Scribd
Upload
399 views7 pages

Install Nfsen

This document provides instructions for installing NFSEN and NFDUMP on Ubuntu to monitor network flow data. It describes downloading required files, installing dependencies, compiling NFDUMP, configuring NFSEN, integrating it with Apache web server, and testing the setup. Key steps include creating directories, editing configuration files, starting services, and accessing the NFSEN web interface to view network flow statistics.

Uploaded by

wallacemariadeandrad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
399 views7 pages

Install Nfsen

This document provides instructions for installing NFSEN and NFDUMP on Ubuntu to monitor network flow data. It describes downloading required files, installing dependencies, compiling NFDUMP, configuring NFSEN, integrating it with Apache web server, and testing the setup. Key steps include creating directories, editing configuration files, starting services, and accessing the NFSEN web interface to view network flow statistics.

Uploaded by

wallacemariadeandrad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Installing NFSEN & NFDUMP on Ubuntu and Next integrate ... https://ipcorenetworks.blogspot.com/2021/08/installing-...

IP Core Networks

Installing NFSEN & NFDUMP on Ubuntu and Next integrate with LibreNMS
- August 23, 2021

librenms@librenms:~$ lsb_release -a

No LSB modules are available.

Distributor ID: Ubuntu

Description: Ubuntu 20.04.2 LTS

Release: 20.04

Codename: focal

Project Link:

http://nfsen.sourceforge.net/

http://nfdump.sourceforge.net/

https://github.com/phaag/nfdump

https://www.�rst.org/resources/papers/conference2006/haag-peter-papers.pdf

sudo add-apt-repository universe FOR OLD ubuntu versions 16,18

Installation
Use the sudo user

sudo -i

Update ubuntu:
apt-get update

apt autoremove

Create and navidate to a new folder:


mkdir ~/nfsen && cd ~/nfsen

or

mkdir /var/nfsen && cd /var/nfsen

Download the required �les:


wget https://bit.ly/2NpMHqV >>> NfSend

wget https://github.com/phaag/nfdump/archive/v1.6.17.tar.gz >>>NfDump

Extract the �les:

tar zxfv 2NpMHqV

tar xzfv v1.6.17.tar.gz

1 of 7 05/04/2023, 18:58
Installing NFSEN & NFDUMP on Ubuntu and Next integrate ... https://ipcorenetworks.blogspot.com/2021/08/installing-...

Install Dependencies

apt install make gcc flex rrdtool librrd-dev libpcap-dev php librrds-perl libsocket6-perl
apache2 libapache2-mod-php libtool dh-autoreconf pkg-config libbz2-dev byacc doxygen
graphviz librrdp-perl libmailtools-perl build-essential autoconf

you may use only >>> this is Important

apt-get install apache2 php libapache2-mod-php librrds-perl librrdp-perl librrd-dev libmailtools-


perl build-essential autoconf rrdtool

Make sure the right version of PHP is being used:


a2enmod php7.4

Fix problem with displaying icons in nfsen:


Nano /etc/apache2/mods-enabled/alias.conf

and comment out line: 'Alias /icons/ "/usr/share/apache2/icons/"

In the php.ini �le, be sure to specify the correct time zone, for example:
nano /etc/php/7.4/apache2/php.ini

date.timezone = Asia/karachi

Prepare nfdump for compilation:


cd nfdump-1.6.17/

sh ./autogen.sh

./configure --enable-nsel --enable-nfprofile --enable-sflow --enable-readpcap --enable-


nfpcapd --enable-nftrack --enable-jnat

Compile and install nfdump


make && make install

(it may be necessary to run /sbin/ldcon�g or ldcon�g as root after the installation)

Install nfsen dependencies:


cpan App::cpanminus

cpanm Mail::Header

cpanm Mail::Internet

Check the nfdump version:


nfdump -v

Con�gure nfsen:
cd ../nfsen-1.3.6p1 or cd /nfsen-1.3.6p1/etc/

cp nfsen-dist.conf nfsen.conf

nano ./etc/nfsen.conf

you may changed the following (apach2 and nginx work by default from the www-data user):

2 of 7 05/04/2023, 18:58
Installing NFSEN & NFDUMP on Ubuntu and Next integrate ... https://ipcorenetworks.blogspot.com/2021/08/installing-...

