Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools

Trace: nfsen_centos7
nfsen_centos7

Table of Contents

, , , ,

NfSen - CentOS 7.x

Install and configure NfSen on CentOS 7.x

  • NfSen 1.3.7
  • nfdump 1.6.13

Prerequisites:

  • EPEL Repository

Installation

  • Download NfSen http://nfsen.sourceforge.net/.
  • Download nfdump http://nfdump.sourceforge.net/.
  • Extract files. 
    tar zxf nfdump-1.6.13.tar.gz
tar zxf nfsen-1.3.7.tar.gz
  • Install development tools. 
    sudo yum groupinstall development tools
  • Install rrdtool. 
    sudo yum install rrdtool rrdtool-devel
  • Install Apache, php and perl modules. 
    sudo yum install apache php perl-MailTools rrdtool-perl perl-Socket6 perl-Sys-Syslog.x86_64
  • Install SELinux tools:
    yum install policycoreutils-python
  • Configure PHP timezone: 
    echo "date.timezone = Europe/Amsterdam" > /etc/php.d/timezone.ini
  • Create user netflow. 
    useradd netflow
  • Add user netflow to apache group. 
    sudo usermod -G apache netflow
  • Create seperate /opt filesystem (for lots of data).
  • Compile and install nfdump. 
    cd nfdump-1.6.13
./configure --prefix=/opt/nfdump --enable-nfprofile
autoreconf
make
sudo make install
  • Install nfsen. 
    cd nfsen-1.3.7
cd etc
cp nfsen-dist.conf nfsen.conf
vi nfsen.conf
  $BASEDIR = "/opt/nfsen";
  $HTMLDIR = "/opt/nfsen/www/";
  $PREFIX  = '/opt/nfdump/bin';
  $WWWUSER  = "apache";
  $WWWGROUP = "apache";

  $MAIL_FROM   = 'nfsen@yourdomain.tld';
  $SMTP_SERVER = 'fqdn.mail.server';
  
  %sources = (
      'source1' => { 'port' => '9995', 'col' => '#0000ff', 'type' => 'netflow' },
      'source2' => { 'port' => '9996', 'col' => '#cc3333', 'type' => 'netflow' },
      'source3' => { 'port' => '9997', 'col' => '#99ff33', 'type' => 'netflow' },
  );

cd ..
sudo ./install.pl etc/nfsen.conf
  • Open port 80 and netflow ports: 
    firewall-cmd --permanent --zone=trusted --add-service=http
firewall-cmd --permanent --zone=trusted --add-source=1.2.3.1
firewall-cmd --permanent --zone=trusted --add-port=9995/udp
firewall-cmd --reload
firewall-cmd --zone=trusted --list-all
  • Add apache config. Create /etc/httpd/conf.d/nfsen.conf 
    <Directory "/opt/nfsen/www">
   AllowOverride None
   Require all granted
</Directory>

Alias /nfsen "/opt/nfsen/www"
  • Enable and start apache: 
    sudo systemctl enable httpd
sudo systemctl start httpd
  • Set SElinux rights to www directory:
    semanage fcontext -a -t httpd_sys_content_t "/opt/nfsen/www(/.*)?"
restorecon -Rv /opt/nfsen/
  • Create SELinux module. Important: Modules created with audit2allow may allow more access than required. 
    setenforce 0
/opt/nfsen/bin/nfsen start
/opt/nfsen/bin/nfsen stop
cp /var/log/audit/audit.log /var/tmp
cd /var/tmp
audit2allow -M mynfsen < audit.log
semodule -i mynfsen.pp
setenforce 1
  • Start nfsen. 
    sudo /opt/nfsen/bin/nfsen start

Auto start at boot

  • Create /etc/systemd/system/nfsen.service:
    [Unit]
Description=NfSen Service
After=network.target

[Service]
Type=forking
PIDFile=/opt/nfsen/var/run/nfsend.pid
ExecStart=/opt/nfsen/bin/nfsen start
ExecStop=/opt/nfsen/bin/nfsen stop
Restart=on-abort

[Install]
WantedBy=multi-user.target
  • Enable service:
    systemctl enable nfsen
systemctl start nfsen
nfsen_centos7.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1