nfsen-ng is an in-place replacement for the ageing nfsen.
Detailed installation instructions are available in INSTALL.md. Pull requests for additional distributions are welcome.
Software packages required:
Apache modules required:
PHP modules required:
Note: nfsen-ng expects the profiles-data folder structure to be
PROFILES_DATA_PATH/PROFILE/SOURCE/YYYY/MM/DD/nfcapd.YYYYMMDDHHII
, e.g./var/nfdump/profiles_data/live/source1/2018/12/01/nfcapd.201812010225
.
The default settings file is backend/settings/settings.php.dist
. Copy it to backend/settings/settings.php
and start modifying it. Example values are in italic:
Nfsen-ng uses nfdump to read the nfcapd files. You can specify the location of the nfdump binary in backend/settings/settings.php
. The default location is /usr/bin/nfdump
.
You should also have a look at the nfdump configuration file /etc/nfdump.conf
and make sure that the nfcapd
files are written to the correct location. The default location is /var/nfdump/profiles_data
.
Hhere is an example of an nfdump configuration:
options='-z -S 1 -T all -l /var/nfdump/profiles-data/live/<source> -p <port>'
where
-z
is used to compress the nfcapd files-S 1
is used to specify the nfcapd directory structure-T all
is used to specify the extension of the nfcapd files-l
is used to specify the destination location of the nfcapd files-p
is used to specify the port of the nfcapd files.To use sfcapd instead of nfcapd, you have to change the nfdump
configuration file /lib/systemd/system/nfdump@.service
to use sfcapd
instead of nfcapd
:
[Unit]
Description=netflow capture daemon, %I instance
Documentation=man:sfcapd(1)
After=network.target auditd.service
PartOf=nfdump.service
[Service]
Type=forking
EnvironmentFile=/etc/nfdump/%I.conf
ExecStart=/usr/bin/sfcapd -D -P /run/sfcapd.%I.pid $options
PIDFile=/run/sfcapd.%I.pid
KillMode=process
Restart=no
[Install]
WantedBy=multi-user.target
The command line interface is used to initially scan existing nfcapd.* files, or to administer the daemon.
Usage:
./cli.php [ options ] import
or for the daemon
./cli.php start|stop|status
Options:
-v Show verbose output
-p Import ports data as well Note: Using RRD this will take quite a bit longer, depending on the number of your defined ports.
-ps Import ports per source as well Note: Using RRD this will take quite a bit longer, depending on the number of your defined ports.
-f Force overwriting database and start fresh
Commands:
import Import existing nfdump data to nfsen-ng. Note: If you have existing nfcapd files, better do this overnight or over a week-end.
start Start the daemon for continuous reading of new data
stop Stop the daemon
status Get the daemon's status
Examples:
./cli.php -f import
Imports fresh data for sources
./cli.php -f -p -ps import
Imports all data
./cli.php start
Starts the daemon
You can use the daemon as a service. To do so, you can use the provided systemd service file below. You can copy it to /etc/systemd/system/nfsen-ng.service
and then start it with systemctl start nfsen-ng
.
[Unit]
Description=nfsen-ng
After=network-online.target
[Service]
Type=simple
RemainAfterExit=yes
restart=always
startLimitIntervalSec=0
restartSec=2
ExecStart=su - www-data --shell=/bin/bash -c '/var/www/html/nfsen-ng/backend/cli.php start'
ExecStop=su - www-data --shell=/bin/bash -c '/var/www/html/nfsen-ng/backend/cli.php stop'
[Install]
WantedBy=multi-user.target
Now, you should reload and enable the service to start on boot with systemctl daemon-reload
and systemctl enable nfsen-ng
.
Nfsen-ng logs to syslog. You can find the logs in /var/log/syslog
or /var/log/messages
depending on your system. Some distributions might register it in journalctl
. To access the logs, you can use tail -f /var/log/syslog
or journalctl -u nfsen-ng
You can change the log priority in backend/settings/settings.php
.
The API is used by the frontend to retrieve data. The API endpoints are documented in API_ENDPOINTS.md.