Written on February 4, 2011 at 11:08 am by

Netflow on Ubuntu

Filed under howto, Linux, Monitoring {one comment}


Earlier we have install Nfsen, Nfdump on CentOS. Now by following below steps you can install nfsen and nfsump on ubuntu for netflow.

First install dependencies

apt-get install gcc flex librrd-dev make bison apache2 libapache2-mod-php5 php5-common libmailtools-perl rrdtool librrds-perl

Installing NFDUMP
You can download the latest version of NFDUMP from here.

cd /root
wget http://sourceforge.net/projects/nfdump/files/stable/nfdump-1.6.2/nfdump-1.6.2.tar.gz
tar zxvf nfdump-1.6.2.tar.gz
cd nfdump-1.6.2

To use NFDUMP with NFSEN we need to enable nfprofile in configuration.

./configure --enable-nfprofile
make
make install

Installing NFSEN
You can download the latest version of NFDUMP from here.

cd /root
wget http://sourceforge.net/projects/nfsen/files/stable/nfsen-1.3.5/nfsen-1.3.5.tar.gz
tar zxvf nfsen-1.3.5.tar.gz
cd nfsen-1.3.5

Once extracted, we have to copy the config file into /etc and modify it:

cp etc/nfsen-dist.conf /etc/nfsen.conf

We need to modify configuration file as per our need. Open /etc/nfsen.conf with your favourite editor and modify below settings.

$USER    = "www-data";
$WWWUSER  = "www-data";
$WWWGROUP = "www-data";
 
%sources = (
    'MYROUTER'    => { 'port'    => '9995', 'col' => '#0000ff', 'type' => 'netflow' },
);

Make the destination directory and complete the installation by running the install.pl script:

mkdir -p /data/nfsen
./install.pl /etc/nfsen.conf

Run the nfsen program and let it executes nfcapd daemon:

cd /data/nfsen/bin
./nfsen start
/etc/init.d/apache2 restart

Point your browser at http://YOUR_IP_ADDRESS/nfsen/nfsen.php and enjoy!

Configure your routers to export NetFlow data

1. Enable flow export on ALL Cisco router’s interfaces that send and receive some traffic, here is an example:

Router1# configure terminal
Router1(config)#interface FastEthernet 0/0
Router1(config-if)#ip route-cache flow
Router1(config-if)#interface FastEthernet 0/1
Router1(config-if)#ip route-cache flow

2. Setup netflow export:

Router1# configure terminal
Router1(config)#ip flow-export source FastEthernet0/0
Router1(config)#ip flow-export source FastEthernet0/1
Router1(config)#ip flow-export version 5
Router1(config)#ip flow-export destination Nfsen_server_ip 9995

You need to open UDP 9995 port for communication.

Related content:

  1. NETFLOW to Monitor Traffic at Cisco Router
  2. pnp4nagios on Ubuntu
  3. Create hotspot in Ubuntu 11.10
  4. NConf on Ubuntu
  5. Remote File System through SSH
Share|

Subscribe / Share

Article by Vidyadhar

My name is Vidyadhar Sarmalkar & I work as a consultant and have done RHCE & CCNA.
Vidyadhar tagged this post with: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Read 265 articles by

One Comments

  1. fmp says:
    June 21, 2012 at 7:51 pm

    when i ran netstat -a | grep 9995, this port was not active. Tha’t why am not geting flows from Nfsen_server:9995

    How can it be proved that port 9995 is active?

    -fmp

    Reply
rss twitter facbook
Popular Posts

| Popular Posts |

Recent Posts

| Recent Posts |

Daily Popular Posts

| Daily Popular Posts |

Categories

Archives

Buffer