• ComputerKing HTPC

    ComputerKing HTPC

  • Acer Veriton

    Acer Veriton

  • Solar Systems

    Solar Systems

NFSen on Ubuntu 14.04 KVM with plugins

Create a KVM

This is easy using proxmox still a bit difficult using SmartOS until i figure out how to deal with SmartOS images anyways i have included my json file for SmartOS below. Also make sure you have at least a 10G

Create KVM on SmartOS

Create a permanent json file for nfsen-1 host

cp /opt/json/templates/kvm-1.json /opt/json/nfsen-1.json

edit json file to your spec

vi nfsen-1.json

{
"hostname": "nfsen-1",
"alias": "nfsen-1.computerking.ca",
"vnc_port": "40004",
"ram": "1024",
"vcpus": "1",
"domainname": "computerking.ca",
"brand": "kvm",
"resolvers": [
"172.16.0.3",
"8.8.8.8",
"8.8.4.4"
],
"disks": [
{
"size": 10240,
"model": "virtio",
"boot": true
}
],
"nics": [
{
"ip": "172.16.0.4",
"model": "virtio",
"nic_tag": "switch0",
"netmask": "255.255.255.0",
"gateway": "172.16.0.1"
}
]
}

vmadm create -f /opt/json/ubuntu-12.04-64-2.json
vmadm stop -F c0edd651-feeb-45a2-bb0d-ea79d1b3a6fc
cp /opt/softwars/isos/ubuntu-14.04.1-server-amd64.iso /zones/c0edd651-feeb-45a2-bb0d-ea79d1b3a6fc/root/boot.iso
vmadm boot c0edd651-feeb-45a2-bb0d-ea79d1b3a6fc order=cd,once=d cdrom=/boot.iso,ide

Create KVM on Pro

vnc into newly created machineand do install about the only notable thing i change from the defaults is not using lvm adding ssh server for obvious reasons and maybe an extra 10G disk or partition for porttracker.

Do the first system updates reboot if kernel update happened and then install some required dependencies the first group for making nfdump with portracker compiled in, the next for nfsen itself, and lastly for the web frontend.

apt-get update
apt-get dist-upgrade
reboot
apt-get install build-essential flex librrd-dev libtool autoconf bison
<<< test this might not be complete see above apt-get install gcc flex librrd-dev make>>>
apt-get install rrdtool libmailtools-perl librrds-perl libio-socket-ssl-perl
apt-get install apache2 libapache2-mod-php5 php5-common

Softflowd be install locally mostly for testing purposes only to see if nfsen is working properly before pointing our other sensors and/or probes at it

apt-get install softflowd

Lets start installing nfdump and nfsen

cd /usr/local/src/
wget http://downloads.sourceforge.net/project/nfdump/stable/nfdump-1.6.12/nfdump-1.6.12.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fnfdump%2F&ts=1411847324&use_mirror=superb-dca3
 mv nfdump-1.6.12.tar.gz\?r\=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fnfdump%2F nfdump-1.6.12.tar.gz
 tar -xzvf nfdump-1.6.12.tar.gz
 cd nfdump-1.6.12/
 ./configure --enable-nfprofile --enable-nftrack --enable-sflow
 make
 make install
 cd ..
wget http://downloads.sourceforge.net/project/nfsen/stable/nfsen-1.3.6p1/nfsen-1.3.6p1.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fnfsen%2F&ts=1411846853&use_mirror=tcpdiag
 mv nfsen-1.3.6p1.tar.gz\?r\=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fnfsen%2F nfsen-1.3.6p1.tar.gz
 tar -xzvf nfsen-1.3.6p1.tar.gz
 cd nfsen-1.3.6p1/

Setup Nfsen, copy and edit the config file etc

cp /usr/local/src/nfsen-1.3.6p1/etc/nfsen-dist.conf /etc/nfsen.conf

$USER = "www-data";
$WWWUSER = "www-data";
$WWWGROUP = "www-data";
$BUFFLEN = 2000;
%sources = (
'local1' => { 'port' => '9995', 'col' => '#0000ff', 'type' => 'netflow' },
);
$MAIL_FROM     = 'nfsen@yourdomain.ext';

mkdir -p /data/nfsen
cd /usr/local/src/nfsen-1.3.6p1
install.pl /etc/nfsen.conf

getting this error still trying to track it down
Can not get semaphore: at libexec/Nfsync.pm line 48.

