2016年7月18日 星期一

centos 6, nfdump and nfsen

修改20161007

版本:
Linux 2.6.32-642.3.1.el6.x86_64

Red Hat 4.4.7-17
nfdump-1.6.13
nfsen-1.3.6p1


更新下載檔案:
yum update

yum install -y httpd php wget gcc make rrdtool-devel rrdtool-perl perl-MailTools perl-Socket6 flex byacc

wget https://sourceforge.net/projects/nfdump/files/stable/nfdump-1.6.13/nfdump-1.6.13.tar.gz/download

wget https://sourceforge.net/projects/nfsen/files/stable/nfsen-1.3.6p1/nfsen-1.3.6p1.tar.gz

tar -zxvf /root/nfdump-1.6.13.tar.gz
tar -zxvf /root/nfsen-1.3.6p1.tar.gz

useradd -G apache -s /bin/false netflow
新增使用者,加入apache群組,無法用shell登入

防火牆設定:
iptables -I INPUT -p tcp  --dport 443 -j ACCEPT
iptables -I INPUT -p tcp  --dport 80 -j ACCEPT
iptables -I INPUT -p udp  --dport 9995 -j ACCEPT
iptables -I INPUT -p udp  --dport 9996 -j ACCEPT
service iptables save
開放http,https還有netflow流量預設port

selinux設定:
vim /etc/selinux/config
set SELINUX=disabled

reboot

nfdump安裝:
/root/nfdump-1.6.13/configure --enable-nfprofile --enable-nftrack --enable-sflow
cp /root/nfsen-1.3.6p1/etc/nfsen-dist.conf /root/nfsen-1.3.6p1/etc/nfsen.conf

cd /root/nfdump-1.6.13
make
make install
nfdump功能

nfsen安裝:
vim /root/nfsen-1.3.6p1/etc/nfsen.conf
$BASEDIR = "/home/netflow";  

$USER    = "netflow";

$WWWUSER  = "apache";
$WWWGROUP = "apache";

%sources = (
    'home'    => { 'port' => '9995', 'col' => '#0000ff', 'type' => 'netflow' },
    'internal'    => { 'port' => '9996', 'col' => '#FF0000', 'type' => 'netflow' },
#    'peer1'        => { 'port' => '9996', 'IP' => '172.16.17.18' },
#    'peer2'        => { 'port' => '9996', 'IP' => '172.16.17.19' },
);

/root/nfsen-1.3.6p1/install.pl /root/nfsen-1.3.6p1/etc/nfsen.conf
/home/netflow/bin/nfsen start

vim /etc/init.d/nfsen
#!/bin/bash
#
# chkconfig: - 50 50
# description: nfsen

DAEMON=/home/netflow/bin/nfsen
case "$1" in
start)
$DAEMON start
;;
stop)
$DAEMON stop
;;
status)
$DAEMON status
;;
restart)
$DAEMON stop
sleep 1
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|status|restart}"
exit 1
;;
esac
exit 0

chkconfig --add nfsen
chkconfig nfsen on

網頁設定:
vim /etc/httpd/conf.d/nfsen.conf
Alias /nfsen "/var/www/nfsen"

<Directory "/var/www/nfsen">
DirectoryIndex nfsen.php
Options -Indexes
AllowOverride None
Order allow,deny
Allow from all
</Directory>
service httpd restart

權限設定:
群組apache對${BASEDIR}/var/run/nfsen.conf必須有rw權限
我的${BASEDIR}是/home/netflow
所以home, netflow, var 和 run資料夾apache群組必須要有rx權限

使用windows系統用flowalyzer產生netflow流量
Flowalyzer NetFlow Generator2.0


http://{IP or FQDN}/nfsen/