Installing NFSEN & NFDUMP on Ubuntu and Next integrate ... https://ipcorenetworks.blogspot.com/2021/08/installing-...

IP Core Networks

Installing NFSEN & NFDUMP on Ubuntu and Next integrate with LibreNMS
- August 23, 2021

librenms@librenms:~$ lsb_release -a

No LSB modules are available.

Distributor ID: Ubuntu

Description: Ubuntu 20.04.2 LTS

Release: 20.04

Codename: focal

Project Link:

http://nfsen.sourceforge.net/

http://nfdump.sourceforge.net/

https://github.com/phaag/nfdump

https://www.�rst.org/resources/papers/conference2006/haag-peter-papers.pdf

sudo add-apt-repository universe FOR OLD ubuntu versions 16,18

Installation
Use the sudo user

sudo -i

Update ubuntu:
apt-get update

apt autoremove

Create and navidate to a new folder:

mkdir ~/nfsen && cd ~/nfsen

or

mkdir /var/nfsen && cd /var/nfsen

Download the required �les:

wget https://bit.ly/2NpMHqV >>> NfSend

wget https://github.com/phaag/nfdump/archive/v1.6.17.tar.gz >>>NfDump

Extract the �les:

tar zxfv 2NpMHqV

tar xzfv v1.6.17.tar.gz

1 of 7 05/04/2023, 18:58
Installing NFSEN & NFDUMP on Ubuntu and Next integrate ... https://ipcorenetworks.blogspot.com/2021/08/installing-...

Install Dependencies

apt install make gcc flex rrdtool librrd-dev libpcap-dev php librrds-perl libsocket6-perl
apache2 libapache2-mod-php libtool dh-autoreconf pkg-config libbz2-dev byacc doxygen
graphviz librrdp-perl libmailtools-perl build-essential autoconf

you may use only >>> this is Important

apt-get install apache2 php libapache2-mod-php librrds-perl librrdp-perl librrd-dev libmailtools-

perl build-essential autoconf rrdtool

Make sure the right version of PHP is being used:

a2enmod php7.4

Fix problem with displaying icons in nfsen:

Nano /etc/apache2/mods-enabled/alias.conf

and comment out line: 'Alias /icons/ "/usr/share/apache2/icons/"

In the php.ini �le, be sure to specify the correct time zone, for example:
nano /etc/php/7.4/apache2/php.ini

date.timezone = Asia/karachi

Prepare nfdump for compilation:

cd nfdump-1.6.17/

sh ./autogen.sh

./configure --enable-nsel --enable-nfprofile --enable-sflow --enable-readpcap --enable-

nfpcapd --enable-nftrack --enable-jnat

Compile and install nfdump

make && make install

(it may be necessary to run /sbin/ldcon�g or ldcon�g as root after the installation)

Install nfsen dependencies:

cpan App::cpanminus

cpanm Mail::Header

cpanm Mail::Internet

Check the nfdump version:

nfdump -v

Con�gure nfsen:
cd ../nfsen-1.3.6p1 or cd /nfsen-1.3.6p1/etc/

cp nfsen-dist.conf nfsen.conf

nano ./etc/nfsen.conf

you may changed the following (apach2 and nginx work by default from the www-data user):

2 of 7 05/04/2023, 18:58
Installing NFSEN & NFDUMP on Ubuntu and Next integrate ... https://ipcorenetworks.blogspot.com/2021/08/installing-...

>
# user and group of the web server process
# All net�ow processing will be done with this user

$BASEDIR = "/var/nfsen";

$PREFIX = '/usr/local/bin';

$USER = "netflow";

$WWWUSER = "www-data";
$WWWGROUP = "www-data";

# number of nfpro�le processes to spawn during the pro�ling phase

# depends on how busy your system is and how many CPUs you have
# on very busy systems increase it to a higher value
#$PROFILERS = 2;

Add user used by nfsen:

useradd -M -s /bin/false -G www-data netflow

Create nfsen base directory:

mkdir – p /var/nfsen

Install nfsen:
./install.pl ./etc/nfsen.conf

If there is a version mismatch change this:

nano libexec/NfSenRRD.pm

Change from 1.5 t0 1.8

Point default Apache site to nfsen.php �le:

nano /etc/apache2/sites-enabled/000-default.conf

DocumentRoot /var/www/nfsen

DirectoryIndex nfsen.php

ServerAdmin webmaster@localhost

ServerName 192.168.88.163

DocumentRoot /var/www/nfsen
DirectoryIndex nfsen.php)

change apache port 80 to any_port_number

nano /etc/apache2/apache2.conf

systemctl enable apache2

systemctl start apache2

Start nfsen service:

/var/nfsen/bin/nfsen start

3 of 7 05/04/2023, 18:58
Installing NFSEN & NFDUMP on Ubuntu and Next integrate ... https://ipcorenetworks.blogspot.com/2021/08/installing-...

