NfSen Installation Guide

NfSen displays graphs and stats generated from collected NetFlow data through a web interface. Having recently started playing with it and having already installed it twice, I thought it would be a good time to throw up a quick guide for future reference while it’s still fresh in my head.

Even thought the netflow collector (nfdump) and Nfsen are seperate packages, Nfsen will configure and start all the necessary nfdump processes as required.

Firstly, read and check the prerequisites at http://nfsen.sourceforge.net. An assumption is being made that Apache, PHP and Perl are already installed.

Download necessary Perl Modules

cpan Mail::Header
cpan Mail::Internet

Install RRDTool and flex (required for nfdump to compile)

yum install perl-rrdtool rrdtool rrdtool-devel flex

Download and install nfdump

Download latest version from http://sourceforge.net/projects/nfdump. At the time of writing, this was nfdump-1.6b-snapshot-20090619.tar.gz.

Extract, and compile as follows (your rrdpath may differ, use which rrdtool):

./configure --enable-nfprofile --with-rrdpath=/usr/bin
make
make install

Download and install NfSen

Download latest version from http://sourceforge.net/projects/nfsen. At the time of writing, this was nfsen-1.3.2.tar.gz.

Once extracted, make a copy of the etc/nfsen-dist.conf and call it nfsen.conf

For CentOS 5.3, with a standard Apache install, the following changes can to be made to the nfsen.conf. Some are optional, but the user, wwwuser and wwwgroup are mandatory.

$BASEDIR = "/usr/local/nfsen";
$HTMLDIR    = "/var/www/html/nfsen/";
$USER    = "apache";
$WWWUSER  = "apache";
$WWWGROUP = "apache";

Remove the default sample netflow devices, and add you own. The syntax is fairly self explanatory: the name of the device, what port it’s sending flows to, the colour which will represent the device on the web interface, and the type.

 'starwish'        => { 'port'    => '9996', 'col' => '#ff0000', 'type' => 'netflow'  },

Run the install script

./install.pl etc/nfsen.conf

And we’re done. The control script is located in /usr/local/nfsen/bin/nfsen. NfSen will automagically configure and start the necessary nfdump processes.

Now you should be able to browse to http://yourserver/nfsen/nfsen.php and see a bunch of empty graphs, which will hopefully be populated with many pretty colours over time.

Last thing we can do is set nfsen.php to be the default page for /nfsen in Apache.

Create and edit /etc/httpd/conf.d/nfsen.conf

<Directory /var/www/html/nfsen/>
    DirectoryIndex nfsen.php
</Directory>

That’s it for now.

Reference: http://www.first.org/conference/2006/program/netflow_tools_nfsen_and_nfdump.html