{{tag>[nfsen network centos netflow]}}
=====NfSen - CentOS6=====
Install and configure NfSen on CentOS6.x
* NfSen 1.3.6
* nfdump 1.6.9
Prerequisites:
* EPEL Repository
====Installation====
* Download NfSen [[http://nfsen.sourceforge.net/]].
* Download nfdump [[http://nfdump.sourceforge.net/]].
* Extract files. tar zxvf nfdump-1.6.12.tar.gz
tar zxvf nfsen-1.3.6p1.tar.gz
* Install development tools. sudo yum groupinstall development tools
* Install rrdtool. sudo yum install rrdtool rrdtool-devel
* Install Apache, php and perl modules. sudo yum install apache php perl-MailTools rrdtool-perl perl-Socket6
* Edit **/etc/php.ini**. Confgure date.timezone.
* Create user netflow. useradd netflow
* Add user netflow to apache group. sudo usermod -G apache netflow
* Compile and install nfdump. cd nfdump-1.6.12
./configure --prefix=/opt/nfdump --enable-nfprofile
autoreconf
make
sudo make install
* Install nfsen. cd nfsen-1.3.6p1
cd etc
cp nfsen-dist.conf nfsen.conf
vi nfsen.conf
$BASEDIR = "/opt/nfsen";
$HTMLDIR = "/opt/nfsen/www/";
$PREFIX = '/opt/nfdump/bin';
$WWWUSER = "apache";
$WWWGROUP = "apache";
$MAIL_FROM = 'nfsen@yourdomain.tld';
$SMTP_SERVER = 'fqdn.mail.server';
%sources = (
'source1' => { 'port' => '9995', 'col' => '#0000ff', 'type' => 'netflow' },
'source2' => { 'port' => '9996', 'col' => '#cc3333', 'type' => 'netflow' },
'source3' => { 'port' => '9997', 'col' => '#99ff33', 'type' => 'netflow' },
);
cd ..
sudo ./install.pl etc/nfsen.conf
* Open port 80 and netflow ports. Edit **/etc/sysconfig/iptables**. -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 9995 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 9996 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 9997 -j ACCEPT
* Reload iptables. service iptables restart
* Add apache config. Create **/etc/httpd/conf.d/nfsen.conf**
AllowOverride None
Order allow,deny
Allow from all
Alias /nfsen "/opt/nfsen/www"
* Start apache at boot. sudo chkconfig httpd on
* Start apache. sudo service httpd start
* Create SELinux module. **Important: Modules created with audit2allow may allow more access than required.** sudo yum install policycoreutils-python
setenforce 0
/opt/nfsen/bin/nfsen start
/opt/nfsen/bin/nfsen stop
cp /var/log/audit/audit.log /var/tmp
cd /var/tmp
audit2allow -M mynfsen < audit.log
semodule -i mynfsen.pp
setenforce 1
* Start nfsen. sudo /opt/nfsen/bin/nfsen start
* To start NfSen at boot, add the start script to **/etc/rc.local**. Or create a nice start/stop init script.
* Access NfSen at http://server/nfsen/nfsen.php.