{"id":1069,"date":"2014-11-08T16:41:25","date_gmt":"2014-11-08T15:41:25","guid":{"rendered":"http:\/\/diablo.craem.net\/?p=1069"},"modified":"2014-11-08T16:41:25","modified_gmt":"2014-11-08T15:41:25","slug":"netflow-nfsen-nfdump-en-debian-1","status":"publish","type":"post","link":"https:\/\/diablo.craem.net\/?p=1069","title":{"rendered":"Netflow: nfsen + nfdump en Debian (1)"},"content":{"rendered":"

Otra entrada que es un apunte para recordar la instalaci\u00f3n \/ configuraci\u00f3n.
\nNetflow, es un protocolo creado por cisco y usado por varios fabricantes, para exportar fuera del router \/ firewall, el detalle del tr\u00e1fico…. de esta manera, tendremos un hist\u00f3rico para hacer accounting<\/em>, ver ataques y en definitiva, para tener controlado todo un poco en nuestros routers.
\nExisten herramientas de pago fant\u00e1sticas, tipo Netflow Analyzer, pero su precio, hace que nos lo pensemos bien si lo queremos tener en casa, para jugar o una peque\u00f1a empresa, as\u00ed\u00ad que, la alternativa libre, pasa por usar nfsen (frontend) y nfdump.
\nPartimos de la base de una debian reci\u00e9n instalada …
\nInstalamos unas dependencias b\u00e1sicas:
\n
\n# apt-get install gcc make flex librrd-dev mtr htop autoconf bison
\n# apt-get install apache2 libapache2-mod-php5 php5-common libmailtools-perl rrdtool librrds-perl
\n# apt-get install rrdtool libio-socket-ssl-perl
\n# perl -MCPAN -e 'install Socket6'
\n<\/code>
\nDescargamos en \/usr\/src el programa para compilarlo:
\n
\nwget -c https:\/\/sourceforge.net\/projects\/nfdump\/files\/stable\/nfdump-1.6.12\/nfdump-1.6.12.tar.gz\/download
\n<\/code>
\nDescomprimes…
\n
\n# tar -zxvf nfdump-1.6.12.tar.gz
\n<\/code>
\nInstall….
\n
\n#.\/configure --enable-nfprofile
\n# make
\n# make install
\n<\/code>
\nUna vez instalado, vamos por el nfsen….. descargamos la \u00faltima versi\u00f3n disponible
\n
\nwget -c https:\/\/downloads.sourceforge.net\/project\/nfsen\/stable\/nfsen-1.3.6p1\/nfsen-1.3.6p1.tar.gz?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fnfsen%2Ffiles%2Fstable%2Fnfsen-1.3.6p1%2F&ts=1415459147&use_mirror=heanet
\n<\/code>
\nDescomprimimos nfsen….
\n
\n# tar -zxvf nfsen-1.3.6p1.tar.gz
\n<\/code>
\nYo, suelo crearme un directorio para tener ordenados los ficheros y me suelo copiar la instalaci\u00f3n del nfsen all\u00ed\u00ad:
\n
\n# mkdir \/etc\/nfsen
\n# mv \/usr\/src\/nfsen-1.3-6p1 \/etc\/nfsen
\n<\/code>
\nNos creamos el fichero de configuraci\u00f3n para nuestros cacharros..
\n
\n# cd \/etc\/nfsen
\n# cp nfsen-dist.conf nfsen.conf
\n<\/code>
\nEditamos \/ cambiamos unos valores y a\u00f1adimos nuestro primer dispositivo:
\n
\n# nano \/etc\/nfsen\/nfsen.php
\n# BASEDIR unrelated vars:
\n#
\n# Run nfcapd as this user
\n# This may be a different or the same uid than your web server.
\n# Note: This user must be in group $WWWGROUP, otherwise nfcapd
\n# is not able to write data files!
\n$USER = \"www-data\";
\n# user and group of the web server process
\n# All netflow processing will be done with this user
\n$WWWUSER = \"www-data\";
\n$WWWGROUP = \"www-data\";
\n%sources = (
\n 'asav254' => { 'port' => '9995', 'col' => '#0000ff', 'type' => 'netflow' },
\n);
\n<\/code>
\nA\u00f1adimos un link simb\u00f3lico para \/var\/www y cambiamos permisos…
\n
\n# ln -s \/var\/www\/nfsen\/nfsen.php \/var\/www\/nfsen\/index.php
\n# chown -R www-data:www-data \/data\/nfsen
\n# chown -R www-data:www-data \/var\/www\/nfsen
\n<\/code>
\nCreamos el directorio para almacenar:
\n
\n# mkdir -p \/data\/nfsen
\n# \/var\/www\/nfsen\/install.pl \/etc\/nfsen\/nfsen.conf
\n<\/code>
\nA\u00f1adimos al inicio el nfsen:
\n
\n# ln -s \/data\/nfsen\/bin\/nfsen \/etc\/init.d\/nfsen
\n# update-rc.d nfsen defaults 20
\n<\/code>
\nY lo iniciamos:
\n
\n# \/etc\/init.d\/nfsen start
\n<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"

Otra entrada que es un apunte para recordar la instalaci\u00f3n \/ configuraci\u00f3n. Netflow, es un protocolo creado por cisco y usado por varios fabricantes, para exportar fuera del router \/ firewall, el detalle del tr\u00e1fico…. de esta manera, tendremos un hist\u00f3rico para hacer accounting, ver ataques y en definitiva, para tener controlado todo un poco […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[38,124,125],"class_list":["post-1069","post","type-post","status-publish","format-standard","hentry","category-linux","tag-cacti","tag-nfdump","tag-nfsen"],"_links":{"self":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts\/1069","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1069"}],"version-history":[{"count":0,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts\/1069\/revisions"}],"wp:attachment":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1069"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1069"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1069"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}