{{tag>[nfsen network centos7 linux netflow]}}
=====NfSen - CentOS 7.x=====
Install and configure NfSen on CentOS 7.x
* NfSen 1.3.7
* nfdump 1.6.13
Prerequisites:
* EPEL Repository
=====Installation=====
* Download NfSen [[http://nfsen.sourceforge.net/]].
* Download nfdump [[http://nfdump.sourceforge.net/]].
* Extract files. tar zxf nfdump-1.6.13.tar.gz
tar zxf nfsen-1.3.7.tar.gz
* Install development tools. sudo yum groupinstall development tools
* Install rrdtool. sudo yum install rrdtool rrdtool-devel
* Install Apache, php and perl modules. sudo yum install apache php perl-MailTools rrdtool-perl perl-Socket6 perl-Sys-Syslog.x86_64
* Install SELinux tools:yum install policycoreutils-python
* Configure PHP timezone: echo "date.timezone = Europe/Amsterdam" > /etc/php.d/timezone.ini
* Create user netflow. useradd netflow
* Add user netflow to apache group. sudo usermod -G apache netflow
* Create seperate /opt filesystem (for lots of data).
* Compile and install nfdump. cd nfdump-1.6.13
./configure --prefix=/opt/nfdump --enable-nfprofile
autoreconf
make
sudo make install
* Install nfsen. cd nfsen-1.3.7
cd etc
cp nfsen-dist.conf nfsen.conf
vi nfsen.conf
$BASEDIR = "/opt/nfsen";
$HTMLDIR = "/opt/nfsen/www/";
$PREFIX = '/opt/nfdump/bin';
$WWWUSER = "apache";
$WWWGROUP = "apache";
$MAIL_FROM = 'nfsen@yourdomain.tld';
$SMTP_SERVER = 'fqdn.mail.server';
%sources = (
'source1' => { 'port' => '9995', 'col' => '#0000ff', 'type' => 'netflow' },
'source2' => { 'port' => '9996', 'col' => '#cc3333', 'type' => 'netflow' },
'source3' => { 'port' => '9997', 'col' => '#99ff33', 'type' => 'netflow' },
);
cd ..
sudo ./install.pl etc/nfsen.conf
* Open port 80 and netflow ports: firewall-cmd --permanent --zone=trusted --add-service=http
firewall-cmd --permanent --zone=trusted --add-source=1.2.3.1
firewall-cmd --permanent --zone=trusted --add-port=9995/udp
firewall-cmd --reload
firewall-cmd --zone=trusted --list-all
* Add apache config. Create **/etc/httpd/conf.d/nfsen.conf**
AllowOverride None
Require all granted
Alias /nfsen "/opt/nfsen/www"
* Enable and start apache: sudo systemctl enable httpd
sudo systemctl start httpd
* Set SElinux rights to www directory:semanage fcontext -a -t httpd_sys_content_t "/opt/nfsen/www(/.*)?"
restorecon -Rv /opt/nfsen/
* Create SELinux module. **Important: Modules created with audit2allow may allow more access than required.** setenforce 0
/opt/nfsen/bin/nfsen start
/opt/nfsen/bin/nfsen stop
cp /var/log/audit/audit.log /var/tmp
cd /var/tmp
audit2allow -M mynfsen < audit.log
semodule -i mynfsen.pp
setenforce 1
* Start nfsen. sudo /opt/nfsen/bin/nfsen start
=====Auto start at boot=====
* Create **/etc/systemd/system/nfsen.service**:
[Unit]
Description=NfSen Service
After=network.target
[Service]
Type=forking
PIDFile=/opt/nfsen/var/run/nfsend.pid
ExecStart=/opt/nfsen/bin/nfsen start
ExecStop=/opt/nfsen/bin/nfsen stop
Restart=on-abort
[Install]
WantedBy=multi-user.target
* Enable service:systemctl enable nfsen
systemctl start nfsen