在centos上安装nfsen及插件

最近做流量分析,用了下nfsen,在安装的过程中遇到些问题,记录下来.
首先最典型的问题是,安装完成后,nfsen无法启动,提示:
Starting nfcapd:(route)open() error existing pid file: Permission denied

而同样的安装步骤,在另一台服务器上是正常的.折腾了一段时间并未找到原因(不会perl -.-),最后是通过把nfsen安装在apache的用户目录下解决.

安装需求包

yum install -y httpd php wget gcc make rrdtool-devel rrdtool-perl perl-MailTools perl-Socket6 flex byacc perl php-mysql

安装nfdump

mkdir /root/soft/cd /root/soft/wget http://downloads.sourceforge.net/project/nfdump/stable/nfdump-1.6.11/nfdump-1.6.11.tar.gztar -zxvf nfdump-1.6.11.tar.gz cd nfdump-1.6.11./configure --enable-nfprofile --enable-nftrack --enable-sflow  --with-rrdpath=/usr/bin/makemake install

安装nfsen

mkdir /var/www/netflowchown apache:apache /var/www/netflowcd /root/soft/wget http://iweb.dl.sourceforge.net/project/nfsen/stable/nfsen-1.3.6p1/nfsen-1.3.6p1.tar.gztar zxvf nfsen-1.3.6p1.tar.gz cd nfsen-1.3.6p1/

cp etc/nfsen-dist.conf etc/nfsen.conf
将etc/nfsen.conf中对应的值设置为如下值

 $BASEDIR = "/var/www/netflow"; $USER    = "apache"; $WWWUSER  = "apache"; $WWWGROUP = "apache"; %sources = (        upstream1'    => { 'port' => '9995', 'col' => '#0000ff', 'type' => 'netflow' },);

开始安装：
./install.pl etc/nfsen.conf

启动nfsen：
/var/www/netflow/bin/nfsen start

配置下apche
vi /etc/httpd/conf/httpd.conf

<VirtualHost *:80>    ServerAdmin admin@example.com    DocumentRoot /var/www/nfsen/    ServerName dummy-host.example.com</VirtualHost>

启动apache,并访问http://ip/nfsen.php

把nfsen添加到/etc/init.d/
touch /etc/init.d/nfsen
chmod +x /etc/init.d/nfsen
vim /etc/init.d/nfsen
添加如下内容

#!/bin/bash## chkconfig: - 50 50# description: nfsenDAEMON=/var/www/netflow/bin/nfsencase "$1" in        start)        $DAEMON start        ;;        stop)        $DAEMON stop        ;;        status)        $DAEMON status        ;;        restart)        $DAEMON stop        sleep 1        $DAEMON start        ;;        *)        echo "Usage: $0 {start|stop|status|restart}"        exit 1        ;;esacexit 0

安装Nfsight插件

cd /root/softwget http://sourceforge.net/projects/nfsight/files/nfsight-beta-20130323.tgz/downloadtar zxvf download cd nfsight-beta-20130323/

cp backend/nfsight.pm /var/www/netflow/plugins/mkdir  /var/www/netflow/plugins/nfsightchown -R apache:apache /var/www/netflow/plugins/nfsightmkdir /var/www/nfsen/nfsightcp -r frontend/* /var/www/nfsen/nfsight/chown -R apache:apache /var/www/nfsen/nfsight

如果没有安装mysql,先安装
yum install mysql-server -y
service mysqld start
chkconfig mysqld on

设置下mysql的root密码为rootmysqladmin -uroot -p password 'root'这里默认密码是空,回车即可新建Mysql数据库Nfsight：mysql -u root -proot -e "create database nfsight;"

打开浏览器，访问如下地址,开始安装
http://ip/nfsight/installer.php

Back-end settings设置页中Path to data files设置为如下:/var/www/netflow/plugins/nfsight

将最后一步的配置文件添加到/var/www/netflow/etc/nfsen.conf对应的选项下.