>
# user and group of the web server process
# All net�ow processing will be done with this user

$BASEDIR = "/var/nfsen";

$PREFIX = '/usr/local/bin';

$USER = "netflow";

$WWWUSER = "www-data";
$WWWGROUP = "www-data";

# number of nfpro�le processes to spawn during the pro�ling phase


# depends on how busy your system is and how many CPUs you have
# on very busy systems increase it to a higher value
#$PROFILERS = 2;

Add user used by nfsen:


useradd -M -s /bin/false -G www-data netflow

Create nfsen base directory:


mkdir – p /var/nfsen

Install nfsen:
./install.pl ./etc/nfsen.conf

If there is a version mismatch change this:


nano libexec/NfSenRRD.pm

Change from 1.5 t0 1.8

Point default Apache site to nfsen.php �le:


nano /etc/apache2/sites-enabled/000-default.conf

DocumentRoot /var/www/nfsen

DirectoryIndex nfsen.php

ServerAdmin webmaster@localhost

ServerName 192.168.88.163

DocumentRoot /var/www/nfsen
DirectoryIndex nfsen.php)

change apache port 80 to any_port_number

nano /etc/apache2/apache2.conf

systemctl enable apache2

systemctl start apache2

Start nfsen service:


/var/nfsen/bin/nfsen start

3 of 7 05/04/2023, 18:58
Installing NFSEN & NFDUMP on Ubuntu and Next integrate ... https://ipcorenetworks.blogspot.com/2021/08/installing-...

Restart Apache:
systemctl apache2 restart

If you need to run nfsen on port 2055/udp, and it was taken by default by nfdump (by the nfcapd process), then stop it
before running nfsen:

systemctl is-enabled nfdump

systemctl stop nfdump

netstat -anpl | grep 2055

kill -9 PID_NUMBER

netstat -anpl | grep nfcapd

Testing >>> on Mikrotik


nano /var/nfsen/etc/nfsen.conf
%sources = (
' MikroTik_CCIE ' => { 'port' => '2055', 'col' => '#00ff00', 'type' => 'net�ow' },
# 'upstream1' => { 'port' => '9995', 'col' => '#0000ff', 'type' => 'net�ow' },
# 'peer1' => { 'port' => '9996', 'IP' => '192.168.88.1' },
# 'peer2' => { 'port' => '9996', 'IP' => '0.0.0.0' },
);

#OR

%sources = (
'source1' => { 'port' => '9995', 'col' => '#0000ff', 'type' => 'net�ow' },
'source2' => { 'port' => '9996', 'col' => '#cc3333', 'type' => 'net�ow' },
'source3' => { 'port' => '9997', 'col' => '#99ff33', 'type' => 'net�ow' },
);

# OR

%sources = (
'ccr1016' => { 'port' => '9995', 'IP' => 'x.x.x.x', 'col' => '#0000ff', 'type' => 'net�ow' },
'ap�oor1' => { 'port' => '9995', 'IP' => 'x.x.x.x', 'col' => '#8B0000' },
'ap�oor2' => { 'port' => '9995', 'IP' => 'x.x.x.x', 'col' => '#DC143C'},
'ap�oor3' => { 'port' => '9995', 'IP' => 'x.x.x.x', 'col' => '#FF7F50'},
);

/etc/init.d/nfsen recon�g

Or

cd /var/nfsen/bin

./nfsen reconfig

./nfsen start

sudo /etc/init.d/nfsen reconfig

To make nfsen reboot proof:

4 of 7 05/04/2023, 18:58
Installing NFSEN & NFDUMP on Ubuntu and Next integrate ... https://ipcorenetworks.blogspot.com/2021/08/installing-...

