile plugin: 1, Alert condition plugin: 0, Alert action plugin: 0
srv1 nfsen[550]: Plugins for profile : ./live - PortTracker
In the previous exercise you set up your border router to export flows to the NMM server in your campus. From the minute you did that, the server will have been collecting the data.
After at least 5 minutes from the export starting, you should start seeing data on NfSen.
You can find the nfsen page here:
http://srv1.campusX.ws.nsrc.org/nfsen/nfsen.phpEveryone in the group can point their web browser at this page.
You may see a message such as:
Frontend - Backend version mismatch!This will go away if you reload the page, it's not a problem.
Done! Demonstrate your working system to the workshop instructors.
Click on the graphs to see various data about the traffic flow on the network. We’ll look at this data in more depth in the next exercise.
There should also be graphs from the PortTracker plugin. Click the Plugins tab in the NfSen browser home page and that will open up the PortTracker page. Explore the graphs displayed by the PortTracker plugin.
Now we have two tools in place, it would be handy to have a simple front page to access them all, rather than trying to remember URLs!
Edit /var/www/html/index.html and replace the entire contents with the following (replace “X” with your campus number):
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8">
<title>Resources Here</title>
</head>
<body id="" onload="">
<h1>Campus X NOC<h1>
<h3>Resources on this webserver</h3>
<ul>
<li><a href=http://librenms.campusX.ws.nsrc.org/devices/>LibreNMS</a> - Campus X Monitoring System</li>
<li><a href=http://srv1.campusX.ws.nsrc.org/nfsen/nfsen.php>NfSen</a> - Netflow collector and analyser</li>
</ul>
</body>
</html>Now point your laptop's web browser at
http://srv1.campusX.ws.nsrc.org/again and check you can view this page, and that the two links work.