Installation and configuration of NFDUMP and NfSen on Ubuntu

Nfsen is open source Netflow collector and analyzer available under open source license. It collects only network usage data and shows the interactive graphs based on that data.

NFDUMP

Let’s add some tools we’ll need to build the package
apt-get update && apt-get install gcc flex librrd-dev make
We are ready to start! The steps are very simple: download source code and extract the tar:
cd /usr/src/
wget http://sourceforge.net/projects/nfdump/files/stable/nfdump-1.6.8p1/nfdump-1.6.8p1.tar.gz
tar zxvf nfdump-1.6.8p1.tar.gz
cd nfdump-1.6.8p1
In order to use NFDUMP with NfSen we need to enable nfprofile in the configure step; then we have to make && make install it:
./configure --enable-nfprofile
make && make install

NfSen

apt-get install apache2 libapache2-mod-php5 php5-common libmailtools-perl rrdtool librrds-perl

Now it’s time to download and configure the program:
cd /usr/src/
wget http://sourceforge.net/projects/nfsen/files/stable/nfsen-1.3.6p1/nfsen-1.3.6p1.tar.gz
tar zxvf nfsen-1.3.6p1.tar.gz
cd nfsen-1.3.6p1

install the Socket6 perl module
perl -MCPAN -e 'install Socket6'

Once extracted, we have to copy the config file into /etc and modify it:
cp etc/nfsen-dist.conf /etc/nfsen.conf
vim /etc/nfsen.conf

$USER = "www-data";
$WWWUSER = "www-data";
$WWWGROUP = "www-data";
%sources = (
'MYROUTER' => { 'port' => '9995', 'col' => '#0000ff', 'type' => 'netflow' },
);
$MAIL_FROM = '[email protected]';
$SMTP_SERVER = 'MY.SMTPSERVER.COM';

mkdir -p /data/nfsen
./install.pl /etc/nfsen.conf

cd /data/nfsen/bin
./nfsen start

Set it to run on startup
ln -s /data/nfsen/bin/nfsen /etc/init.d/nfsen
update-rc.d nfsen defaults 20
Now it’s ready, point your browser to http://YourIpAddress/nfsen/nfsen.php

Don’t forget to export your netflow data from the switch/router to your server

See Also:

• http://nfsen.sourceforge.net/
• http://nfdump.sourceforge.net/