Install NFSEN on Ubuntu, the easiest way.
NFSen (NetFlow SENsor) is a Web-Based Front-End for the nfdump netflow tools.
NfSen is very useful and allows network administrators to:
Display netflow data: Flows, Packets and Bytes using RRD (Round Robin Database).
Easily navigate through the netflow data.
Process the netflow data within the specified time span.
Create history as well as continuous profiles.
Set alerts, based on various conditions.
Customize and Create plugins to process netflow data on a regular interval.
The installation on Linux can be tricky, here I’ll show my way (using, where possibole, distribution supported apt packages) in Ubuntu Server 12.04 LTS.
First of all, let’s update package list:
apt-get update |
Install some needed packages and NFDump:
apt-get install nfdump |
Install (if not already installed into the box) apache and PHP:
apt-get install apache2 libapache2-mod-php5 php5-common |
Install some needed perl libs:
apt-get install rrdtool \ libmailtools-perl librrds-perl libio-socket-ssl-perl |
Download and uncompress NFSEN (1.3.6p1 is the last available version, in this moment) in the apache root directory (default in /var/www):
cd /var/www/ wget \ http://sourceforge.net/projects/nfsen/files/stable/nfsen-1.3.6p1/nfsen-1.3.6p1.tar.gz tar zxvf nfsen-1.3.6p1.tar.gz mv nfsen-1.3.6p1 nfsen |
Take a copy of NFSEN configuration File:
cp /var/www/nfsen/etc/nfsen-dist.conf /etc/nfsen.conf |
Edit some needed and mandatory parts of /etc/nfsen.conf configuration file (other customizations could be done, if needed):
[..] $BASEDIR = "/data/nfsen"; [..] $PREFIX = '/usr/bin'; [..] $USER = "www-data"; [..] $WWWUSER = "www-data"; $WWWGROUP = "www-data"; [..] %sources = ( 'Device' => {'port'=>'9995','col'=>'#0000ff','type'=>'netflow'}, ); [..] $MAIL_FROM = 'youraccount@yourdomain.ext'; $SMTP_SERVER = 'yoursmtphost.yourdomain.ext'; [..] |
Create Installation PATH and Install NFSEN:
mkdir -p /data/nfsen /var/www/nfsen/install.pl /etc/nfsen.conf |
Create a symbolic link to InitScript and configure it to start the daemon automatically:
ln -s /data/nfsen/bin/nfsen /etc/init.d/nfsen update-rc.d nfsen defaults 20 |
Create a symbolic link to nfsen.php in nfesn apache root directory, to permit DirectoryIndexing and fix some permissions:
ln -s /var/www/nfsen/nfsen.php /var/www/nfsen/index.php chown -R www-data:www-data /data/nfsen chown -R www-data:www-data /var/www/nfsen |
CheckOut the installation by pointing the Web Browser to: http://YourNFSENHost/nfsen/
NFSEN does not require authentication to access NetFlow DATA, it is recommended to perform at least an apache Basic HTTP authentication.
To do this, edit your default VirtualHost (default enabled by symlink in /etc/apache2/sites/enabled/000-default) and insert following configuration lines:
[..] # NFSen NetFlow Monitor <Directory "/var/www/nfsen"> Options FollowSymLinks AllowOverride None AuthType Basic AuthName "NFSEN Reserved Area" AuthUserFile /etc/apache2/nfsen_passwd Require valid-user </Directory> [..] |
Create a valid user in the specified apache UserDB file:
htpasswd -c /etc/apache2/nfsen_passwd nfsen_user chown www-data:www-data /etc/apache2/nfsen_passwd chmod 660 /etc/apache2/nfsen_passwd |
Here it is possible to find some information on how to setup a NetFlow exportation Cisco-Enabled device to feed flows to the NFDump Daemon.
An error message could appear in the NFSEN Frontend: “Frontend – Backend version missmatch!”.
In this case apply the suggested patch, in file /var/www/nfsen/html/nfsen.php line 45:
– – if ( !array_key_exists(‘backend_version’, $_SESSION ) || $_SESSION[‘backend_version’] != $expected_version ) {
+ + if ( !array_key_exists(‘backend_version’, $_SESSION ) && $_SESSION[‘backend_version’] != $expected_version ) {