{{tag>[nfsen network centos netflow]}}

=====NfSen - CentOS6=====
Install and configure NfSen on CentOS6.x
  * NfSen 1.3.6
  * nfdump 1.6.9

Prerequisites:
  * EPEL Repository

====Installation====
  * Download NfSen [[http://nfsen.sourceforge.net/]].
  * Download nfdump [[http://nfdump.sourceforge.net/]].
  * Extract files. <code>tar zxvf nfdump-1.6.12.tar.gz
tar zxvf nfsen-1.3.6p1.tar.gz</code>
  * Install development tools. <code>sudo yum groupinstall development tools</code>
  * Install rrdtool. <code>sudo yum install rrdtool rrdtool-devel</code>
  * Install Apache, php and perl modules. <code>sudo yum install apache php perl-MailTools rrdtool-perl perl-Socket6</code>
  * Edit **/etc/php.ini**. Confgure date.timezone.
  * Create user netflow. <code>useradd netflow</code>
  * Add user netflow to apache group. <code>sudo usermod -G apache netflow</code>
  * Compile and install nfdump. <code>cd nfdump-1.6.12
./configure --prefix=/opt/nfdump --enable-nfprofile
autoreconf
make
sudo make install</code>
  * Install nfsen. <code>cd nfsen-1.3.6p1
cd etc
cp nfsen-dist.conf nfsen.conf
vi nfsen.conf
  $BASEDIR = "/opt/nfsen";
  $HTMLDIR = "/opt/nfsen/www/";
  $PREFIX  = '/opt/nfdump/bin';
  $WWWUSER  = "apache";
  $WWWGROUP = "apache";

  $MAIL_FROM   = 'nfsen@yourdomain.tld';
  $SMTP_SERVER = 'fqdn.mail.server';
  
  %sources = (
      'source1' => { 'port' => '9995', 'col' => '#0000ff', 'type' => 'netflow' },
      'source2' => { 'port' => '9996', 'col' => '#cc3333', 'type' => 'netflow' },
      'source3' => { 'port' => '9997', 'col' => '#99ff33', 'type' => 'netflow' },
  );

cd ..
sudo ./install.pl etc/nfsen.conf</code>
  * Open port 80 and netflow ports. Edit **/etc/sysconfig/iptables**. <code>-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 9995 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 9996 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 9997 -j ACCEPT
</code>
  * Reload iptables. <code>service iptables restart</code>
  * Add apache config. Create **/etc/httpd/conf.d/nfsen.conf** <code><Directory "/opt/nfsen/www">
   AllowOverride None
   Order allow,deny
   Allow from all
</Directory>

Alias /nfsen "/opt/nfsen/www"</code>
  * Start apache at boot. <code>sudo chkconfig httpd on</code>
  * Start apache. <code>sudo service httpd start</code>
  * Create SELinux module. **Important: Modules created with audit2allow may allow more access than required.** <code>sudo yum install policycoreutils-python
setenforce 0
/opt/nfsen/bin/nfsen start
/opt/nfsen/bin/nfsen stop
cp /var/log/audit/audit.log /var/tmp
cd /var/tmp
audit2allow -M mynfsen < audit.log
semodule -i mynfsen.pp
setenforce 1
</code>
  * Start nfsen. <code>sudo /opt/nfsen/bin/nfsen start</code>
  * To start NfSen at boot, add the start script to **/etc/rc.local**. Or create a nice start/stop init script.
  * Access NfSen at http://server/nfsen/nfsen.php.