Re: [Nfsen-discuss] Problems using old nfdump data
Netflow visualisation and investigation tool
Brought to you by:
phaag
Menu
▾
▴
Re: [Nfsen-discuss] Problems using old nfdump data
|
From: Ivan A. B. <iv...@li...> - 2006-04-03 21:40:57
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/04/2006 21:09, Esben Bach wrote:
> Important configuration bits as follows:
>
> <begin>
> $BASEDIR= "/pack/nfsen-1.2.4";
> $PROFILESTATDIR="/netanalysis/nfsen/profiles";
> $PROFILEDATADIR="${BASEDIR}/profiles";
This looks like an odd setup, but we'll persevere with it for the moment ...
> %source = (
> 'output' => { 'port' => '9997', 'col' => '#ff0000'},
> );
> <end>
>
> The data from nfdump is placed in
> /pack/nfsen-1.2.4/profiles/live/output/output
With your above setup, I believe you should put the datafiles in the
directory:
/pack/nfsen-1.2.4/profiles/live/output/
.... so you would have files called nfcapd.YYYYMMDDHHmm where:
YYYY = 4-digit year
MM = month
DD = date
HH = hour
MM = minute
I assume ft2nfdump creates the filenames correctly :)
This means that you should have files in locations like this:
/pack/nfsen-1.2.4/profiles/live/output/nfcapd.200604032115
/pack/nfsen-1.2.4/profiles/live/output/nfcapd.200604032120
/pack/nfsen-1.2.4/profiles/live/output/nfcapd.200604032125
This is the relevant/changed part of mine:
=========================
$BASEDIR = "/opt/nfsen";
$HTMLDIR = "/var/www/localhost/htdocs/nfsen/";
$PROFILESTATDIR="${BASEDIR}/profiles";
$PROFILEDATADIR="/opt/data/nfsen/profiles";
$PREFIX = '/usr/local/bin';
$USER = "netflow";
$WWWUSER = "apache";
$WWWGROUP = "apache";
%sources = (
'switch02' => { 'port' => '9402', 'col' => '#00ff00' },
'switch20' => { 'port' => '9420', 'col' => '#0000ff' },
);
=========================
- From default, many of the directories are within the heirarchy of
$BASEDIR ... where $BASEDIR is where nfsen will be installed. $HTMLDIR
is obviously in apache's webroot.
You will notice I have specified $PROFILEDATADIR to be outside of the
$BASEDIR - this is to a separate partition, so filling up the data dir
will not cause corruption to the actual profiles.
NOTE: You are expected to unpack the nfsen tarball somewhere (let's say
/tmp/nfsen) and install it to somewhere different (let's say /opt/nfsen
as in my case). The install script does this ... this could be what you
are misunderstanding.
I would recommend, to get it working, you use the KISS principle (keep
it simple stupid) and then fiddle more when you have it working. It's
always a good principle to start with, trust me :)
What I mean by this is that the only directory variables in nfsen.conf I
would change are BASEDIR and HTMLDIR. Don't unpack the tarball in
$BASEDIR - unpack it somewhere else.
I hope that makes sense :)
Ivan
- --
Ivan Beveridge
<iv...@li...> http://www.linx.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEMZYnQQZN5jq7vncRAqxyAKCjEfJYovzQJmKx3krYE9n451IJcgCghVd0
YwQli4UusSdmPDjznQ7nGPo=
=otb+
-----END PGP SIGNATURE-----
|
