Nfdump是linux下netflow數據採集分析工具,Nfsen是基於nfdump是web界面工具,服務器需先安裝web服務器和php環境。
安裝rrdtool及所需組件:
yum -y install perl-rrdtool rrdtool rrdtool-devel rrdutils flex byacc gcc
安裝所需perl模塊:
yum -y install perl-Socket6 perl-MailTools perl-Mail-Sender
yum -y install php php-mysql php-gd* php-xml*
安裝Nfdump工具:
wget http://downloads.sourceforge.net/project/nfdump/stable/nfdump-1.6.6/nfdump-1.6.6.tar.gz
tar zxvf nfdump-1.6.6.tar.gz
cd nfdump-1.6.6/
./configure --enable-nfprofile --with-rrdpath=/usr/bin
make && make install
cd ../
下載配置Nfsen:
mkdir -p /usr/local/nfsen
wget http://downloads.sourceforge.net/project/nfsen/stable/nfsen-1.3.6p1/nfsen-1.3.6p1.tar.gz
tar zxvf nfsen-1.3.6p1.tar.gz
cd nfsen-1.3.6p1/
cp etc/nfsen-dist.conf etc/nfsen.conf
修改Nfsen配置文件:
cat etc/nfsen.conf
#http://www.haiyun.me
$BASEDIR = "/usr/local/nfsen";
$HTMLDIR = "/var/www/html/nfsen/";
$USER = "apache";
$WWWUSER = "apache";
$WWWGROUP = "apache";
%sources = (
'upstream1' => { 'port' => '9995', 'col' => '#0000ff', 'type' => 'netflow' },
);
安裝Nfsen:
./install.pl etc/nfsen.conf
啓動Nfsen:
/usr/local/nfsen/bin/nfsen start
配置路由或交換機將netflow數據發送到nfsen配置的端口,然後訪問http://ip/nfsen/nfsen.php即可通過Nfsen瀏覽netflow數據。
