Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools


nfsen

NfSen - CentOS6

Install and configure NfSen on CentOS6.x

  • NfSen 1.3.6
  • nfdump 1.6.9

Prerequisites:

  • EPEL Repository

Installation

  • Extract files.
    tar zxvf nfdump-1.6.12.tar.gz
    tar zxvf nfsen-1.3.6p1.tar.gz
  • Install development tools.
    sudo yum groupinstall development tools
  • Install rrdtool.
    sudo yum install rrdtool rrdtool-devel
  • Install Apache, php and perl modules.
    sudo yum install apache php perl-MailTools rrdtool-perl perl-Socket6
  • Edit /etc/php.ini. Confgure date.timezone.
  • Create user netflow.
    useradd netflow
  • Add user netflow to apache group.
    sudo usermod -G apache netflow
  • Compile and install nfdump.
    cd nfdump-1.6.12
    ./configure --prefix=/opt/nfdump --enable-nfprofile
    autoreconf
    make
    sudo make install
  • Install nfsen.
    cd nfsen-1.3.6p1
    cd etc
    cp nfsen-dist.conf nfsen.conf
    vi nfsen.conf
      $BASEDIR = "/opt/nfsen";
      $HTMLDIR = "/opt/nfsen/www/";
      $PREFIX  = '/opt/nfdump/bin';
      $WWWUSER  = "apache";
      $WWWGROUP = "apache";
    
      $MAIL_FROM   = 'nfsen@yourdomain.tld';
      $SMTP_SERVER = 'fqdn.mail.server';
      
      %sources = (
          'source1' => { 'port' => '9995', 'col' => '#0000ff', 'type' => 'netflow' },
          'source2' => { 'port' => '9996', 'col' => '#cc3333', 'type' => 'netflow' },
          'source3' => { 'port' => '9997', 'col' => '#99ff33', 'type' => 'netflow' },
      );
    
    cd ..
    sudo ./install.pl etc/nfsen.conf
  • Open port 80 and netflow ports. Edit /etc/sysconfig/iptables.
    -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
    -A INPUT -m state --state NEW -m udp -p udp --dport 9995 -j ACCEPT
    -A INPUT -m state --state NEW -m udp -p udp --dport 9996 -j ACCEPT
    -A INPUT -m state --state NEW -m udp -p udp --dport 9997 -j ACCEPT
  • Reload iptables.
    service iptables restart
  • Add apache config. Create /etc/httpd/conf.d/nfsen.conf
    <Directory "/opt/nfsen/www">
       AllowOverride None
       Order allow,deny
       Allow from all
    </Directory>
    
    Alias /nfsen "/opt/nfsen/www"
  • Start apache at boot.
    sudo chkconfig httpd on
  • Start apache.
    sudo service httpd start
  • Create SELinux module. Important: Modules created with audit2allow may allow more access than required.
    sudo yum install policycoreutils-python
    setenforce 0
    /opt/nfsen/bin/nfsen start
    /opt/nfsen/bin/nfsen stop
    cp /var/log/audit/audit.log /var/tmp
    cd /var/tmp
    audit2allow -M mynfsen < audit.log
    semodule -i mynfsen.pp
    setenforce 1
  • Start nfsen.
    sudo /opt/nfsen/bin/nfsen start
  • To start NfSen at boot, add the start script to /etc/rc.local. Or create a nice start/stop init script.
nfsen.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1