Nfsen-nfsdump-fprobe: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
(Die Seite wurde neu angelegt: „=client= ==install== apt-get install fprobe ==config file== <pre> cat /etc/default/fprobe #fprobe default configuration file INTERFACE="eth0" FLOW_COLLECTOR="l…“)
 
 
(8 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 2: Zeile 2:
 
==install==
 
==install==
 
  apt-get install fprobe
 
  apt-get install fprobe
==config file==
+
==first test==
<pre>
+
fprobe -i eth0 192.168.244.152:23456
cat /etc/default/fprobe  
+
*/etc/default/fprobe  
#fprobe default configuration file
+
=server=
 +
==nfdump==
 +
===install===
 +
apt-get install nfdump
 +
mkdir /var/netflow
 +
nfcapd -w -D -p 23456 -B 200000 -S 1 -z -I Linux-Host-1-eth0 -l /var/netflow/
 +
==nfsen==
 +
===install needed packets===
 +
apt-get install apache2 libapache2-mod-php5 php5-common libmailtools-perl rrdtool librrds-perl
 +
===install nfsen source packets===
 +
cd /usr/src/
 +
wget http://sourceforge.net/projects/nfsen/files/stable/nfsen-1.3.6p1/nfsen-1.3.6p1.tar.gz
 +
tar zxvf nfsen-1.3.6p1.tar.gz
 +
cd nfsen-1.3.6p1
  
INTERFACE="eth0"
 
FLOW_COLLECTOR="localhost:555"
 
  
#fprobe can't distinguish IP packet from other (e.g. ARP)
+
perl -MCPAN -e 'install Socket6'
OTHER_ARGS="-fip"
+
 
</pre>
+
cp etc/nfsen-dist.conf /etc/nfsen.conf
 +
====change this====
 +
$HTMLDIR    = "/var/www/html/nfsen/";
 +
$PREFIX      = '/usr/bin'
 +
$USER        = "www-data";
 +
$WWWUSER    = "www-data";
 +
$WWWGROUP    = "www-data";
 +
%sources    = (
 +
    'huey'    => { 'port' => '23456', 'col' => '#0000ff', 'type' => 'netflow' },
 +
);
 +
$MAIL_FROM  = 'technik@xinux.de';
 +
$SMTP_SERVER = 'baltar.tuxmen.de';
 +
 
 +
=Links=
 +
*http://meetings.ripe.net/ripe-50/presentations/ripe50-plenary-tue-nfsen-nfdump.pdf
 +
*http://www.hurlster.com/wiki/index.php/Netflow
 +
*https://www.youtube.com/watch?v=oipMSiBWB08
 +
*http://www.hurlster.com/wiki/index.php/Netflow

Aktuelle Version vom 21. November 2014, 20:52 Uhr

client

install

apt-get install fprobe

first test

fprobe -i eth0 192.168.244.152:23456
  • /etc/default/fprobe

server

nfdump

install

apt-get install nfdump
mkdir /var/netflow
nfcapd -w -D -p 23456 -B 200000 -S 1 -z -I Linux-Host-1-eth0 -l /var/netflow/

nfsen

install needed packets

apt-get install apache2 libapache2-mod-php5 php5-common libmailtools-perl rrdtool librrds-perl

install nfsen source packets

cd /usr/src/
wget http://sourceforge.net/projects/nfsen/files/stable/nfsen-1.3.6p1/nfsen-1.3.6p1.tar.gz
tar zxvf nfsen-1.3.6p1.tar.gz
cd nfsen-1.3.6p1



perl -MCPAN -e 'install Socket6'

cp etc/nfsen-dist.conf /etc/nfsen.conf

change this

$HTMLDIR     = "/var/www/html/nfsen/";
$PREFIX      = '/usr/bin'
$USER        = "www-data";
$WWWUSER     = "www-data";
$WWWGROUP    = "www-data";
%sources     = (
   'huey'    => { 'port' => '23456', 'col' => '#0000ff', 'type' => 'netflow' },
);
$MAIL_FROM   = 'technik@xinux.de';
$SMTP_SERVER = 'baltar.tuxmen.de';

Links

Abgerufen von „http://wiki.ixheim.de/index.php?title=Nfsen-nfsdump-fprobe&oldid=5869