A recent project of mine involved testing IPfix Netflow on a Juniper PTX10002 while running 100Gb of throughput with hundreds of thousands routes running through iBGP/eBGP.
To test IPfix, NFSEN was requested by the customer as that's what they run in production.
Installation
Use the sudo user
sudo -i
Update ubuntu:
apt-get update
apt autoremove
Create and navidate to a new folder:
mkdir ~/nfsen && cd ~/nfsen
Download the required files:
wget https://bit.ly/2NpMHqV
wget https://github.com/phaag/nfdump/archive/v1.6.17.tar.gz
Extract the files:
tar zxfv 2NpMHqV
tar xzfv v1.6.17.tar.gz
Install Dependencies
apt install make gcc flex rrdtool librrd-dev libpcap-dev php librrds-perl libsocket6-perl apache2 libapache2-mod-php7.0 libtool dh-autoreconf pkg-config libbz2-dev byacc doxygen graphviz
Make sure the right version of PHP is being used:
a2enmod php7.0
Fix problem with displaying icons in nfsen:
vi /etc/apache2/mods-enabled/alias.conf
and comment out line: 'Alias /icons/ "/usr/share/apache2/icons/"
Prepare nfdump for compilation:
cd nfdump-1.6.17/
sh ./autogen.sh
./configure --enable-nsel --enable-nfprofile --enable-sflow --enable-readpcap --enable-nfpcapd
Compile nfdump:
make
Install nfdump:
make install
(it may be necessary to run /sbin/ldconfig
or ldconfig
as root after the installation)
Install nfsen dependencies:
cpan App::cpanminus
Install nfsen dependencies:
cpanm Mail::Header
Install nfsen dependencies:
cpanm Mail::Internet
Check the nfdump version:
nfdump -V
Configure nfsen:
cd ../nfsen-1.3.6p1
vi ./etc/nfsen-dist.conf
Add user used by nfsen:
useradd -M -s /bin/false -G www-data netflow
Create nfsen base directory:
mkdir -p /data/nfsen
Install nfsen:
./install.pl ./etc/nfsen-dist.conf
If there is a version mismatch change this:
vi libexec/NfSenRRD.pm
Change from 1.5 t0 1.6
Point default Apache site to nfsen.php file:
vi /etc/apache2/sites-enabled/000-default.conf
DocumentRoot /var/www/nfsen
DirectoryIndex nfsen.php
Start nfsen service:
/data/nfsen/bin/nfsen start
Restart Apache:
service apache2 restart
Browse to:
http://yourip:80
To make nfsen reboot proof:
ln -s /data/nfsen/bin/nfsen /etc/init.d/nfsen
update-rc.d nfsen defaults 20