This page describes the installation of FlowViewer on CentOS 7 for NetFlow reporting.
Quote FlowViewer wiki: “FlowViewer has been developed for NASA’s Earth Sciences Data and Information System (ESDIS) networks, and credit goes to NASA for their usual outstanding support of innovation.” ~~TOC~~
yum groupinstall development tools yum install glib2-devel
yum install zlib zlib-devel lzo lzo-devel libpcap libpcap-devel gnutls gnutls-devel python-devel c-ares c-ares-devel openssl-devel
yum install httpd gd perl-GD perl-GDGraph perl-GDTextUtil rrdtool systemctl enable httpd systemctl start httpd
tar zxvf libfixbuf-1.6.2.tar.gz ./configure && make && make install
tar zxvf netsa-python-1.4.3.tar.gz python setup.py build python setup.py install
tar zxvf ipa-0.5.2.tar.gz ./configure && make && make install
echo /usr/local/lib >>/etc/ld.so.conf.d/local.conf ldconfig -v
tar zxvf silk-3.10.1.tar.gz
mkdir -p /opt/silk/data ./configure \ --enable-data-rootdir=/opt/silk/data \ --prefix=/opt/silk \ --enable-output-compression \ --with-libipa=/usr/local/lib/pkgconfig \ --with-libfixbuf=/usr/local/lib/pkgconfig make make install ************************************************************ Example site configuration files have been installed in /opt/silk/share/silk/*-silk.conf Choose the file that matches your packing logic plug-in and/or installation, rename it to silk.conf, customize it, and copy it to the root of the data directory: /opt/silk/data/silk.conf ************************************************************
cp /opt/silk/share/silk/twoway-silk.conf /opt/silk/data/silk.conf
sensor 0 uplink "Uplink" class all sensors uplink end class
cd /opt/silk/share/silk cp addrtype-templ.txt addresses.txt vi addresses.txt # My IP space (CMU) 128.2.0.0/16 internal /opt/silk/bin/rwpmapbuild --input addresses.txt --output address_types.pmap
unzip -p GeoIPCountryCSV.zip | \ /opt/silk/bin/rwgeoip2ccmap --csv-input > country_codes.pmap cp country_codes.pmap /opt/silk/share/silk/country_codes.pmap
probe uplink netflow-v9 listen-on-port 9901 protocol udp accept-from-host 1.2.3.1 end probe sensor uplink netflow-v9-probes uplink internal-ipblock 1.2.3.0/24 external-ipblock remainder end sensor
ENABLED=yes BIN_DIR=/opt/silk/sbin DATA_ROOTDIR=/opt/silk/data PID_DIR=/var/run SENSOR_CONFIG=/opt/silk/data/sensor.conf SITE_CONFIG=/opt/silk/data/silk.conf INPUT_MODE=stream OUTPUT_MODE=local-storage LOG_TYPE=legacy LOG_DIR=/opt/silk/log LOG_LEVEL=info CREATE_DIRECTORIES=yes
cp /root/silk-3.10.1/src/rwflowpack/rwflowpack.init.d /etc/init.d/rwflowpack chkconfig rwflowpack on service rwflowpack start
firewall-cmd --permanent --zone=trusted --add-source=1.2.3.1 firewall-cmd --permanent --zone=trusted --add-port=9901/udp firewall-cmd --reload firewall-cmd --zone=trusted --list-all
/ip traffic-flow target add version=9 address=1.2.3.4:9901 /ip traffic-flow set enabled=yes interfaces=bridge1-uplink /ip firewall filter chain=output action=accept protocol=udp dst-address=1.2.3.6 dst-port=9901
/opt/silk/bin/rwfilter --sensor=uplink --proto=0-255 --pass=stdout --type=all | /opt/silk/bin/rwcut | tail
firewall-cmd --permanent --zone=trusted --add-service=http firewall-cmd --reload firewall-cmd --zone=trusted --list-all
cd /var/www/cgi-bin tar xvf /root/FlowViewer_4.6.tar
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/FlowGrapher(/.*)?" semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/FlowMonitor(/.*)?" semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/FlowViewer(/.*)?" semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/FlowViewer_Dashboard(/.*)?" semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/FlowViewer_Saves(/.*)?" restorecon -Rv /var/www/html