Agenda: exercise4-NfSen-PortTracker.txt

File exercise4-NfSen-PortTracker.txt, 5.0 KB (added by admin, 6 years ago)

Line
1	NetFlow - PortTracker Exercises
2
3	# Optional Tasks
4
5	## Installing the PortTracker plugin (Optional or as reference)
6
7	First, connect to your virtual machine and become root:
8
9	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10	ssh sysadm@pcN.ws.nsrc.org
11	$ sudo bash
12	#
13	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
14
15	We have installed the nfdump package, but we still need to get the source
16	package, as it contains extra files required to enabled PortTracker as well
17	as requiringthe nftrack program to be installed in /usr/local/bin:
18
19	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
20	# cd /usr/local/src
21	# wget http://noc.ws.nsrc.org/downloads/nfdump-1.6.6.tar.gz
22	# tar xvzf nfdump-1.6.6.tar.gz
23	# cd nfdump-1.6.6
24	# ./configure --prefix /usr --enable-nfprofile --enable-nftrack
25	# make
26	# cp bin/nftrack /usr/local/bin
27	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
28
29	* Make a directory for the nftrack data
30
31	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
32	# mkdir -p /var/log/netflow/porttracker
33	# chown www-data /var/log/netflow/porttracker
34	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
35
36	* Set the nftrack data directory in the PortTracker.pm module:
37
38	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
39	# editor extra/PortTracker.pm
40
41	Find the line:
42
43	my $PORTSDBDIR = "/data/ports-db";
44
45	and change it to:
46
47	my $PORTSDBDIR = "/var/log/netflow/porttracker";
48	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
49
50	Save and exit from the file.
51
52	* Install the plugin into the NFSen distribution
53
54	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
55	# cp extra/PortTracker.pm /var/nfsen/plugins/
56	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
57
58	* Add the plugin definition to the nfsen.conf configuration
59
60	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
61	# cd /var/nfsen/etc
62	# editor nfsen.conf
63	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
64
65	* Find the plugins section and make it look like this:
66
67	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
68	@plugins = (
69	[ 'live', 'PortTracker'],
70	);
71	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
72
73	Save and exit from the file.
74
75	* Initialize the PortTracker database files
76
77	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
78	# sudo -u www-data nftrack -I -d /var/log/netflow/porttracker
79	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
80
81	(This can take a LONG time! - 8 GB worth of files will be created)
82
83	* Set the permissions so the netflow user running nfsen, and the www-data
84	user running the Web interface, can access the porttracker data.
85
86	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
87	# chown -R netflow:www-data /var/log/netflow/porttracker
88	# chmod -R 775 /var/log/netflow/porttracker
89	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
90
91	* Restart NfSen
92
93	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
94	# service nfsen stop
95	# service nfsen start
96	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
97
98	* Check for success:
99
100	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
101	# grep -i 'porttracker.*success' /var/log/syslog
102	Oct 12 13:19:35 pc1 nfsen[28005]: Loading plugin 'PortTracker': Success
103	Oct 12 13:19:35 pc1 nfsen[28005]: Initializing plugin 'PortTracker': Success
104	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
105
106	* Wait some minutes, and go the the nfsen GUI
107
108	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
109	http://pcX.ws.nsrc.org/nfsen/nfsen.php
110	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
111
112	... and select the Plugins tab.
113
114	*****************************************************************************
115	* You may get an error that "No plugins installed!" or
116	* "Error reading stats"...
117	*
118	* Don't worry, you need to wait a few minutes before NfSen will begin to
119	* show the PortTracker plugin and its graphs.
120	*****************************************************************************
121
122	At this point you are done. Congratulations!
123
124
125	## Troubleshooting
126
127	If you get an error "Cannot Read Stats file", check the /var/log/netflow/porttracker \
128	directory for 2 additional files: portstat24.txt and portstat.txt like this:
129
130	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
131	# ls -l /var/log/netflow/porttracker/portstat*
132	-rw-r--r-- 1 netflow www-data 677 2011-11-17 14:30 /var/log/netflow/\
133	porttracker/portstat24.txt
134	-rwxrwxr-x 1 netflow www-data 638 2011-11-17 14:30 /var/log/netflow/\
135	porttracker/portstat.txt
136	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
137
138	Make sure that nfsen can write in that directory.