Create a KVM
This is easy using proxmox still a bit difficult using SmartOS until i figure out how to deal with SmartOS images anyways i have included my json file for SmartOS below. Also make sure you have at least a 10G
Create KVM on SmartOS
Create a permanent json file for nfsen-1 host
cp /opt/json/templates/kvm-1.json /opt/json/nfsen-1.json
edit json file to your spec
vi nfsen-1.json
{
"hostname": "nfsen-1",
"alias": "nfsen-1.computerking.ca",
"vnc_port": "40004",
"ram": "1024",
"vcpus": "1",
"domainname": "computerking.ca",
"brand": "kvm",
"resolvers": [
"172.16.0.3",
"8.8.8.8",
"8.8.4.4"
],
"disks": [
{
"size": 10240,
"model": "virtio",
"boot": true
}
],
"nics": [
{
"ip": "172.16.0.4",
"model": "virtio",
"nic_tag": "switch0",
"netmask": "255.255.255.0",
"gateway": "172.16.0.1"
}
]
}
vmadm create -f /opt/json/ubuntu-12.04-64-2.json vmadm stop -F c0edd651-feeb-45a2-bb0d-ea79d1b3a6fc cp /opt/softwars/isos/ubuntu-14.04.1-server-amd64.iso /zones/c0edd651-feeb-45a2-bb0d-ea79d1b3a6fc/root/boot.iso vmadm boot c0edd651-feeb-45a2-bb0d-ea79d1b3a6fc order=cd,once=d cdrom=/boot.iso,ide
Create KVM on Pro
vnc into newly created machineand do install about the only notable thing i change from the defaults is not using lvm adding ssh server for obvious reasons and maybe an extra 10G disk or partition for porttracker.
Do the first system updates reboot if kernel update happened and then install some required dependencies the first group for making nfdump with portracker compiled in, the next for nfsen itself, and lastly for the web frontend.
apt-get update apt-get dist-upgrade reboot apt-get install build-essential flex librrd-dev libtool autoconf bison <<< test this might not be complete see above apt-get install gcc flex librrd-dev make>>> apt-get install rrdtool libmailtools-perl librrds-perl libio-socket-ssl-perl apt-get install apache2 libapache2-mod-php5 php5-common
Softflowd be install locally mostly for testing purposes only to see if nfsen is working properly before pointing our other sensors and/or probes at it
apt-get install softflowd
Lets start installing nfdump and nfsen
cd /usr/local/src/
wget http://downloads.sourceforge.net/project/nfdump/stable/nfdump-1.6.12/nfdump-1.6.12.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fnfdump%2F&ts=1411847324&use_mirror=superb-dca3 mv nfdump-1.6.12.tar.gz\?r\=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fnfdump%2F nfdump-1.6.12.tar.gz tar -xzvf nfdump-1.6.12.tar.gz cd nfdump-1.6.12/ ./configure --enable-nfprofile --enable-nftrack --enable-sflow make make install cd ..
wget http://downloads.sourceforge.net/project/nfsen/stable/nfsen-1.3.6p1/nfsen-1.3.6p1.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fnfsen%2F&ts=1411846853&use_mirror=tcpdiag mv nfsen-1.3.6p1.tar.gz\?r\=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fnfsen%2F nfsen-1.3.6p1.tar.gz tar -xzvf nfsen-1.3.6p1.tar.gz cd nfsen-1.3.6p1/
Setup Nfsen, copy and edit the config file etc
cp /usr/local/src/nfsen-1.3.6p1/etc/nfsen-dist.conf /etc/nfsen.conf
$USER = "www-data";
$WWWUSER = "www-data";
$WWWGROUP = "www-data";
$BUFFLEN = 2000;
%sources = (
'local1' => { 'port' => '9995', 'col' => '#0000ff', 'type' => 'netflow' },
);
$MAIL_FROM = 'nfsen@yourdomain.ext';
mkdir -p /data/nfsen cd /usr/local/src/nfsen-1.3.6p1 install.pl /etc/nfsen.conf
getting this error still trying to track it down
Can not get semaphore: at libexec/Nfsync.pm line 48.
Fix some perms for apache, setup and start nfsen
???chown -R www-data:www-data /data/nfsen??? chown -R www-data:www-data /var/www/nfsen ln -s /var/www/nfsen/nfsen.php /var/www/nfsen/index.php ln -s /data/nfsen/bin/nfsen /etc/init.d/nfsen update-rc.d nfsen defaults 20 /etc/init.d/nfsen start
Add this to apache
cp -rp /etc/apache2/sites-enabled/000-default.conf /etc/apache2/sites-enabled/nfsen
ServerAdmin ryan@computerking.ca
DocumentRoot /var/www/nfsen
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory "/var/www/nfsen">
Options FollowSymLinks
AllowOverride None
AuthType Basic
AuthName "NFSEN Reserved Area"
AuthUserFile /etc/apache2/nfsen_passwd
Require valid-user
</Directory>
Making apache listen on https
apt-get install apache2-utils htpasswd -c /etc/apache2/nfsen_passwd Username /etc/init.d/apache2 restart
Fix the frontend backend missmatch bug by changing line 45 if the nfsen.php file to the line below
vi /var/www/nfsen/nfsen.php
if ( !array_key_exists(‘backend_version’, $_SESSION ) && $_SESSION['backend_version'] != $expected_version ) {
Go to the link below to access your new site
http://yourdomain.com:someforwardedport or even better https://yourdomain.com:someforwardedport
Some other things
vi /etc/nfsen.conf cd /usr/local/src/nfsen-1.3.6p1 ./install.pl /etc/nfsen.conf /etc/init.d/nfsen stop /etc/init.d/nfsen reconfig /etc/init.d/nfsen start
If adding a new source i get error and have to remove source then let reconfig add it
rm -r /data/nfsen/profiles-data/live/localhost/ /etc/init.d/nfsen reconfig /etc/init.d/nfsen start
Some nfdump commands
nfdump -R /data/nfsen/profiles-data/live/router-1/ -s port/bytes nfdump -R /data/nfsen/profiles-data/live/router-1/ -s srcip/bytes -n 10 nfdump -R /data/nfsen/profiles-data/live/router-1/ -s srcip/bytes 'dst net externalnetwork/24' nfdump -R /data/nfsen/profiles-data/live/router-1/ -s srcip/bytes 'src net externalnetwork/24' nfdump -M /data/nfsen/profiles-data/live/ckr1 -T -R 2014/10/08/nfcapd.201410080400:2014/10/08/nfcapd.201410081045 -o extended -s srcip -s ip/flows -s dstport/pps/packets/bytes -s record/bytes
Setup the PortTracker Plugin
Make sure u have a disk with at least 10G free space then follow the below
mkdir /data/ports-db chown www-data:www-data /data/ports-db/ sudo -u www-data nftrack -I -d /data/ports-db cp /usr/local/src/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.pm /data/nfsen/plugins/ cp /usr/local/src/nfsen-1.3.6p1/contrib/PortTracker/PortTracker.php /var/www/nfsen/plugins/
Add the plugin to nfsen by adding the following line to nfsen
vi /etc/nfsen.conf
@plugins = ( [ ‘live’, ‘PortTracker’], );
reinstall/reconfigure/restart nfsen
cd /usr/local/src/nfsen-1.6.1p1 ./install.pl /etc/nfsen.conf /etc/init.d/nfsen stop /etc/init.d/nfsen reconfig /etc/init.d/nfsen start