I had to monitor a LAN Network. To do it I've installed a HP 5500-48G JD375A switch. It will send sFlow informations to a GNU/Linux Debian server where nfsen will be installed.
root@host:~# apt-get install libsocket6-perl lighttpd php7.0-common libmailtools-perl rrdtool librrds-perl libmailtools-perl rrdtool librrds-perl libsocket6-perl php7.0 php7.0-cgi
root@host:~# adduser netflow root@host:~# usermod -a -G www-data netflow
root@host:~# cd /usr/local/src/ root@host:~# wget http://sourceforge.net/projects/nfsen/files/stable/nfsen-1.3.8/nfsen-1.3.8.tar.gz root@host:~# gzip -dc nfsen-1.3.8.tar.gz | tar -xf - root@host:~# cd nfsen-1.3.8/ root@host:~# cp etc/nfsen-dist.conf /etc/nfsen.conf
my $CONFFILE = defined $InitConfigFile ? $InitConfigFile : "/etc/nfsen.conf";
Edit the nfsen.conf file, and set it to manage sflow datas and PortTracker plugin.
$PREFIX = '/usr/bin'; $WWWUSER = "www-data"; $WWWGROUP = "www-data"; %sources = ( 'enp3s0' => { 'port' => '6343', 'col' => '#0000ff', 'type' => 'sflow' }, ); @plugins = ( [ '*', 'PortTracker' ], );
We will install the PortTracker plugin.
root@host:~# cp contrib/PortTracker/PortTracker.php /var/www/nfsen/plugins/
root@host:~# cp contrib/PortTracker/PortTracker.pm /data/nfsen/plugins/
root@host:~# mkdir -p /data/nfsen/ports-db root@host:~# chown -R netflow:www-data /data/nfsen/ports-db/ root@host:~# chown netflow:www-data /data/nfsen/plugins/PortTracker.pm root@host:~# su netflow netflow@host:~$ nftrack -I -d /data/nfsen/ports-db/
root@host:~# /usr/local/src/nfsen-1.3.8/install.pl /etc/nfsen.conf
root@host:~# /usr/local/src/nfsen-1.3.8/bin/nfsen start
We will use lighttpd as web server.
server.modules = ( "mod_access", "mod_alias", "mod_compress", "mod_redirect", ) url.redirect = ( "^/$" => "http://10.0.0.150/nfsen.php" ) #server.document-root = "/var/www/html" server.document-root = "/var/www/nfsen/" server.upload-dirs = ( "/var/cache/lighttpd/uploads" ) server.errorlog = "/var/log/lighttpd/error.log" server.pid-file = "/var/run/lighttpd.pid" server.username = "www-data" server.groupname = "www-data" server.port = 80 index-file.names = ( "index.php", "index.html", "index.lighttpd.html" ) url.access-deny = ( "~", ".inc" ) static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) compress.cache-dir = "/var/cache/lighttpd/compress/" compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" ) # default listening port for IPv6 falls back to the IPv4 port include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port include_shell "/usr/share/lighttpd/create-mime.assign.pl" include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
root@host:~# systemctl restart lighttpd.service
Now we can set our HP 5500-48G switch to send sFlow data to our nfsen server.
[HP]interface vlan-interface 1 [HP-Vlan-interface1]ip address 10.0.0.75 255.255.255.0
[HP]sflow agent ip 10.0.0.75
[HP]sflow collector 1 ip 10.0.0.150
[HP]interface range gigabitethernet 1/0/1 to gigabitethernet 1/0/24 [HP-if-range]sflow flow collector 1 sflow sampling-rate 1000
Contact :