Fix some perms for apache, setup and start nfsen

???chown -R www-data:www-data /data/nfsen???
chown -R www-data:www-data /var/www/nfsen
ln -s /var/www/nfsen/nfsen.php /var/www/nfsen/index.php
ln -s /data/nfsen/bin/nfsen /etc/init.d/nfsen
update-rc.d nfsen defaults 20
/etc/init.d/nfsen start

Add this to apache

cp -rp /etc/apache2/sites-enabled/000-default.conf /etc/apache2/sites-enabled/nfsen

ServerAdmin ryan@computerking.ca
DocumentRoot /var/www/nfsen
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory "/var/www/nfsen">
Options FollowSymLinks
AllowOverride None
AuthType Basic
AuthName "NFSEN Reserved Area"
AuthUserFile /etc/apache2/nfsen_passwd
Require valid-user
</Directory>

Making apache listen on https


apt-get install apache2-utils
htpasswd -c /etc/apache2/nfsen_passwd Username
/etc/init.d/apache2 restart

Fix the frontend backend missmatch bug by changing line 45 if the nfsen.php file to the line below

vi /var/www/nfsen/nfsen.php

if ( !array_key_exists(‘backend_version’, $_SESSION ) && $_SESSION['backend_version'] != $expected_version ) {

Go to the link below to access your new site

http://yourdomain.com:someforwardedport or even better https://yourdomain.com:someforwardedport

 

Some other things

vi /etc/nfsen.conf
cd /usr/local/src/nfsen-1.3.6p1
./install.pl /etc/nfsen.conf
/etc/init.d/nfsen stop
/etc/init.d/nfsen reconfig
/etc/init.d/nfsen start

If adding a new source i get error and have to remove source then let reconfig add it

rm -r /data/nfsen/profiles-data/live/localhost/
/etc/init.d/nfsen reconfig
/etc/init.d/nfsen start

Some nfdump commands

nfdump -R /data/nfsen/profiles-data/live/router-1/ -s port/bytes
nfdump -R /data/nfsen/profiles-data/live/router-1/ -s srcip/bytes -n 10
nfdump -R /data/nfsen/profiles-data/live/router-1/ -s srcip/bytes 'dst net externalnetwork/24'
nfdump -R /data/nfsen/profiles-data/live/router-1/ -s srcip/bytes 'src net externalnetwork/24'
nfdump -M /data/nfsen/profiles-data/live/ckr1 -T -R 2014/10/08/nfcapd.201410080400:2014/10/08/nfcapd.201410081045 -o extended -s srcip -s ip/flows -s dstport/pps/packets/bytes -s record/bytes


Setup the PortTracker Plugin

Make sure u have a disk with at least 10G free space then follow the below

mkdir /data/ports-db
chown www-data:www-data /data/ports-db/
sudo -u www-data nftrack -I -d /data/ports-db
cp /usr/local/src/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.pm /data/nfsen/plugins/
cp /usr/local/src/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.php /var/www/nfsen/plugins/

Add the plugin to nfsen by adding the following line to nfsen

vi /etc/nfsen.conf

@plugins = ( [ ‘live’, ‘PortTracker’], );

reinstall/reconfigure/restart nfsen

cd /usr/local/src/nfsen-1.6.1p1
./install.pl /etc/nfsen.conf
/etc/init.d/nfsen stop
/etc/init.d/nfsen reconfig
 /etc/init.d/nfsen start

Leave a reply

replica hublot watches rolex replica watches