NFSen on Ubuntu 14.04 KVM with plugins

Create a KVM

This is easy using proxmox still a bit difficult using SmartOS until i figure out how to deal with SmartOS images anyways i have included my json file for SmartOS below. Also make sure you have at least a 10G

Create KVM on SmartOS

Create a permanent json file for nfsen-1 host

cp /opt/json/templates/kvm-1.json /opt/json/nfsen-1.json

edit json file to your spec

vi nfsen-1.json

{
"hostname": "nfsen-1",
"alias": "nfsen-1.computerking.ca",
"vnc_port": "40004",
"ram": "1024",
"vcpus": "1",
"domainname": "computerking.ca",
"brand": "kvm",
"resolvers": [
"172.16.0.3",
"8.8.8.8",
"8.8.4.4"
],
"disks": [
{
"size": 10240,
"model": "virtio",
"boot": true
}
],
"nics": [
{
"ip": "172.16.0.4",
"model": "virtio",
"nic_tag": "switch0",
"netmask": "255.255.255.0",
"gateway": "172.16.0.1"
}
]
}

vmadm create -f /opt/json/ubuntu-12.04-64-2.json
vmadm stop -F c0edd651-feeb-45a2-bb0d-ea79d1b3a6fc
cp /opt/softwars/isos/ubuntu-14.04.1-server-amd64.iso /zones/c0edd651-feeb-45a2-bb0d-ea79d1b3a6fc/root/boot.iso
vmadm boot c0edd651-feeb-45a2-bb0d-ea79d1b3a6fc order=cd,once=d cdrom=/boot.iso,ide

Create KVM on Pro

vnc into newly created machineand do install about the only notable thing i change from the defaults is not using lvm adding ssh server for obvious reasons and maybe an extra 10G disk or partition for porttracker.

Do the first system updates reboot if kernel update happened and then install some required dependencies the first group for making nfdump with portracker compiled in, the next for nfsen itself, and lastly for the web frontend.

apt-get update
apt-get dist-upgrade
reboot
apt-get install build-essential flex librrd-dev libtool autoconf bison
<<< test this might not be complete see above apt-get install gcc flex librrd-dev make>>>
apt-get install rrdtool libmailtools-perl librrds-perl libio-socket-ssl-perl
apt-get install apache2 libapache2-mod-php5 php5-common

Softflowd be install locally mostly for testing purposes only to see if nfsen is working properly before pointing our other sensors and/or probes at it

apt-get install softflowd

Lets start installing nfdump and nfsen

cd /usr/local/src/
wget http://downloads.sourceforge.net/project/nfdump/stable/nfdump-1.6.12/nfdump-1.6.12.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fnfdump%2F&ts=1411847324&use_mirror=superb-dca3
 mv nfdump-1.6.12.tar.gz\?r\=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fnfdump%2F nfdump-1.6.12.tar.gz
 tar -xzvf nfdump-1.6.12.tar.gz
 cd nfdump-1.6.12/
 ./configure --enable-nfprofile --enable-nftrack --enable-sflow
 make
 make install
 cd ..
wget http://downloads.sourceforge.net/project/nfsen/stable/nfsen-1.3.6p1/nfsen-1.3.6p1.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fnfsen%2F&ts=1411846853&use_mirror=tcpdiag
 mv nfsen-1.3.6p1.tar.gz\?r\=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fnfsen%2F nfsen-1.3.6p1.tar.gz
 tar -xzvf nfsen-1.3.6p1.tar.gz
 cd nfsen-1.3.6p1/

Setup Nfsen, copy and edit the config file etc

cp /usr/local/src/nfsen-1.3.6p1/etc/nfsen-dist.conf /etc/nfsen.conf

$USER = "www-data";
$WWWUSER = "www-data";
$WWWGROUP = "www-data";
$BUFFLEN = 2000;
%sources = (
'local1' => { 'port' => '9995', 'col' => '#0000ff', 'type' => 'netflow' },
);
$MAIL_FROM     = 'nfsen@yourdomain.ext';

mkdir -p /data/nfsen
cd /usr/local/src/nfsen-1.3.6p1
install.pl /etc/nfsen.conf

getting this error still trying to track it down
Can not get semaphore: at libexec/Nfsync.pm line 48.