ln -s /var/nfsen/bin/nfsen /etc/init.d/nfsen

update-rc.d nfsen defaults 20

It remains to con�gure the web server or just create a symbolic link in the www directory (after that you can open nfsen
in a browser, for example http://192.168.88.157/nfsen/nfsen.php):

ln -s /var/nfsen/www/ /var/www/html/nfsen

ln -s /var/www/nfsen/ /var/www/html/nfsen

Make sure that nfsen starts when the operating system starts:
systemctl enable nfsen

systemctl start nfsen

systemctl status nfsen

Browse to:

http://yourip:portnumber

Auto start at boot


• Create /etc/systemd/system/nfsen.service:

[Unit]
Description=NfSen Service
After=network.target

[Service]
Type=forking
PIDFile=/var/nfsen/var/run/nfsend.pid
ExecStart=/var/nfsen/bin/nfsen start
ExecStop=/var/nfsen/bin/nfsen stop
Restart=on-abort

[Install]
WantedBy=multi-user.target

Troubleshooting commands:
sudo netstat -tulpn

ls -l /var/nfsen/pro�les-stat/live

timedatectl set-timezone Asia/karachi

chmod -R 777 /var/nfsen/var/run/nfsen.comm

chown -R www-data:www-data /var/nfsen

chown -R net�ow:www-data /var/nfsen/pro�les-data/live/

tcpdump port 2055 -e -n

ps auxwww | grep nfcapd

UP-Next Video

How to Install Nfsen & Nfdump porttracker plugin on ubuntu

https://ipcorenetworks.blogspot.com/2022/02/installing-nfsen-nfdump-porttracker.html

5 of 7 05/04/2023, 18:58
Installing NFSEN & NFDUMP on Ubuntu and Next integrate ... https://ipcorenetworks.blogspot.com/2021/08/installing-...

_________________
Cacti Free Networking Monitoring Tool:
Cacti Tutorial PlayList:https://www.youtube.com/playlist?list=PL2iPlJTsTrSRcLWPSRi--dF7rN4RyUzWb
__________________________________
LibreNMS Free Networking Monitoring Tool:
LibreNMS Tutorials: https://www.youtube.com/playlist?list=PL2iPlJTsTrSRdSVlok674Bkou0zkrPbgb
__________________________________
CCNP ENCOR (350-401):
https://www.youtube.com/playlist?list=PL2iPlJTsTrSTpfE-r7M-NsHON3AcyFNSk
__________________________________
CCNP Enterprise Free Training:
https://www.youtube.com/playlist?list=PL2iPlJTsTrSTWw5DSSXG-kvbVmpAec06J
__________________________________
CCNP ENARSI (300-410):
https://www.youtube.com/playlist?list=PL2iPlJTsTrSQx_kwwr0ERU_Cmj_gsJ5Le

Unknown December 28, 2021 at 2:55 AM

cpan App::cpanminus

cpan*m* Mail::Header

cpan*m* Mail::Internet

REPLY

Sousa Varela January 27, 2022 at 2:14 PM

Hi,
Many thanks for share!
What about nginx webserver setup?

REPLY

6 of 7 05/04/2023, 18:58
Installing NFSEN & NFDUMP on Ubuntu and Next integrate ... https://ipcorenetworks.blogspot.com/2021/08/installing-...

