Install NFSEN on Ubuntu, the easiest way.

NFSen (NetFlow SENsor) is a Web-Based Front-End for the nfdump netflow tools.

NfSen is very useful and allows network administrators to:
Display netflow data: Flows, Packets and Bytes using RRD (Round Robin Database).
Easily navigate through the netflow data.
Process the netflow data within the specified time span.
Create history as well as continuous profiles.
Set alerts, based on various conditions.
Customize and Create plugins to process netflow data on a regular interval.

The installation on Linux can be tricky, here I’ll show my way (using, where possibole, distribution supported apt packages) in Ubuntu Server 12.04 LTS.

First of all, let’s update package list:

apt-get update

Install some needed packages and NFDump:

apt-get install nfdump

Install (if not already installed into the box) apache and PHP:

apt-get install apache2 libapache2-mod-php5 php5-common

Install some needed perl libs:

apt-get install rrdtool \
 libmailtools-perl librrds-perl libio-socket-ssl-perl

Download and uncompress NFSEN (1.3.6p1 is the last available version, in this moment) in the apache root directory (default in /var/www):

cd /var/www/
wget \
 http://sourceforge.net/projects/nfsen/files/stable/nfsen-1.3.6p1/nfsen-1.3.6p1.tar.gz
tar zxvf nfsen-1.3.6p1.tar.gz
mv nfsen-1.3.6p1 nfsen

Take a copy of NFSEN configuration File:

cp /var/www/nfsen/etc/nfsen-dist.conf /etc/nfsen.conf

Edit some needed and mandatory parts of /etc/nfsen.conf configuration file (other customizations could be done, if needed):

[..]
$BASEDIR = "/data/nfsen";
[..]
$PREFIX  = '/usr/bin';
[..]
$USER    = "www-data";
[..]
$WWWUSER  = "www-data";
$WWWGROUP = "www-data";
[..]
%sources = (
 'Device' => {'port'=>'9995','col'=>'#0000ff','type'=>'netflow'},
);
[..]
$MAIL_FROM   = 'youraccount@yourdomain.ext';
$SMTP_SERVER = 'yoursmtphost.yourdomain.ext';
[..]

Create Installation PATH and Install NFSEN:

mkdir -p /data/nfsen
/var/www/nfsen/install.pl /etc/nfsen.conf

Create a symbolic link to InitScript and configure it to start the daemon automatically:

ln -s /data/nfsen/bin/nfsen /etc/init.d/nfsen
update-rc.d nfsen defaults 20

Create a symbolic link to nfsen.php in nfesn apache root directory, to permit DirectoryIndexing and fix some permissions:

ln -s /var/www/nfsen/nfsen.php /var/www/nfsen/index.php
chown -R www-data:www-data /data/nfsen
chown -R www-data:www-data /var/www/nfsen

CheckOut the installation by pointing the Web Browser to: http://YourNFSENHost/nfsen/

NFSEN does not require authentication to access NetFlow DATA, it is recommended to perform at least an apache Basic HTTP authentication.
To do this, edit your default VirtualHost (default enabled by symlink in /etc/apache2/sites/enabled/000-default) and insert following configuration lines:

[..]
# NFSen NetFlow Monitor
<Directory "/var/www/nfsen">
 Options FollowSymLinks
 AllowOverride None
 AuthType Basic
 AuthName "NFSEN Reserved Area"
 AuthUserFile /etc/apache2/nfsen_passwd
 Require valid-user
</Directory>
[..]

Create a valid user in the specified apache UserDB file:

htpasswd -c /etc/apache2/nfsen_passwd nfsen_user
chown www-data:www-data /etc/apache2/nfsen_passwd
chmod 660 /etc/apache2/nfsen_passwd

Here it is possible to find some information on how to setup a NetFlow exportation Cisco-Enabled device to feed flows to the NFDump Daemon.

An error message could appear in the NFSEN Frontend: “Frontend – Backend version missmatch!”.
In this case apply the suggested patch, in file /var/www/nfsen/html/nfsen.php line 45:

– – if ( !array_key_exists(‘backend_version’, $_SESSION ) || $_SESSION[‘backend_version’] != $expected_version ) {
+ + if ( !array_key_exists(‘backend_version’, $_SESSION ) && $_SESSION[‘backend_version’] != $expected_version ) {


Comments are closed.