search

oznu / docker-unms

This image is no longer maintained: https://github.com/oznu/docker-unms/issues/53
143 stars 68 forks source link

Netflow in 0.13 #25

Closed russellgalpin closed 6 years ago

russellgalpin commented 6 years ago

Hi There

I believe that UNMS 0.13 now supports netflow, and by default it should run on port 2055. However, this port does not appear to be getting exposed by Docker? I have tried to manually expose the port, but still no luck getting UNMS to see the netflow packets. Does anything else need to change in the core of UNMS to allow it to accept the incoming netflow packets that 0.13 support?

oznu commented 6 years ago

It looks like that's a new service dependency. This container does not currently have netflow running, I will look into it soon.

jamesj2 commented 6 years ago

I too was looking to use netflow with this docker image. While researching I found Ubiquiti has netflow in a separate image, ubnt/unms-netflow. Discovered it after reading the UNMS docker compose template.

agherzan commented 6 years ago

Indeed. There is another service that needs to run. It should be easy to add it.

SlothCroissant commented 6 years ago

Would love to see this as well. Have my Edgerouter devices all talking to PRTG but I like the looks of UNMS' implementation of netflow and would love to check it out!

Great work on the container.

oznu commented 6 years ago

That latest tag should now have netflow. If you could confirm it's working then I'll push up a tagged release.

SlothCroissant commented 6 years ago

I see flows coming in. Thanks!

jamesj2 commented 6 years ago

It's working for me as well. Thanks!

oznu commented 6 years ago

Thanks for testing!

russellgalpin commented 6 years ago

I've updated the container and can see that netflow is running. However, at least in my situation, I do not believe the ports were forwarded to the container for the netflow traffic. I attempted to forward the ports manually and can now see them listed in "docker ps" but UNMS is not picking it up.

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e51fac376b85 oznu/unms:armhf "/init" 3 days ago Up 3 days 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:2055->2055/tcp unms_unms_1

I'm tcpdump-ing the traffic coming from my edge router into the docker host and can see it there.

Any ideas what could be going on?

agherzan commented 6 years ago

@oznu are you going to push to the 0.13 tag?

agherzan commented 6 years ago

@oznu 0.13.0r2-armhf doesn't seem to work. I don't see 2055 opened. EDIT: I guess is not supposed to. amrhf works fine.

agherzan commented 6 years ago

@russellgalpin netflow work on udp. You need to forward 2055 UDP port.

russellgalpin commented 6 years ago

@agherzan I tried opening it on UDP and it didn't seem to have any affect. I might need to rebuild the container and start again.

jamesj2 commented 6 years ago

You may need to reboot your router to activate Netflow after you've configured it. You can also see Ubiquiti's netflow troubleshooting help if you want to verify the data is being sent | received.

russellgalpin commented 6 years ago

@jamesj2 Thanks, I'm pretty sure the netflow packets are arriving at the host machine, I can see them in tcpdump:

root@raspberrypi:~# tcpdump port 2055 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 15:39:54.484292 IP 192.168.2.1.40807 > pi.7d.local.2055: UDP, length 496 15:39:55.054717 IP 192.168.2.1.47580 > pi.7d.local.2055: UDP, length 380 15:39:55.466384 IP 192.168.2.1.47580 > pi.7d.local.2055: UDP, length 144 15:39:55.669626 IP 192.168.2.1.40807 > pi.7d.local.2055: UDP, length 380 15:39:56.968964 IP 192.168.2.1.40807 > pi.7d.local.2055: UDP, length 144 15:39:59.048723 IP 192.168.2.1.47580 > pi.7d.local.2055: UDP, length 496 15:39:59.048727 IP 192.168.2.1.47580 > pi.7d.local.2055: UDP, length 496

They just don't seem to be arriving into UNMS. I'm not sure how to tell whether they're arriving into the docker container...

jamesj2 commented 6 years ago

You could try tcpdump in the docker instance but you may need to install it. I too was having issues and ended up rebooting my router and recreating the docker cleanly before it started working.

russellgalpin commented 6 years ago

Just to say, I eventually found the solution to this in my case. I had to rebuild the docker instance (I backed up my UNMS config first so I could restore). Then I had to create a new docker-composer.yml with the 2055 udp port forwarding specified as follows follows:

version: '2' services: unms: image: oznu/unms:armhf restart: always ports:

@oznu perhaps it's worth updating the wiki page https://github.com/oznu/docker-unms/wiki/UNMS-on-Raspberry-Pi#3-create-docker-compose-manifest with the extra line, if this is indeed required in all situations.

koaschten commented 5 years ago

Just to make sure I understand this correctly. I followed https://github.com/oznu/docker-unms/wiki/UNMS-on-Raspberry-Pi and UNMS comes up fine and works, added an edgerouter ok.

wanted to add NetFlow so I did this:

  1. Shell-Login onto e.g. edgerouter and add the flow accounting config from the UNMS gui under settings/unms#netflow
  2. reboot device e.g. edgerouter
  3. modify docker-composer.yml to reflect the requirement for port 2055:2055/udp as per @russellgalpin
  4. restart container with docker-compose restart unms
  5. sadly no netflow even though the portsettings show up in docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d9a06b666399 oznu/unms:armhf "/init" 16 minutes ago Up 16 minutes 0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp, 0.0.0.0:2055->2055/udp unms_unms_1

where did I go wrong @oznu ?

edit: even tried recreating the container.