Restart Apache:
systemctl apache2 restart

If you need to run nfsen on port 2055/udp, and it was taken by default by nfdump (by the nfcapd process), then stop it
before running nfsen:

systemctl is-enabled nfdump

systemctl stop nfdump

netstat -anpl | grep 2055

kill -9 PID_NUMBER

netstat -anpl | grep nfcapd

Testing >>> on Mikrotik

nano /var/nfsen/etc/nfsen.conf
%sources = (
' MikroTik_CCIE ' => { 'port' => '2055', 'col' => '#00ff00', 'type' => 'net�ow' },
# 'upstream1' => { 'port' => '9995', 'col' => '#0000ff', 'type' => 'net�ow' },
# 'peer1' => { 'port' => '9996', 'IP' => '192.168.88.1' },
# 'peer2' => { 'port' => '9996', 'IP' => '0.0.0.0' },
);

#OR

%sources = (
'source1' => { 'port' => '9995', 'col' => '#0000ff', 'type' => 'net�ow' },
'source2' => { 'port' => '9996', 'col' => '#cc3333', 'type' => 'net�ow' },
'source3' => { 'port' => '9997', 'col' => '#99ff33', 'type' => 'net�ow' },
);

# OR

%sources = (
'ccr1016' => { 'port' => '9995', 'IP' => 'x.x.x.x', 'col' => '#0000ff', 'type' => 'net�ow' },
'ap�oor1' => { 'port' => '9995', 'IP' => 'x.x.x.x', 'col' => '#8B0000' },
'ap�oor2' => { 'port' => '9995', 'IP' => 'x.x.x.x', 'col' => '#DC143C'},
'ap�oor3' => { 'port' => '9995', 'IP' => 'x.x.x.x', 'col' => '#FF7F50'},
);

/etc/init.d/nfsen recon�g

Or

cd /var/nfsen/bin

./nfsen reconfig

./nfsen start

sudo /etc/init.d/nfsen reconfig

To make nfsen reboot proof:

4 of 7 05/04/2023, 18:58
Installing NFSEN & NFDUMP on Ubuntu and Next integrate ... https://ipcorenetworks.blogspot.com/2021/08/installing-...

ln -s /var/nfsen/bin/nfsen /etc/init.d/nfsen

update-rc.d nfsen defaults 20

It remains to con�gure the web server or just create a symbolic link in the www directory (after that you can open nfsen
in a browser, for example http://192.168.88.157/nfsen/nfsen.php):

ln -s /var/nfsen/www/ /var/www/html/nfsen

ln -s /var/www/nfsen/ /var/www/html/nfsen

Make sure that nfsen starts when the operating system starts:
systemctl enable nfsen

systemctl start nfsen

systemctl status nfsen

Browse to:

http://yourip:portnumber

Auto start at boot

• Create /etc/systemd/system/nfsen.service:

[Unit]
Description=NfSen Service
After=network.target

[Service]
Type=forking
PIDFile=/var/nfsen/var/run/nfsend.pid
ExecStart=/var/nfsen/bin/nfsen start
ExecStop=/var/nfsen/bin/nfsen stop
Restart=on-abort

[Install]
WantedBy=multi-user.target

Troubleshooting commands:
sudo netstat -tulpn

ls -l /var/nfsen/pro�les-stat/live

timedatectl set-timezone Asia/karachi

chmod -R 777 /var/nfsen/var/run/nfsen.comm

chown -R www-data:www-data /var/nfsen

chown -R net�ow:www-data /var/nfsen/pro�les-data/live/

tcpdump port 2055 -e -n

ps auxwww | grep nfcapd

UP-Next Video

How to Install Nfsen & Nfdump porttracker plugin on ubuntu

https://ipcorenetworks.blogspot.com/2022/02/installing-nfsen-nfdump-porttracker.html

5 of 7 05/04/2023, 18:58
Installing NFSEN & NFDUMP on Ubuntu and Next integrate ... https://ipcorenetworks.blogspot.com/2021/08/installing-...

_________________
Cacti Free Networking Monitoring Tool:
Cacti Tutorial PlayList:https://www.youtube.com/playlist?list=PL2iPlJTsTrSRcLWPSRi--dF7rN4RyUzWb
__________________________________
LibreNMS Free Networking Monitoring Tool:
LibreNMS Tutorials: https://www.youtube.com/playlist?list=PL2iPlJTsTrSRdSVlok674Bkou0zkrPbgb
__________________________________
CCNP ENCOR (350-401):
https://www.youtube.com/playlist?list=PL2iPlJTsTrSTpfE-r7M-NsHON3AcyFNSk
__________________________________
CCNP Enterprise Free Training:
https://www.youtube.com/playlist?list=PL2iPlJTsTrSTWw5DSSXG-kvbVmpAec06J
__________________________________
CCNP ENARSI (300-410):
https://www.youtube.com/playlist?list=PL2iPlJTsTrSQx_kwwr0ERU_Cmj_gsJ5Le

Unknown December 28, 2021 at 2:55 AM

cpan App::cpanminus

cpan*m* Mail::Header

cpan*m* Mail::Internet

REPLY

Sousa Varela January 27, 2022 at 2:14 PM

Hi,
Many thanks for share!
What about nginx webserver setup?

