标签:
最近做流量分析,用了下nfsen,在安装的过程中遇到些问题,记录下来.
首先最典型的问题是,安装完成后,nfsen无法启动,提示:
Starting nfcapd:(route)open() error existing pid file: Permission denied
而同样的安装步骤,在另一台服务器上是正常的.折腾了一段时间并未找到原因(不会perl -.-),最后是通过把nfsen安装在apache的用户目录下解决.
yum install -y httpd php wget gcc make rrdtool-devel rrdtool-perl perl-MailTools perl-Socket6 flex byacc perl php-mysqlmkdir /root/soft/
cd /root/soft/
wget http://downloads.sourceforge.net/project/nfdump/stable/nfdump-1.6.11/nfdump-1.6.11.tar.gz
tar -zxvf nfdump-1.6.11.tar.gz
cd nfdump-1.6.11
./configure --enable-nfprofile --enable-nftrack --enable-sflow --with-rrdpath=/usr/bin/
make
make install
mkdir /var/www/netflow
chown apache:apache /var/www/netflow
cd /root/soft/
wget http://iweb.dl.sourceforge.net/project/nfsen/stable/nfsen-1.3.6p1/nfsen-1.3.6p1.tar.gz
tar zxvf nfsen-1.3.6p1.tar.gz
cd nfsen-1.3.6p1/
cp etc/nfsen-dist.conf etc/nfsen.conf
将etc/nfsen.conf中对应的值设置为如下值
$BASEDIR = "/var/www/netflow";
$USER = "apache";
$WWWUSER = "apache";
$WWWGROUP = "apache";
%sources = (
upstream1‘ => { ‘port‘ => ‘9995‘, ‘col‘ => ‘#0000ff‘, ‘type‘ => ‘netflow‘ },
);开始安装:
./install.pl etc/nfsen.conf
启动nfsen:
/var/www/netflow/bin/nfsen start
配置下apche
vi /etc/httpd/conf/httpd.conf
<VirtualHost *:80>
ServerAdmin admin@example.com
DocumentRoot /var/www/nfsen/
ServerName dummy-host.example.com
</VirtualHost>启动apache,并访问http://ip/nfsen.php
把nfsen添加到/etc/init.d/
touch /etc/init.d/nfsen
chmod +x /etc/init.d/nfsen
vim /etc/init.d/nfsen
添加如下内容
#!/bin/bash
#
# chkconfig: - 50 50
# description: nfsen
DAEMON=/var/www/netflow/bin/nfsen
case "$1" in
start)
$DAEMON start
;;
stop)
$DAEMON stop
;;
status)
$DAEMON status
;;
restart)
$DAEMON stop
sleep 1
$DAEMON start
;;
*)
echo "Usage: $0 {start|stop|status|restart}"
exit 1
;;
esac
exit 0
cd /root/soft
wget http://sourceforge.net/projects/nfsight/files/nfsight-beta-20130323.tgz/download
tar zxvf download
cd nfsight-beta-20130323/
cp backend/nfsight.pm /var/www/netflow/plugins/
mkdir /var/www/netflow/plugins/nfsight
chown -R apache:apache /var/www/netflow/plugins/nfsight
mkdir /var/www/nfsen/nfsight
cp -r frontend/ /var/www/nfsen/nfsight/
chown -R apache:apache /var/www/nfsen/nfsight如果没有安装mysql,先安装
yum install mysql-server
service mysqld start
chkconfig mysqld on
设置下mysql的root密码为root
mysqladmin -uroot -p password ‘root’
这里默认密码是空,回车即可
新建Mysql数据库Nfsight:
mysql -u root -proot -e “create database nfsight;”
打开浏览器,访问如下地址,开始安装
http://ip/nfsight/installer.php
Back-end settings设置页中Path to data files设置为如下:
/var/www/netflow/plugins/nfsight
将最后一步的配置文件添加到/var/www/netflow/etc/nfsen.conf对应的选项下.
