How to monitor a LAN Network with nfsen

Intro

I had to monitor a LAN Network. To do it I've installed a HP 5500-48G JD375A switch. It will send sFlow informations to a GNU/Linux Debian server where nfsen will be installed.

Network diagram

Configuration

Prerequisite

root@host:~# apt-get install libsocket6-perl lighttpd php7.0-common libmailtools-perl rrdtool librrds-perl libmailtools-perl rrdtool librrds-perl libsocket6-perl php7.0 php7.0-cgi
root@host:~# adduser netflow
root@host:~# usermod -a -G www-data netflow

NFSEN

root@host:~# cd /usr/local/src/
root@host:~# wget http://sourceforge.net/projects/nfsen/files/stable/nfsen-1.3.8/nfsen-1.3.8.tar.gz
root@host:~# gzip -dc nfsen-1.3.8.tar.gz | tar -xf -
root@host:~# cd nfsen-1.3.8/
root@host:~# cp etc/nfsen-dist.conf /etc/nfsen.conf

nfsen

Edit : /usr/local/src/nfsen-1.3.8/bin/nfsen

ERROR No NFSEN config file found

my $CONFFILE = defined $InitConfigFile ? $InitConfigFile : "/etc/nfsen.conf";

/etc/nfsen.conf

Edit the nfsen.conf file, and set it to manage sflow datas and PortTracker plugin.

$PREFIX  = '/usr/bin';

$WWWUSER  = "www-data";
$WWWGROUP = "www-data";

%sources = (
    'enp3s0'    => { 'port' => '6343', 'col' => '#0000ff', 'type' => 'sflow' },
);

@plugins = (
        [ '*', 'PortTracker' ],
);

PortTracker plugin

We will install the PortTracker plugin.

PortTracker.php

root@host:~# cp contrib/PortTracker/PortTracker.php /var/www/nfsen/plugins/

PortTracker.pm

root@host:~# cp contrib/PortTracker/PortTracker.pm /data/nfsen/plugins/

Prerequisite

root@host:~# mkdir -p /data/nfsen/ports-db
root@host:~# chown -R netflow:www-data /data/nfsen/ports-db/
root@host:~# chown netflow:www-data /data/nfsen/plugins/PortTracker.pm
root@host:~# su netflow
netflow@host:~$ nftrack -I -d /data/nfsen/ports-db/

Install

root@host:~# /usr/local/src/nfsen-1.3.8/install.pl /etc/nfsen.conf

Start the service

root@host:~# /usr/local/src/nfsen-1.3.8/bin/nfsen start

lighttpd

We will use lighttpd as web server.

/etc/lighttpd/lighttpd.conf

server.modules = (
        "mod_access",
        "mod_alias",
        "mod_compress",
        "mod_redirect",
)

url.redirect = (
            "^/$" => "http://10.0.0.150/nfsen.php"
    )

#server.document-root        = "/var/www/html"
server.document-root        = "/var/www/nfsen/"
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog             = "/var/log/lighttpd/error.log"
server.pid-file             = "/var/run/lighttpd.pid"
server.username             = "www-data"
server.groupname            = "www-data"
server.port                 = 80


index-file.names            = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny             = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

compress.cache-dir          = "/var/cache/lighttpd/compress/"
compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )

# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.assign.pl"
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
root@host:~# systemctl restart lighttpd.service

Configure the HP 5500-48G JD375A switch

Now we can set our HP 5500-48G switch to send sFlow data to our nfsen server.

[HP]interface vlan-interface 1
[HP-Vlan-interface1]ip address 10.0.0.75 255.255.255.0
[HP]sflow agent ip 10.0.0.75
[HP]sflow collector 1 ip 10.0.0.150
[HP]interface range gigabitethernet 1/0/1 to gigabitethernet 1/0/24
[HP-if-range]sflow flow collector 1
sflow sampling-rate 1000

Capture

Licence Creative Commons
This website http://shebangthedolphins.net is licensed to the public under a licence Creative Commons Attribution licence.
Contact :