Menu

Tree [08dbc0] master /
 History

HTTPS git://
HTTPS access

File Date Author Commit
 backend 2014-09-05 Robin Berthier Robin Berthier [4ac9bc] Improved nfids logging into MySQL
 frontend 2014-09-05 Robin Berthier Robin Berthier [165ea4] Improved NfIDS display page.
 CHANGELOG 2014-09-05 Robin Robin [08dbc0] Updated changelog for release candidate.
 LICENSE 2013-02-03 Robin B Robin B [4dec69] Initial commit
 README 2014-09-03 Robin Berthier Robin Berthier [89e480] Updated installer to take into account new 'max...
 license.header 2013-02-03 Robin B Robin B [4dec69] Initial commit

Read Me

-----------------------------------------------------------
 		          Nfsight
	      Netflow-based Network Awareness
-----------------------------------------------------------



Thank you for your interest in Nfsight.
This document is divided into 3 sections:

 -1- REQUIREMENTS
 -2- INSTALLATION
 -3- KNOWN ISSUES
 -4- TROUBLESHOOTING

If you need more information or if you have any question, 
please visit:
	http://nfsight.sourceforge.net 
or contact:
	robinb@umd.edu



-- REQUIREMENTS -------------------------------------------

Nfsight has two components: a back-end script written in 
Perl, and a front-end interface written in PHP/MySQL.

The back-end script is a module for the Nfsen application.
You can find more information about Nfsen at:
	http://nfsen.sourceforge.net

Before proceeding to the installation, make sure to install 
the following dependencies:

 - For the back-end:
   * Nfsen (latest stable version)
   * MySQL server
   * Perl DBI with support for MySQL
   * Perl Number::Format module
 - For the front-end:
   * Web server and PHP compiled with support for MySQL
   * MySQL server
   * Nfdump (available at http://nfdump.sf.net)
   * UNIX environment (cat, grep, sort, head)
   * (optional) PicViz (https://launchpad.net/ubuntu/+source/picviz/0.5-1build://launchpad.net/ubuntu/+source/picviz/)



-- INSTALLATION -------------------------------------------

To install the back-end, copy nfsight.pm to your Nfsen 
back-end plugin directory (e.g., /var/nfsen/plugins/)
and create a new folder called "nfsight" inside this
directory (e.g., "mkdir /var/nfsen/plugins/nfsight")

Make sure that Nfsen has read and write access to this 
directory.

You will also have to update the configuration of Nfsen
according to instructions provided during the installation
of the front-end.


To install the front-end, extract everything from the Nfsight
tarball to your web server directory (e.g., /var/www/nfsight/) 

Make sure that your web server has read and write access
to this directory.

Create a database for Nfsight in your MySQL server.

Open a browser and navigate to the front-end folder to 
start the installer script:
	http://<host>/<nfsight folder>/installer.php

Follow the instructions to setup the different parameters
required by Nfsight, including the credentials to access
to the MySQL database.

This user should have the privilege to create and 
delete tables in the Nfsight database.

When the installer script completes, it will write a new
file config.php in the front-end folder and give you the
back-end configuration parameters that you need to paste
in Nfsen configuration (e.g., /var/nfsen/etc/nfsen.conf).

Restart Nfsen to initiate the back-end script. For example:
	/var/nfsen/bin/nfsen stop
	/var/nfsen/bin/nfsen start

Install the hourly cronjob required by Nfsight to periodically
update the database:
        06 * * * *  wget --no-check-certificate -q -O - \
http://management:aggregate@<host>/<nfsight folder>/aggregate.php


You can now open your browser to Nfsight and login using the
account specified during the installation process.


-- KNOWN ISSUES -------------------------------------------

Internet Explorer is NOT supported and does not correctly
display the layout used in the front-end of Nfsight.

IPv6 addresses are not yet supported, but implementation
for this feature is planned.

Processing flows for a date other than today's date isn't 
supported by the frontend. For example, if one processes flows 
recorded on 2013-03-01 and today's date is 2013-03-10, then the
database used by the frontend won't store older flows in
the right tables (and so they won't be visible on the GUI).

-- TROUBLESHOOTING ----------------------------------------

Here is a procedure to troubleshoot Nfsight if no data is
collected or the front-end remains empty.

 1. Verify that the back-end script is running properly by
    looking at the logs from syslog:
	sudo grep -i nfsight /var/log/syslog

 2. If no error is reported, check in the back-end data 
    directory (e.g., /var/nfsen/plugin/nfsight/) if biflow
    and service files are created and non-empty.
    If no data is recorded in this file, check the parameters
    of the back-end (e.g., in /var/nfsen/etc/nfsen.conf) to 
    make sure that the parameters "network" and 
    "print_<int|ext>_<client|server|...>" are correct.
    You can also check that Nfsen processes flow correctly
    and that flow files in your live profile are not empty.

 3. If the back-end works properly and records biflow and
    service data, log in to your MySQL server and check in 
    the nfsight database that the table server_discovery  
    exists and is not empty.
    If you detect an issue, check the front-end parameters
    in config.php within the front-end directory

 4. If you cannot find the root cause of your issue, contact 
    the developer or submit a ticket at:
	http://nfsight.sourceforge.net


---------------------------------------------------------------
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.