Installing nfsen & nfdump PortTracker plugin on ubuntu

-

 #
## Installing nfsen & nfdump PortTracker plugin on ubuntu
We need to get nfdump 1.6.23 or newer. The version of nfdump included
on Ubuntu 20.04/21.04/22.04 is nfsen-1.3.6p1 ,
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Lab Tasks
This section is prerequisite if you had already done while installing nfsen then may skip below section 1

>>>> Prerequisite:

https://youtu.be/4DkB0jQiTqw

https://ipcorenetworks.blogspot.com/2021/08/installing-nfsen-nfdump-on-ubuntu-and.html
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Section 1:
# cd cd /var/nfsen/
# wget https://github.com/phaag/nfdump/archive/v1.6.23.tar.gz
# tar xvzf nfdump-1.6.23.tar.gz
# cd nfdump-1.6.23/
# sh ./autogen.sh
./configure --enable-nsel --enable-nfprofile --enable-sflow --enable-readpcap --enable-nfpcapd --enable-nftrack
# make && make install
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~
* Make a directory for the nftrack data
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~
$ mkdir -p /var/log/netflow/porttracker
$ chown www-data /var/log/netflow/porttracker
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Set the nftrack data directory in the PortTracker.pm module:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

$ nano /var/nfsen/nfdump-1.6.23/extra/PortTracker.pm
Find the line:
my $PORTSDBDIR = "/data/ports-db";
and change it to:
my $PORTSDBDIR = "/var/log/netflow/porttracker";
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Install the plugins into the NFSen distribution
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

$ cp /var/nfsen/nfdump-1.6.23/extra/PortTracker.pm /var/nfsen/plugins/
$ cp /usr/local/src/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.php /var/www/nfsen/plugins/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Add the plugin definition to the nfsen.conf configuration
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

$ nano /var/nfsen/nfsen-1.3.6p1/etc/nfsen.conf
and
nano /var/nfsen/etc/nfsen.conf

Find the plugins section and make it look like this into both directries:
_______________________________________________
@plugins = (
[ 'live', 'PortTracker'],
);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Re-run the installation (answer questions)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cd /var/nfsen/nfsen-1.3.6p1
$ ./install.pl ./etc/nfsen.conf
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Initialize portracker database files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

$ sudo -u www-data nftrack -I -d /var/log/netflow/porttracker
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

(This can take a LONG time! - 8 GB worth of files will be created)
* Set the permissions so the netflow user running nfsen, and the www-data
user running the Web interface, can access the porttracker data:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

$ chown -R netflow:www-data /var/log/netflow/porttracker
$ chmod -R 775 /var/log/netflow/porttracker
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Reload:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$ /var/nfsen/bin/nfsen reload
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Check for success:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$ grep -i 'porttracker.*success' /var/log/syslog
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

* Wait some minutes, and go the the nfsen GUI
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~
http://ipaddress_of_the_server/nfsen/nfsen.php
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

... and select the Plugins tab.
If you get an error "Cannot Read Stats file", check the /var/log/netflow/porttracker \
directory for 2 additional files: portstat24.txt and portstat.txt like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

$ ls -l /var/log/netflow/porttracker/ports.stat

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make sure that nfsen can write in that directory.
## If you wanted to add more sources...
Go back to where you extracted your nfsen distribution.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$ cd /var/nfsen/bin
$ ./nfsen reconfig
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Now start and stop nfsen:

$ sudo service nfsen stop
$ sudo service nfsen start
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Comments

Post a Comment

Popular posts from this blog

Installing NFSEN & NFDUMP on Ubuntu and Next integrate with LibreNMS

-
  librenms@librenms:~$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:     Ubuntu 20.04.2 LTS Release:         20.04 Codename:        focal Project Link: http://nfsen.sourceforge.net/ http://nfdump.sourceforge.net/ https://github.com/phaag/nfdump https://www.first.org/resources/papers/conference2006/haag-peter-papers.pdf sudo add-apt-repository universe    FOR OLD ubuntu versions 16,18 Installation Use the sudo user sudo -i Update ubuntu: apt-get update apt autoremove   Create and navidate to a new folder: mkdir ~/nfsen && cd ~/nfsen   or   mkdir /var/nfsen && cd / var /nfsen   Download the required files: wget https://bit.ly/2NpMHqV      >>> NfSend wget https://github.com/phaag/nfdump/archive/v1.6.17.tar.gz     >>>NfDump Extract the files: tar zxfv 2NpMHqV tar xzfv v1.6.17.tar.gz Install Dependencies apt install make gcc flex rrdtool librrd-dev libpcap
Read more

IP Core Networks | Your Education, Your Choice

-
Image
    Our Youtube Channel Name : IP Core Networks  Channel link: https://www.youtube.com/channel/UCbkH41NcPM3od4Xkij0M7zw Email address:cciepearl@gmail.com WhatsApp:+92-345-7770727 Channel Description:  IP CORE NETWORKS is a Premium Cisco Consulting provider of Cisco Products, Solutions, Included MikroTik, MicroSoft Server,Firewalls Training, and Professional Services/Supports for small, medium, and large-sized businesses. We are a Cisco Premier Certified Partner founded by a Cisco CCIE architect and consultant with over 8 years of production experience in a wide range of network environments. Our Company consists of CCNA, CCNP, and CCIE consultants with real-world experience. AND our channel provides you all Cisco Training videos for CCNA, CCNP, CCIE,MikroTik and others Cisco Certifications as well as Networking-related troubleshooting videos. WhatsApp: +92-345-7770727 Elastic Systems Pvt Ltd.  http://www.elastic-home.com  
Read more

How to Install & Integrate Oxidized Into LibreNMS

-
  How to Install & Integrate Oxidized Into LibreNMS Project Links: https://docs.librenms.org/Extensions/Oxidized/ https://github.com/ytti/oxidized https://www.rubydoc.info/gems/oxidized/0.7.2 https://github.com/net-ssh/net-ssh Oxidized is a great tool for automating backups of device configs like ASA Firewalls, IOS routers, and all types of switches! I chose Oxidized because it very easy integrates into Librenms. The instructions for how to integrate oxidized into LibreNMS are below: sudo -i login as root user   to check Ubuntu OS version   lsb_release -a Must be Update your ubuntu/LibreNMS apt update && apt autoremove su - librenms git pull ./daily.sh ./validate.php     Installation : go to the working directory login as a root user Debian and Ubuntu On Ubuntu, begin by enabling the universe repository (required for libssh2-1-dev): add-apt-repository universe   I nstall the dependencies: apt-get install ruby ruby-dev
Read more