search

mbolli / nfsen-ng

Responsive NetFlow visualizer built on top of nfdump tools.
Apache License 2.0
228 stars 42 forks source link

how to add multiple NetFlow /sflow sources #18

Open Akshaykkapoor opened 5 years ago

Akshaykkapoor commented 5 years ago

My NetFlow station build around Nfsen works well , however I am not sure how to add multiple Sflow/netflow sources on same port in Nfsen-ng.

please suggest where to add source IPs and ports into the configuration, in Nfsen-ng there is no option to add IPs in backend/settings.php for multiple sources. please help, I am very impressed with the web front-end of Nfsen-ng and would like to start a new deployment with Nfsen-ng.

mbolli commented 5 years ago

Sounds to me like nfcapd configuration; nfsen-ng doesn't configure and start nfcapd... would be a nice feature though.

ghost commented 4 years ago

Hi All.

@mbolli isn't it possible to configure nfsen-ng to support multiple sources as nfsen does?

Thanks.

nfsen.conf example:

%sources = (
    'upstream1'    => { 'port'    => '9995', 'col' => '#0000ff', 'type' => 'netflow' },
    'peer1'        => { 'port'    => '9996', 'col' => '#ff0000' },
);
Dona21 commented 4 years ago

Hi @ropesca , nfsen-ng is a visualizer for that kind of data. What you are probably talking about is the nfcapd collector which is responsible to collect the data. This tool is part of nfdump and you should start it manually or with a self defined service unit/script. You could try to execute these commands on a second shell for test purposes and if they work as you would expect, incorporate them in a service or whatever.

I assume that you have nfcapd available at /usr/local/bin/nfcapd so I tried to adapt that to your context:

/usr/local/bin/nfcapd -w -D -p 9995 -u netflow -g www-data -B 200000 -S 1 -z -I upstream1 -l /your/path/to/nfsen/profiles-data/live/upstream1
/usr/local/bin/nfcapd -w -D -p 9996 -u netflow -g www-data -B 200000 -S 1 -z -I peer1 -l /your/path/to/nfsen/profiles-data/live/peer1

A quick google search to see what parameters nfcapd I am using is available here : https://www.systutorials.com/docs/linux/man/1-nfcapd/

Also, I have "netflow" user and my data needs to be available to the "www-data" group for nfsen-ng but this maybe needs to be adapted to your needs. And... maybe you might need the nfsen structure for the profiles, don't remember if that was created manually or not.

ghost commented 4 years ago

HI @Dona21 you clear up it. Thank you.

So, on nfsen-ng sources configuration, I should insert the same name as nfdump configuration, right?

In your example, would be like this:

        'sources' => array(
            'upstream1', 'peer1',
Dona21 commented 4 years ago

You are welcome, glad that it helped. Yes, that section of the configuration would be correct to match the example

realnet commented 3 years ago

I've tried to modify the NetFlow sources from the setting page which path is /var/www/html/nfsen-ng/backend/settings , then i restart the nfsenng, but it failed to display on the web page. 

        'sources' => array(
           'source1  => { 'port'    => '9996', 'col' => '#ff0000', 'IP' => 172.16.1.1', 'Type' => 'sflow' },

the web page that display as below:

General error:
Parse error: syntax error, unexpected '{' in /var/www/html/nfsen-ng/backend/settings/settings.php on line 16

my question is what's the correct method to modify the multiple sources?

mbolli commented 3 years ago

@realnet sources is a string array, your curly-braces syntax is not valid PHP. nfsen-ng only needs the name of the source, all the other data is used by nfcapd (see this excellent answer by @Dona21)

So your sources array should look like this:

'sources' => ['source1', 'source2', 'source3']
steinhorstbr commented 1 year ago

what is wrong with this command?

command : nfcapd -p 9995 -u www-data -g www-data -B 200000 -S 1 -z -I EDGE -l /var/nfdump/profiles-data/live/EDGE

result:

Add extension: 2 byte input/output interface index Add extension: 4 byte input/output interface index Add extension: 2 byte src/dst AS number Add extension: 4 byte src/dst AS number Add extension: 4 byte output bytes Add extension: 8 byte output bytes Add extension: NSEL Common block Add extension: NSEL xlate ports Add extension: NSEL xlate IPv4 addr Add extension: NSEL xlate IPv6 addr Add extension: NSEL ACL ingress/egress acl ID Add extension: NSEL username Add extension: NSEL max username Add extension: NEL Common block Bound to IPv4 host/IP: any, Port: 9995 Standard setsockopt, SO_RCVBUF is 212992 Requested length is 200000 bytes System set setsockopt, SO_RCVBUF to 400000 bytes startup. Init IPFIX: Max number of IPFIX tags: 69 Process_v9: New exporter: SysID: 1, Domain: 0, IP: 192.168.100.0

Process_v9: [0] Add template 256 Process_v9: [0] Add template 257 Ident: 'BORDA' Flows: 1099538, Packets: 34569118, Bytes: 31544308647, Sequence Errors: 5730, Bad Packets: 0 Total ignored packets: 0

pra838 commented 11 months ago

nfsen-ng Why is my date and time not correct and always show my core switch internet side Ip and not show NAT ip in the network.

pra838 commented 11 months ago

I've tried to modify the NetFlow sources from the setting page which path is /var/www/html/nfsen-ng/backend/settings , then i restart the nfsenng, but it failed to display on the web page.

        'sources' => array(
           'source1  => { 'port'    => '9996', 'col' => '#ff0000', 'IP' => 172.16.1.1', 'Type' => 'sflow' },

the web page that display as below:

General error:
Parse error: syntax error, unexpected '{' in /var/www/html/nfsen-ng/backend/settings/settings.php on line 16

my question is what's the correct method to modify the multiple sources?

https://ws.learn.ac.lk/wiki/NspwUprouse/Agenda/netflow

Dona21 commented 11 months ago

Hi @steinhorstbr , I did not see your comment before and I assume you found out since February. However, for any nfdump suite tools (nfcapd is part of it), you should ask that directly there https://github.com/phaag/nfdump

Dona21 commented 11 months ago

Hi @pra838 , your question concerning sources has been answered in this exact same post by @mbolli . See it here.

@realnet sources is a string array, your curly-braces syntax is not valid PHP. nfsen-ng only needs the name of the source, all the other data is used by nfcapd (see this excellent answer by @Dona21)

So your sources array should look like this:

'sources' => ['source1', 'source2', 'source3']
pra838 commented 11 months ago

https://github.com/mbolli/nfsen-ng/issues/18#issuecomment-1674247001

Why my date & time is not correct?

Dona21 commented 11 months ago

In the screenshot you posted, you can see a command (nfdump tool) that is executed in the backend. Try to run it on a your terminal and see what kind of output you get. My assumption is that you will have the same output. If so, your question should be posted on the nfdump project at the output is generated by that tool. However, in any case this question has nothing to do with the issue you are writing in with title "how to add multiple NetFlow /sflow sources", so please keep it structured when asking for help, thanks