{"id":1097,"date":"2014-11-09T15:58:06","date_gmt":"2014-11-09T14:58:06","guid":{"rendered":"http:\/\/diablo.craem.net\/?p=1097"},"modified":"2014-11-09T15:58:06","modified_gmt":"2014-11-09T14:58:06","slug":"netflow-nfsen-nfdump-en-debian-3-cacti-pmacct","status":"publish","type":"post","link":"https:\/\/diablo.craem.net\/?p=1097","title":{"rendered":"Netflow: nfsen + nfdump en Debian (3) + cacti + pmacct"},"content":{"rendered":"<p>Ahora vamos a a\u00f1adir una capa m\u00e1s&#8230;. pmacct.<br \/>\nPmacct ser\u00e1 el enlace entre cacti y los flows de los dispositivos&#8230; usaremos nfsen para controlar tr\u00e1fico y ataques.<br \/>\nDescargamos y descomprimimos pmacct:<br \/>\n<code><br \/>\n# cd \/usr\/src<br \/>\n# wget -c https:\/\/www.pmacct.net\/pmacct-1.5.0.tar.gz<br \/>\n# tar -zxvf pmacct-1.5.0.tar.gz<br \/>\n<\/code><br \/>\nCreamos el directorio de instalaci\u00f3n:<br \/>\n<code><br \/>\n# mkdir \/etc\/pmacct<br \/>\n<\/code><br \/>\nY instalamos<br \/>\n<code\n# .\/configure --prefix=\/etc\/pmacct &#038;&#038; make &#038;&#038; make install\n<\/code><br \/>\nUna vez instalado, vamos a configurar lo que nos interesa de pmacct, que m\u00e1s tarde, enlazaremos con cacti.<br \/>\n<code><br \/>\n# nano \/etc\/pmacct.conf<br \/>\ndebug: true<br \/>\ndaemonize: true<br \/>\nnfacctd_port: 9996<br \/>\npidfile: \/var\/run\/nfacctd.pid<br \/>\nplugin_buffer_size: 80524<br \/>\nplugin_pipe_size: 18052324<br \/>\nnetworks_file: \/etc\/pmacct\/nfacctd.hosts<br \/>\nplugins: memory[in], memory[out]<br \/>\naggregate[in]: dst_host<br \/>\naggregate[out]: src_host<br \/>\nimt_path[in]: \/tmp\/in.pipe<br \/>\nimt_path[out]: \/tmp\/out.pipe<br \/>\n<\/code><br \/>\nEn el fichero nfacctd.hosts, a\u00f1adimos las ip&#8217;s \/ rangos que nos interese tener en detalle&#8230;<br \/>\n<code><br \/>\n# nano \/etc\/pmacct\/nfacctd.hosts<br \/>\n1.1.1.1\/32<br \/>\n1.1.1.2\/32<br \/>\n..<br \/>\n...<br \/>\n<\/code><br \/>\nLanzamos pmacct&#8230;.<br \/>\n<code><br \/>\nroot@testflow:\/etc\/pmacct\/sbin# .\/nfacctd -D -f \/etc\/pmacct\/pmacct.conf<br \/>\n<\/code><br \/>\nPara comprobar que estamos escuchando correctamente:<br \/>\n<code><br \/>\nroot@testflow:\/etc\/pmacct\/bin# netstat -putan | grep 9996<br \/>\nudp  0 0 0.0.0.0:9996  0.0.0.0:*   17799\/nfacctd: Core<br \/>\n<\/code><br \/>\ny que recogemos flows:<br \/>\n<code><br \/>\nroot@testflow:\/etc\/pmacct\/bin# .\/pmacct -s -p \/tmp\/out.pipe<br \/>\nroot@testflow:\/etc\/pmacct\/bin# .\/pmacct -s -p \/tmp\/in.pipe<br \/>\n<\/code><br \/>\nY ahora comprobamos si hace accounting de las ip&#8217;s en concreto:<br \/>\n<code><br \/>\nroot@testflow:\/etc\/pmacct\/bin# .\/pmacct -c dst_net -N 1.1.1.1 -p \/tmp\/in.pipe<br \/>\n7254628<br \/>\nroot@testflow:\/etc\/pmacct\/bin# <\/code><br \/>\nY vemos c\u00f3mo ya nos muestra tr\u00e1fico en bytes \ud83d\ude42<br \/>\n<a href=\"https:\/\/diablo.craem.net\/wp-content\/uploads\/2014\/11\/Captura-de-pantalla-2014-11-16-a-las-14.42.32.png\"><img decoding=\"async\" src=\"https:\/\/diablo.craem.net\/wp-content\/uploads\/2014\/11\/Captura-de-pantalla-2014-11-16-a-las-14.42.32-300x146.png\" alt=\"Captura de pantalla 2014-11-16 a las 14.42.32\" width=\"300\" height=\"146\" class=\"alignnone size-medium wp-image-1110\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ahora vamos a a\u00f1adir una capa m\u00e1s&#8230;. pmacct. Pmacct ser\u00e1 el enlace entre cacti y los flows de los dispositivos&#8230; usaremos nfsen para controlar tr\u00e1fico y ataques. Descargamos y descomprimimos pmacct: # cd \/usr\/src # wget -c https:\/\/www.pmacct.net\/pmacct-1.5.0.tar.gz # tar -zxvf pmacct-1.5.0.tar.gz Creamos el directorio de instalaci\u00f3n: # mkdir \/etc\/pmacct Y instalamos<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,1],"tags":[38,121,125,142],"class_list":["post-1097","post","type-post","status-publish","format-standard","hentry","category-linux","category-sin-categoria","tag-cacti","tag-netflow","tag-nfsen","tag-pmacct"],"_links":{"self":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts\/1097","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1097"}],"version-history":[{"count":0,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts\/1097\/revisions"}],"wp:attachment":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1097"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1097"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1097"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}