REPLY

6 of 7 05/04/2023, 18:58
Installing NFSEN & NFDUMP on Ubuntu and Next integrate ... https://ipcorenetworks.blogspot.com/2021/08/installing-...

mariachiguadalajara April 20, 2022 at 8:58 AM

root@�ujos7200:/var/nfsen/nfsen-1.3.6p1# /var/nfsen/bin/nfsen start

Subroutine Lookup::pack_sockaddr_in6 rede�ned at /usr/share/perl/5.30/Exporter.pm line 66.
at /var/nfsen/libexec/Lookup.pm line 43.
Subroutine Lookup::unpack_sockaddr_in6 rede�ned at /usr/share/perl/5.30/Exporter.pm line 66.
at /var/nfsen/libexec/Lookup.pm line 43.
Subroutine Lookup::sockaddr_in6 rede�ned at /usr/share/perl/5.30/Exporter.pm line 66.
at /var/nfsen/libexec/Lookup.pm line 43.
Subroutine AbuseWhois::pack_sockaddr_in6 rede�ned at /usr/share/perl/5.30/Exporter.pm line 66.
at /var/nfsen/libexec/AbuseWhois.pm line 42.
Subroutine AbuseWhois::unpack_sockaddr_in6 rede�ned at /usr/share/perl/5.30/Exporter.pm line 66.
at /var/nfsen/libexec/AbuseWhois.pm line 42.
Subroutine AbuseWhois::sockaddr_in6 rede�ned at /usr/share/perl/5.30/Exporter.pm line 66.
at /var/nfsen/libexec/AbuseWhois.pm line 42.
Subroutine AbuseWhois::pack_sockaddr_in6 rede�ned at /var/nfsen/libexec/AbuseWhois.pm line 44.
Subroutine AbuseWhois::unpack_sockaddr_in6 rede�ned at /var/nfsen/libexec/AbuseWhois.pm line 44.
Subroutine AbuseWhois::sockaddr_in6 rede�ned at /var/nfsen/libexec/AbuseWhois.pm line 44.
Starting nfcapd:(7200cantv)[11908] (7200vnet)[11911]
Starting nfsendSubroutine Lookup::pack_sockaddr_in6 rede�ned at /usr/share/perl/5.30/Exporter.pm line
66.
at /var/nfsen/libexec/Lookup.pm line 43.
Subroutine Lookup::unpack_sockaddr_in6 rede�ned at /usr/share/perl/5.30/Exporter.pm line 66.
at /var/nfsen/libexec/Lookup.pm line 43.
Subroutine Lookup::sockaddr_in6 rede�ned at /usr/share/perl/5.30/Exporter.pm line 66.
at /var/nfsen/libexec/Lookup.pm line 43.
Subroutine AbuseWhois::pack_sockaddr_in6 rede�ned at /usr/share/perl/5.30/Exporter.pm line 66.
at /var/nfsen/libexec/AbuseWhois.pm line 42.
Subroutine AbuseWhois::unpack_sockaddr_in6 rede�ned at /usr/share/perl/5.30/Exporter.pm line 66.
at /var/nfsen/libexec/AbuseWhois.pm line 42.
Subroutine AbuseWhois::sockaddr_in6 rede�ned at /usr/share/perl/5.30/Exporter.pm line 66.
at /var/nfsen/libexec/AbuseWhois.pm line 42.
Subroutine AbuseWhois::pack_sockaddr_in6 rede�ned at /var/nfsen/libexec/AbuseWhois.pm line 44.
Subroutine AbuseWhois::unpack_sockaddr_in6 rede�ned at /var/nfsen/libexec/AbuseWhois.pm line 44.
Subroutine AbuseWhois::sockaddr_in6 rede�ned at /var/nfsen/libexec/AbuseWhois.pm line 44.

REPLY

Powered by Blogger

Theme images by Michael Elkan

Popular posts from this blog

How to Install Cacti Network Monitoring Tool On CentOS

- July 11, 2021

How
IP CORE to Install Cacti Network Monitoring Tool on CentOS 7 /RHEL Prerequisites Setup EPEL Repository Repositories For
NETWORKS
more extended package list, we �rst install the REMI, OpenNMS, and EPEL repositories: Setup EPEL repository only
CentOS 7is/aRHEL
IP CORE NETWORKS 7. yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm yum install
Premium …
Cisco Consulting provider of Cisco
Products, Solutions, Training, and READ MORE
Professional Services for small,
medium, and large-sized businesses.
IP Core Networks | Your Education, Your Choice
We are a Cisco Premier Certi�ed Partner
- May 19, 2021
founded by a Cisco CCIE architect and
consultant with over 6 years of …
Our Youtube Channel Name : IP Core Networks Channel link: https://www.youtube.com/channel
VISIT PROFILE /UCbkH41NcPM3od4Xkij0M7zw Email address:cciepearl@gmail.com WhatsApp:+92-345-7770727
Channel Description: IP CORE NETWORKS is a Premium Cisco Consulting provider of Cisco Products, …

Archive READ MORE

Report Abuse

7 of 7 05/04/2023, 18:58