版本:
Linux 2.6.32-642.3.1.el6.x86_64
Red Hat 4.4.7-17
nfdump-1.6.13
nfsen-1.3.6p1
更新下載檔案:
yum update
yum install -y httpd php wget gcc make rrdtool-devel rrdtool-perl perl-MailTools perl-Socket6 flex byacc
yum install -y httpd php wget gcc make rrdtool-devel rrdtool-perl perl-MailTools perl-Socket6 flex byacc
wget https://sourceforge.net/projects/nfdump/files/stable/nfdump-1.6.13/nfdump-1.6.13.tar.gz/download
wget https://sourceforge.net/projects/nfsen/files/stable/nfsen-1.3.6p1/nfsen-1.3.6p1.tar.gz
tar -zxvf /root/nfdump-1.6.13.tar.gz
tar -zxvf /root/nfsen-1.3.6p1.tar.gz
useradd -G apache -s /bin/false netflow
新增使用者,加入apache群組,無法用shell登入
防火牆設定:
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p udp --dport 9995 -j ACCEPT
iptables -I INPUT -p udp --dport 9996 -j ACCEPT
iptables -I INPUT -p udp --dport 9996 -j ACCEPT
service iptables save
開放http,https還有netflow流量預設port
開放http,https還有netflow流量預設port
selinux設定:
vim /etc/selinux/config
set SELINUX=disabled
reboot
nfdump安裝:
/root/nfdump-1.6.13/configure --enable-nfprofile --enable-nftrack --enable-sflow
cp /root/nfsen-1.3.6p1/etc/nfsen-dist.conf /root/nfsen-1.3.6p1/etc/nfsen.conf
cd /root/nfdump-1.6.13
make
make install
nfdump功能
nfsen安裝:
vim /root/nfsen-1.3.6p1/etc/nfsen.conf
$BASEDIR = "/home/netflow";
%sources = (
'home' => { 'port' => '9995', 'col' => '#0000ff', 'type' => 'netflow' },
'internal' => { 'port' => '9996', 'col' => '#FF0000', 'type' => 'netflow' },
# 'peer1' => { 'port' => '9996', 'IP' => '172.16.17.18' },
# 'peer2' => { 'port' => '9996', 'IP' => '172.16.17.19' },
);
$USER = "netflow";
$WWWUSER = "apache";
$WWWGROUP = "apache";
%sources = (
'home' => { 'port' => '9995', 'col' => '#0000ff', 'type' => 'netflow' },
'internal' => { 'port' => '9996', 'col' => '#FF0000', 'type' => 'netflow' },
# 'peer1' => { 'port' => '9996', 'IP' => '172.16.17.18' },
# 'peer2' => { 'port' => '9996', 'IP' => '172.16.17.19' },
);
/root/nfsen-1.3.6p1/install.pl /root/nfsen-1.3.6p1/etc/nfsen.conf
/home/netflow/bin/nfsen start
vim /etc/init.d/nfsen
#!/bin/bash
#
# chkconfig: - 50 50
# description: nfsen
DAEMON=/home/netflow/bin/nfsen
case "$1" in
start)
$DAEMON start
;;
stop)
$DAEMON stop
;;
status)
$DAEMON status
;;
restart)
$DAEMON stop
sleep 1
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|status|restart}"
exit 1
;;
esac
exit 0
#
# chkconfig: - 50 50
# description: nfsen
DAEMON=/home/netflow/bin/nfsen
case "$1" in
start)
$DAEMON start
;;
stop)
$DAEMON stop
;;
status)
$DAEMON status
;;
restart)
$DAEMON stop
sleep 1
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|status|restart}"
exit 1
;;
esac
exit 0
chkconfig --add nfsen
chkconfig nfsen on
網頁設定:
vim /etc/httpd/conf.d/nfsen.conf
Alias /nfsen "/var/www/nfsen"
<Directory "/var/www/nfsen">
DirectoryIndex nfsen.php
Options -Indexes
AllowOverride None
Order allow,deny
Allow from all
</Directory>
service httpd restart<Directory "/var/www/nfsen">
DirectoryIndex nfsen.php
Options -Indexes
AllowOverride None
Order allow,deny
Allow from all
</Directory>
權限設定:
群組apache對${BASEDIR}/var/run/nfsen.conf必須有rw權限
我的${BASEDIR}是/home/netflow
所以home, netflow, var 和 run資料夾apache群組必須要有rx權限
使用windows系統用flowalyzer產生netflow流量
Flowalyzer NetFlow Generator2.0
http://{IP or FQDN}/nfsen/
群組apache對${BASEDIR}/var/run/nfsen.conf必須有rw權限
我的${BASEDIR}是/home/netflow
所以home, netflow, var 和 run資料夾apache群組必須要有rx權限
使用windows系統用flowalyzer產生netflow流量
Flowalyzer NetFlow Generator2.0
http://{IP or FQDN}/nfsen/