@plugins = ([ '*', 'nfsight' ],);%PluginConf = (nfsight => {        path => "/data/nfsen/plugins/nfsight",        expiration => "180",        network => {            "10.2.1.0" => "24",            "10.1.200.0" => "24",        },        scanner_limit => "5",        print_int_scanner => "1",        print_ext_scanner => "1",        print_int_client => "1",        print_ext_client => "1",        print_int_server => "1",        print_ext_server => "1",        print_int_invalid => "1",        print_ext_invalid => "1",        sql_host => "localhost",        sql_port => "3306",        sql_user => "nfsight",        sql_pass => "nfsight",        sql_db => "nfsight",    },);

安装完成后，重启服务

service nfsen restart

添加计划任务
cronta -e
05 * * * * wget –no-check-certificate -q -O - http://management:aggregate@127.0.0.1/nfsight/aggregate.php

访问
http://ip/nfsight

安装PortTracker插件

cd /root/soft/nfsen-1.3.6p1/contrib/PortTracker
cp PortTracker.pm /var/www/netflow/plugins/
cp PortTracker.php /var/www/nfsen/plugins/

创建PortTracker数据存放目录
目录路径可以在PortTracker.pm配置文件中的PORTSDBDIR参数配置
vim /var/www/netflow/plugins/PortTracker.pm
修改PORTSDBDIR参数为/var/www/netflow/ports-db/
mkdir /var/www/netflow/ports-db/
chown -R apache:apache /var/www/netflow/ports-db/
chmod 775 /var/www/netflow/ports-db/

修改Nfsen配置文件添加插件信息：
vim /var/www/netflow/etc/nfsen.conf
@plugins = (
# profile # module
# [ ‘*’, ‘demoplugin’ ],
[ ‘*’, ‘nfsight’ ],
[ ‘live’, ‘PortTracker’ ],
);

生成PortTracker数据：
nftrack -I -d /var/www/netflow/ports-db/
//如果是虚拟机出现无法连接，系统垮掉的现象时,使用如下命令生成
sudo -u apache /usr/local/bin/nftrack -I -d /data/nfsen/ports-db/
chown -R apache:apache /var/www/netflow/ports-db/

重新加载Nfsen：
service nfsen reload

等5分钟左右访问Nfsen界面选择Plugins即可看到相应信息

安装fprobe

fprobe用于把流量导给nfsen

yum install libpcap-devel -ycd /root/softwget http://jaist.dl.sourceforge.net/project/fprobe/fprobe/1.1/fprobe-1.1.tar.bz2tar jxvf fprobe-1.1.tar.bz2cd fprobe-1.1./configuremakemake install

安装完成后,使用如下命令将eth0的流量导入到192.168.1.121
fprobe -i eth0 192.168.1.121:9996

安裝HostStats插件

用hoststats,可以根据时间来显示流量状况.

cd /root/softwget http://jaist.dl.sourceforge.net/project/hoststats/hoststats-1.1.5.tar.gztar zxvf hoststats-1.1.5.tar.gzcd hoststats-1.1.5./install-libnfdump.shmkdir /var/www/hoststats./configuremakemake install这个时候会提示要确认安装路径,输入/var/www/hoststatschown apache:apache -R /var/www/hoststats启动/var/www/hoststats/hoststats start添加到/etc/rc.local,开机启动echo '/var/www/hoststats/hoststats start' >> /etc/rc.local

以上步骤完成后,稍等几分钟,即可在plugins菜单上看到界面.

安装SURFmap

SURFmap可以通过google map来展示ip连接情况

yum install php-gd php-pdo sqlite php-mbstring -yservice httpd restartcd /root/softwget http://sourceforge.net/projects/surfmap/files/install.shchmod +x install.sh./install.sh

程序默认用http://maps.google.com/maps,不翻墙的话打不开,所以改成http://www.google.cn/maps/

cd /var/www/nfsen/plugins/SURFmapsed -i 's/maps.google.com/www.google.cn/g' `grep 'maps.google.com' -rl ./`

重启nfsen,稍等几分钟,再看界面.
/var/www/netflow/bin/nfsen reload

参考链接

http://www.haiyun.me/archives/netflow-nfsight-nfsen.htmlhttp://sourceforge.net/p/nfsight/wiki/Installation/http://steronius.blogspot.kr/2013/05/install-nfsight-plugin-for-nfsen-on.htmlhttp://blog.hackroad.com/operations-engineer/linux_server/3327.htmlhttp://www.shunze.info/forum/thread.php?threadid=1953&boardid=3&sid=aadc298e695d7f799db0b872563884b3&sid=aadc298e695d7f799db0b872563884b3