@plugins = (
[ ‘*‘, ‘nfsight‘ ],
);
%PluginConf = (
nfsight => {
path => "/data/nfsen/plugins/nfsight",
expiration => "180",
network => {
"10.2.1.0" => "24",
"10.1.200.0" => "24",
},
scanner_limit => "5",
print_int_scanner => "1",
print_ext_scanner => "1",
print_int_client => "1",
print_ext_client => "1",
print_int_server => "1",
print_ext_server => "1",
print_int_invalid => "1",
print_ext_invalid => "1",
sql_host => "localhost",
sql_port => "3306",
sql_user => "nfsight",
sql_pass => "nfsight",
sql_db => "nfsight",
},
);安装完成后,重启服务
/var/www/netflow/bin/nfsen stop
/var/www/netflow/bin/nfsen start
添加计划任务
cronta -e
05 * * * * wget –no-check-certificate -q -O - http://management:aggregate@127.0.0.1/nfsight/aggregate.php
cd /root/soft/nfsen-1.3.6p1/contrib/PortTracker
cp PortTracker.pm /var/www/netflow/plugins/
cp PortTracker.php /var/www/nfsen/plugins/
创建PortTracker数据存放目录
目录路径可以在PortTracker.pm配置文件中的PORTSDBDIR参数配置
vim /var/www/netflow/plugins/PortTracker.pm
修改PORTSDBDIR参数为/var/www/netflow/ports-db/
mkdir /var/www/netflow/ports-db/
chown -R apache:apache /var/www/netflow/ports-db/
chmod 775 /var/www/netflow/ports-db/
修改Nfsen配置文件添加插件信息:
vim /var/www/netflow/etc/nfsen.conf
@plugins = (
# profile # module
# [ ‘*’, ‘demoplugin’ ],
[ ‘*’, ‘nfsight’ ],
[ ‘live’, ‘PortTracker’ ],
);
生成PortTracker数据:
nftrack -I -d /var/www/netflow/ports-db/
//如果是虚拟机出现无法连接,系统垮掉的现象时,使用如下命令生成
sudo -u apache /usr/local/bin/nftrack -I -d /data/nfsen/ports-db/
重新加载Nfsen:
/var/www/netflow/bin/nfsen reload
等5分钟左右访问Nfsen界面选择Plugins即可看到相应信息
fprobe用于把流量导给nfsen
yum install libpcap-devel
cd /root/soft
wget http://jaist.dl.sourceforge.net/project/fprobe/fprobe/1.1/fprobe-1.1.tar.bz2
tar jxvf fprobe-1.1.tar.bz2
cd fprobe-1.1
./configure
make
make install安装完成后,使用如下命令将eth0的流量导入到192.168.1.121
fprobe -i eth0 192.168.1.121:9996
用hoststats,可以根据时间来显示流量状况.
cd /root/soft
wget http://jaist.dl.sourceforge.net/project/hoststats/hoststats-1.1.5.tar.gz
tar zxvf hoststats-1.1.5.tar.gz
cd hoststats-1.1.5
./install-libnfdump.sh
mkdir /var/www/hoststats
./configure
make
make install
这个时候会提示要确认安装路径,输入/var/www/hoststats
chown apache:apache -R /var/www/hoststats
启动
/var/www/hoststats/hoststats start
添加到/etc/rc.local,开机启动
echo ‘/var/www/hoststats/hoststats start‘ >> /etc/rc.local以上步骤完成后,稍等几分钟,即可在plugins菜单上看到界面.
SURFmap可以通过google map来展示ip连接情况
yum install php-gd php-pdo sqlite php-mbstring
service httpd restart
cd /root/software
wget http://sourceforge.net/projects/surfmap/files/install.sh
chmod +x install.sh
./install.sh程序默认用http://maps.google.com/maps,不翻墙的话打不开,所以改成http://www.google.cn/maps/
cd /var/www/nfsen/plugins/SURFmap
sed -i ‘s/maps.google.com/www.google.cn/g‘ `grep ‘maps.google.com‘ -rl ./`重启nfsen,稍等几分钟,再看界面.
/var/www/netflow/bin/nfsen reload
http://www.haiyun.me/archives/netflow-nfsight-nfsen.html
http://sourceforge.net/p/nfsight/wiki/Installation/
http://steronius.blogspot.kr/2013/05/install-nfsight-plugin-for-nfsen-on.html
http://blog.hackroad.com/operations-engineer/linux_server/3327.html
http://www.shunze.info/forum/thread.php?threadid=1953&boardid=3&sid=aadc298e695d7f799db0b872563884b3&sid=aadc298e695d7f799db0b872563884b3
标签:
原文地址:http://blog.csdn.net/u012375924/article/details/51362162
