Agenda: netflow-nfsen-exercise.txt

File netflow-nfsen-exercise.txt, 2.9 KB (added by oflaherty-guatemala, 9 years ago)

Line
1	Advanced Registry Operations Curriculum
2
3	NetFlow - NFSen - Exercise
4
5	0. If not already installed, install the following packages:
6
7	# apt-get install rrdtool
8	# apt-get install librrds-perl
9	# apt-get install librrdp-perl
10
11
12	1. Install nfdump
13
14	[Nfdump is the netflow flow collector]
15
16
17	# export INIT_VERBOSE=yes
18	# export VERBOSE=yes
19	# apt-get install nfdump
20
21	(the lines with VERBOSE are needed to work around a bug in the
22	package installation script)
23
24	---
25	Installed tools are :
26	nfcapd nfdump nfreplay nfexpire nftest nfgen
27	---
28
29
30	NFSen
31
32	1. Now get nfsen
33
34	$ wget http://freefr.dl.sourceforge.net/project/nfsen/stable/nfsen-1.3.2/nfsen-1.3.2.tar.gz
35
36	2. Setting up NfSen
37
38	$ tar -xzf nfsen-1.3.2.tar.gz
39	$ cd nfsen-1.3.2
40	$ cd etc
41	# cp nfsen-dist.conf nfsen.conf
42
43	Edit the nfsen.conf, and make the following changes:
44
45	- set the basedir variable
46
47	$BASEDIR = "/var/nfsen";
48
49	- set the path for the PREFIX where to find the nfdump tools:
50
51	# nfdump tools path
52	$PREFIX = '/usr/bin';
53
54	- set the users:
55
56	$USER = "netflow"
57	$WWWUSER = 'www-data';
58	$WWWGROUP = 'www-data';
59
60	- set the buffer size to something small, so we see data quickly
61
62	# Receive buffer size for nfcapd - see man page nfcapd(1)
63	$BUFFLEN = 2000;
64
65	- find the %sources definition, and change it to:
66
67	%sources = (
68	'tldX-rtr' => { 'port' => '2002', 'col' => '#ff0000' },
69	);
70
71	(remember to replace 'X' with the number of your TLD)
72
73	- save the file, and exit.
74
75	3. Create a netflow user on the system.
76
77	# useradd -d /var/netflow -G www-data -m -s /bin/false netflow
78
79	4. Initiating nfsen
80
81	# cd ..
82	# perl install.pl etc/nfsen.conf
83
84	[press 'return' when asked where perl is located ]
85
86	5. Starting Nfsen
87
88	# cd /var/nfsen/bin
89	# ./nfsen start
90
91	(You can add the nfsen startup script to /etc/init.d/rc.local or somewhere similar to start it at bootup.)
92
93
94	6. Now we need to configure your router to export NetFlow flows.
95
96	Using the slides on NetFlow (slides 36 and following), configure
97	the IOS on your TLD router to export flows to your NOC, on port 2002
98	(as you configured in point 2.
99
100	Once you have done this, it will take some time for data to show up
101	in NFsen...
102
103	Watch your browser at http://your-IP/nfsen/nfsen.php
104
105	7. Add more sources:
106
107	Go back to where you extracted your nfsen distribution.
108
109	# cd nfsen-1.3.2
110	# vi etc/nfsen.conf
111
112	%sources = (
113	'tldX-rtr' => { 'port' => '2002', 'col' => '#ff0000' },
114	'tldY-rtr' => { 'port' => '2003', 'col' => '#ff0000' },
115	);
116
117	Save & close.
118
119	Now, ask your neighbor to add a NetFlow export destination -- by default
120	the IOS software supports 2 -- pointing at your NOC, on port 2003.
121
122	Once you have double checked with your neighbor that they have configured
123	netflow export, check with tcpdump on your NOC that you are seeing packets
124	on port 2003:
125
126	# tcpdump -n port 2003 and udp
127	...
128	^C
129
130
131	Finally, reconfigure and restart NFSen:
132
133	# perl install.pl etc/nfsen.conf
134
135	[press return when asked]
136
137	8. Start NFsen
138
139	# /var/nfsen/bin/nfsen stop
140	# /var/nfsen/bin/nfsen start
141
142	9. Check it out!
143
144	http://your IP/nfsen/nfsen.php
145
146