Fix some perms for apache, setup and start nfsen

???chown -R www-data:www-data /data/nfsen???
chown -R www-data:www-data /var/www/nfsen
ln -s /var/www/nfsen/nfsen.php /var/www/nfsen/index.php
ln -s /data/nfsen/bin/nfsen /etc/init.d/nfsen
update-rc.d nfsen defaults 20
/etc/init.d/nfsen start

Add this to apache

cp -rp /etc/apache2/sites-enabled/000-default.conf /etc/apache2/sites-enabled/nfsen

ServerAdmin ryan@computerking.ca
DocumentRoot /var/www/nfsen
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory "/var/www/nfsen">
Options FollowSymLinks
AllowOverride None
AuthType Basic
AuthName "NFSEN Reserved Area"
AuthUserFile /etc/apache2/nfsen_passwd
Require valid-user
</Directory>

Making apache listen on https



apt-get install apache2-utils
htpasswd -c /etc/apache2/nfsen_passwd Username
/etc/init.d/apache2 restart


Fix the frontend backend missmatch bug by changing line 45 if the nfsen.php file to the line below


vi /var/www/nfsen/nfsen.php


if ( !array_key_exists(‘backend_version’, $_SESSION ) && $_SESSION['backend_version'] != $expected_version ) {


Go to the link below to access your new site


http://yourdomain.com:someforwardedport or even better https://yourdomain.com:someforwardedport


 


Some other things


vi /etc/nfsen.conf
cd /usr/local/src/nfsen-1.3.6p1
./install.pl /etc/nfsen.conf
/etc/init.d/nfsen stop
/etc/init.d/nfsen reconfig
/etc/init.d/nfsen start


If adding a new source i get error and have to remove source then let reconfig add it


rm -r /data/nfsen/profiles-data/live/localhost/
/etc/init.d/nfsen reconfig
/etc/init.d/nfsen start


Some nfdump commands


nfdump -R /data/nfsen/profiles-data/live/router-1/ -s port/bytes
nfdump -R /data/nfsen/profiles-data/live/router-1/ -s srcip/bytes -n 10
nfdump -R /data/nfsen/profiles-data/live/router-1/ -s srcip/bytes 'dst net externalnetwork/24'
nfdump -R /data/nfsen/profiles-data/live/router-1/ -s srcip/bytes 'src net externalnetwork/24'
nfdump -M /data/nfsen/profiles-data/live/ckr1 -T -R 2014/10/08/nfcapd.201410080400:2014/10/08/nfcapd.201410081045 -o extended -s srcip -s ip/flows -s dstport/pps/packets/bytes -s record/bytes





Setup the PortTracker Plugin


Make sure u have a disk with at least 10G free space then follow the below


mkdir /data/ports-db
chown www-data:www-data /data/ports-db/
sudo -u www-data nftrack -I -d /data/ports-db
cp /usr/local/src/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.pm /data/nfsen/plugins/
cp /usr/local/src/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.php /var/www/nfsen/plugins/


Add the plugin to nfsen by adding the following line to nfsen


vi /etc/nfsen.conf


@plugins = ( [ ‘live’, ‘PortTracker’], );


reinstall/reconfigure/restart nfsen


cd /usr/local/src/nfsen-1.6.1p1
./install.pl /etc/nfsen.conf
/etc/init.d/nfsen stop
/etc/init.d/nfsen reconfig
 /etc/init.d/nfsen start

	


	

				






	
		

		
Leave a comment 
Your email address will not be published. Required fields are marked *
 
 



 


 


 


	

	
This site uses Akismet to reduce spam. Learn how your comment data is processed.