{{tag>[nfsen network centos7 linux netflow]}}

=====NfSen - CentOS 7.x=====
Install and configure NfSen on CentOS 7.x
  * NfSen 1.3.7
  * nfdump 1.6.13

Prerequisites:
  * EPEL Repository

=====Installation=====
  * Download NfSen [[http://nfsen.sourceforge.net/]].
  * Download nfdump [[http://nfdump.sourceforge.net/]].
  * Extract files. <code>tar zxf nfdump-1.6.13.tar.gz
tar zxf nfsen-1.3.7.tar.gz</code>
  * Install development tools. <code>sudo yum groupinstall development tools</code>
  * Install rrdtool. <code>sudo yum install rrdtool rrdtool-devel</code>
  * Install Apache, php and perl modules. <code>sudo yum install apache php perl-MailTools rrdtool-perl perl-Socket6 perl-Sys-Syslog.x86_64</code>
  * Install SELinux tools:<code>yum install policycoreutils-python</code>
  * Configure PHP timezone: <code>echo "date.timezone = Europe/Amsterdam" > /etc/php.d/timezone.ini</code>
  * Create user netflow. <code>useradd netflow</code>
  * Add user netflow to apache group. <code>sudo usermod -G apache netflow</code>
  * Create seperate /opt filesystem (for lots of data).
  * Compile and install nfdump. <code>cd nfdump-1.6.13
./configure --prefix=/opt/nfdump --enable-nfprofile
autoreconf
make
sudo make install</code>
  * Install nfsen. <code>cd nfsen-1.3.7
cd etc
cp nfsen-dist.conf nfsen.conf
vi nfsen.conf
  $BASEDIR = "/opt/nfsen";
  $HTMLDIR = "/opt/nfsen/www/";
  $PREFIX  = '/opt/nfdump/bin';
  $WWWUSER  = "apache";
  $WWWGROUP = "apache";

  $MAIL_FROM   = 'nfsen@yourdomain.tld';
  $SMTP_SERVER = 'fqdn.mail.server';
  
  %sources = (
      'source1' => { 'port' => '9995', 'col' => '#0000ff', 'type' => 'netflow' },
      'source2' => { 'port' => '9996', 'col' => '#cc3333', 'type' => 'netflow' },
      'source3' => { 'port' => '9997', 'col' => '#99ff33', 'type' => 'netflow' },
  );

cd ..
sudo ./install.pl etc/nfsen.conf</code>
  * Open port 80 and netflow ports: <code>firewall-cmd --permanent --zone=trusted --add-service=http
firewall-cmd --permanent --zone=trusted --add-source=1.2.3.1
firewall-cmd --permanent --zone=trusted --add-port=9995/udp
firewall-cmd --reload
firewall-cmd --zone=trusted --list-all</code>
  * Add apache config. Create **/etc/httpd/conf.d/nfsen.conf** <code><Directory "/opt/nfsen/www">
   AllowOverride None
   Require all granted
</Directory>

Alias /nfsen "/opt/nfsen/www"</code>
  * Enable and start apache: <code>sudo systemctl enable httpd
sudo systemctl start httpd</code>
  * Set SElinux rights to www directory:<code>semanage fcontext -a -t httpd_sys_content_t "/opt/nfsen/www(/.*)?"
restorecon -Rv /opt/nfsen/</code>
  * Create SELinux module. **Important: Modules created with audit2allow may allow more access than required.** <code>setenforce 0
/opt/nfsen/bin/nfsen start
/opt/nfsen/bin/nfsen stop
cp /var/log/audit/audit.log /var/tmp
cd /var/tmp
audit2allow -M mynfsen < audit.log
semodule -i mynfsen.pp
setenforce 1
</code>
  * Start nfsen. <code>sudo /opt/nfsen/bin/nfsen start</code>
=====Auto start at boot=====
  * Create **/etc/systemd/system/nfsen.service**:<code>
[Unit]
Description=NfSen Service
After=network.target

[Service]
Type=forking
PIDFile=/opt/nfsen/var/run/nfsend.pid
ExecStart=/opt/nfsen/bin/nfsen start
ExecStop=/opt/nfsen/bin/nfsen stop
Restart=on-abort

[Install]
WantedBy=multi-user.target</code>
  * Enable service:<code>systemctl enable nfsen
systemctl start nfsen</code>