mariachiguadalajara April 20, 2022 at 8:58 AM

root@�ujos7200:/var/nfsen/nfsen-1.3.6p1# /var/nfsen/bin/nfsen start


Subroutine Lookup::pack_sockaddr_in6 rede�ned at /usr/share/perl/5.30/Exporter.pm line 66.
at /var/nfsen/libexec/Lookup.pm line 43.
Subroutine Lookup::unpack_sockaddr_in6 rede�ned at /usr/share/perl/5.30/Exporter.pm line 66.
at /var/nfsen/libexec/Lookup.pm line 43.
Subroutine Lookup::sockaddr_in6 rede�ned at /usr/share/perl/5.30/Exporter.pm line 66.
at /var/nfsen/libexec/Lookup.pm line 43.
Subroutine AbuseWhois::pack_sockaddr_in6 rede�ned at /usr/share/perl/5.30/Exporter.pm line 66.
at /var/nfsen/libexec/AbuseWhois.pm line 42.
Subroutine AbuseWhois::unpack_sockaddr_in6 rede�ned at /usr/share/perl/5.30/Exporter.pm line 66.
at /var/nfsen/libexec/AbuseWhois.pm line 42.
Subroutine AbuseWhois::sockaddr_in6 rede�ned at /usr/share/perl/5.30/Exporter.pm line 66.
at /var/nfsen/libexec/AbuseWhois.pm line 42.
Subroutine AbuseWhois::pack_sockaddr_in6 rede�ned at /var/nfsen/libexec/AbuseWhois.pm line 44.
Subroutine AbuseWhois::unpack_sockaddr_in6 rede�ned at /var/nfsen/libexec/AbuseWhois.pm line 44.
Subroutine AbuseWhois::sockaddr_in6 rede�ned at /var/nfsen/libexec/AbuseWhois.pm line 44.
Starting nfcapd:(7200cantv)[11908] (7200vnet)[11911]
Starting nfsendSubroutine Lookup::pack_sockaddr_in6 rede�ned at /usr/share/perl/5.30/Exporter.pm line
66.
at /var/nfsen/libexec/Lookup.pm line 43.
Subroutine Lookup::unpack_sockaddr_in6 rede�ned at /usr/share/perl/5.30/Exporter.pm line 66.
at /var/nfsen/libexec/Lookup.pm line 43.
Subroutine Lookup::sockaddr_in6 rede�ned at /usr/share/perl/5.30/Exporter.pm line 66.
at /var/nfsen/libexec/Lookup.pm line 43.
Subroutine AbuseWhois::pack_sockaddr_in6 rede�ned at /usr/share/perl/5.30/Exporter.pm line 66.
at /var/nfsen/libexec/AbuseWhois.pm line 42.
Subroutine AbuseWhois::unpack_sockaddr_in6 rede�ned at /usr/share/perl/5.30/Exporter.pm line 66.
at /var/nfsen/libexec/AbuseWhois.pm line 42.
Subroutine AbuseWhois::sockaddr_in6 rede�ned at /usr/share/perl/5.30/Exporter.pm line 66.
at /var/nfsen/libexec/AbuseWhois.pm line 42.
Subroutine AbuseWhois::pack_sockaddr_in6 rede�ned at /var/nfsen/libexec/AbuseWhois.pm line 44.
Subroutine AbuseWhois::unpack_sockaddr_in6 rede�ned at /var/nfsen/libexec/AbuseWhois.pm line 44.
Subroutine AbuseWhois::sockaddr_in6 rede�ned at /var/nfsen/libexec/AbuseWhois.pm line 44.

REPLY

Powered by Blogger

Theme images by Michael Elkan

Popular posts from this blog

How to Install Cacti Network Monitoring Tool On CentOS


- July 11, 2021

How
IP CORE to Install Cacti Network Monitoring Tool on CentOS 7 /RHEL Prerequisites Setup EPEL Repository Repositories For
NETWORKS
more extended package list, we �rst install the REMI, OpenNMS, and EPEL repositories: Setup EPEL repository only
CentOS 7is/aRHEL
IP CORE NETWORKS 7. yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm yum install
Premium …
Cisco Consulting provider of Cisco
Products, Solutions, Training, and READ MORE
Professional Services for small,
medium, and large-sized businesses.
IP Core Networks | Your Education, Your Choice
We are a Cisco Premier Certi�ed Partner
- May 19, 2021
founded by a Cisco CCIE architect and
consultant with over 6 years of …
Our Youtube Channel Name : IP Core Networks Channel link: https://www.youtube.com/channel
VISIT PROFILE /UCbkH41NcPM3od4Xkij0M7zw Email address:[email protected] WhatsApp:+92-345-7770727
Channel Description: IP CORE NETWORKS is a Premium Cisco Consulting provider of Cisco Products, …

Archive READ MORE

Report Abuse

7 of 7 05/04/2023, 18:58

You might also like