Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

how to add multiple NetFlow /sflow sources #18

Open
Akshaykkapoor opened this issue Nov 29, 2018 · 14 comments
Open

how to add multiple NetFlow /sflow sources #18

Akshaykkapoor opened this issue Nov 29, 2018 · 14 comments
Labels
enhancement

Comments

@Akshaykkapoor
Copy link

My NetFlow station build around Nfsen works well , however I am not sure how to add multiple Sflow/netflow sources on same port in Nfsen-ng.

please suggest where to add source IPs and ports into the configuration, in Nfsen-ng there is no option to add IPs in backend/settings.php for multiple sources. please help, I am very impressed with the web front-end of Nfsen-ng and would like to start a new deployment with Nfsen-ng.
@mbolli
Copy link
Owner

mbolli commented Dec 2, 2018

Sounds to me like nfcapd configuration; nfsen-ng doesn't configure and start nfcapd... would be a nice feature though.

@ghost
Copy link

ghost commented Feb 11, 2020

Hi All.

@mbolli isn't it possible to configure nfsen-ng to support multiple sources as nfsen does?

Thanks.

nfsen.conf example:

%sources = (
    'upstream1'    => { 'port'    => '9995', 'col' => '#0000ff', 'type' => 'netflow' },
    'peer1'        => { 'port'    => '9996', 'col' => '#ff0000' },
);

@Dona21
Copy link
Collaborator

Dona21 commented Feb 11, 2020

Hi @ropesca ,
nfsen-ng is a visualizer for that kind of data. What you are probably talking about is the nfcapd collector which is responsible to collect the data. This tool is part of nfdump and you should start it manually or with a self defined service unit/script. You could try to execute these commands on a second shell for test purposes and if they work as you would expect, incorporate them in a service or whatever.

I assume that you have nfcapd available at /usr/local/bin/nfcapd so I tried to adapt that to your context:

/usr/local/bin/nfcapd -w -D -p 9995 -u netflow -g www-data -B 200000 -S 1 -z -I upstream1 -l /your/path/to/nfsen/profiles-data/live/upstream1
/usr/local/bin/nfcapd -w -D -p 9996 -u netflow -g www-data -B 200000 -S 1 -z -I peer1 -l /your/path/to/nfsen/profiles-data/live/peer1

A quick google search to see what parameters nfcapd I am using is available here : https://www.systutorials.com/docs/linux/man/1-nfcapd/

Also, I have "netflow" user and my data needs to be available to the "www-data" group for nfsen-ng but this maybe needs to be adapted to your needs. And... maybe you might need the nfsen structure for the profiles, don't remember if that was created manually or not.

@ghost
Copy link

ghost commented Feb 11, 2020

HI @Dona21 you clear up it. Thank you.

So, on nfsen-ng sources configuration, I should insert the same name as nfdump configuration, right?

In your example, would be like this:

        'sources' => array(
            'upstream1', 'peer1',

@Dona21
Copy link
Collaborator

Dona21 commented Feb 11, 2020

You are welcome, glad that it helped. Yes, that section of the configuration would be correct to match the example

@realnet
Copy link

realnet commented Dec 21, 2020

I've tried to modify the NetFlow sources from the setting page which path is /var/www/html/nfsen-ng/backend/settings , then i restart the nfsenng, but it failed to display on the web page.

        'sources' => array(
           'source1  => { 'port'    => '9996', 'col' => '#ff0000', 'IP' => 172.16.1.1', 'Type' => 'sflow' },

the web page that display as below:

General error:
Parse error: syntax error, unexpected '{' in /var/www/html/nfsen-ng/backend/settings/settings.php on line 16

my question is what's the correct method to modify the multiple sources?

@mbolli
Copy link
Owner

mbolli commented Dec 21, 2020

@realnet
sources is a string array, your curly-braces syntax is not valid PHP. nfsen-ng only needs the name of the source, all the other data is used by nfcapd (see this excellent answer by @Dona21)

So your sources array should look like this:

'sources' => ['source1', 'source2', 'source3']

@Dona21 Dona21 mentioned this issue Dec 23, 2020
Closed
@steinhorstbr
Copy link

what is wrong with this command?

command : nfcapd -p 9995 -u www-data -g www-data -B 200000 -S 1 -z -I EDGE -l /var/nfdump/profiles-data/live/EDGE

result:

Add extension: 2 byte input/output interface index
Add extension: 4 byte input/output interface index
Add extension: 2 byte src/dst AS number
Add extension: 4 byte src/dst AS number
Add extension: 4 byte output bytes
Add extension: 8 byte output bytes
Add extension: NSEL Common block
Add extension: NSEL xlate ports
Add extension: NSEL xlate IPv4 addr
Add extension: NSEL xlate IPv6 addr
Add extension: NSEL ACL ingress/egress acl ID
Add extension: NSEL username
Add extension: NSEL max username
Add extension: NEL Common block
Bound to IPv4 host/IP: any, Port: 9995
Standard setsockopt, SO_RCVBUF is 212992 Requested length is 200000 bytes
System set setsockopt, SO_RCVBUF to 400000 bytes
startup.
Init IPFIX: Max number of IPFIX tags: 69
Process_v9: New exporter: SysID: 1, Domain: 0, IP: 192.168.100.0

Process_v9: [0] Add template 256
Process_v9: [0] Add template 257
Ident: 'BORDA' Flows: 1099538, Packets: 34569118, Bytes: 31544308647, Sequence Errors: 5730, Bad Packets: 0
Total ignored packets: 0

@pra838
Copy link

pra838 commented Aug 11, 2023

nfsen-ng
Why is my date and time not correct and always show my core switch internet side Ip and not show NAT ip in the network.

@pra838
Copy link

pra838 commented Aug 11, 2023

I've tried to modify the NetFlow sources from the setting page which path is /var/www/html/nfsen-ng/backend/settings , then i restart the nfsenng, but it failed to display on the web page.

        'sources' => array(
           'source1  => { 'port'    => '9996', 'col' => '#ff0000', 'IP' => 172.16.1.1', 'Type' => 'sflow' },

the web page that display as below:

General error:
Parse error: syntax error, unexpected '{' in /var/www/html/nfsen-ng/backend/settings/settings.php on line 16

my question is what's the correct method to modify the multiple sources?

https://ws.learn.ac.lk/wiki/NspwUprouse/Agenda/netflow

@Dona21
Copy link
Collaborator

Dona21 commented Aug 11, 2023

Hi @steinhorstbr , I did not see your comment before and I assume you found out since February. However, for any nfdump suite tools (nfcapd is part of it), you should ask that directly there https://github.com/phaag/nfdump

@Dona21
Copy link
Collaborator

Dona21 commented Aug 11, 2023

Hi @pra838 , your question concerning sources has been answered in this exact same post by @mbolli . See it here.

@realnet sources is a string array, your curly-braces syntax is not valid PHP. nfsen-ng only needs the name of the source, all the other data is used by nfcapd (see this excellent answer by @Dona21)

So your sources array should look like this:

'sources' => ['source1', 'source2', 'source3']

@pra838
Copy link

pra838 commented Aug 15, 2023

#18 (comment)

Why my date & time is not correct?

@Dona21
Copy link
Collaborator

Dona21 commented Aug 15, 2023

In the screenshot you posted, you can see a command (nfdump tool) that is executed in the backend. Try to run it on a your terminal and see what kind of output you get. My assumption is that you will have the same output. If so, your question should be posted on the nfdump project at the output is generated by that tool. However, in any case this question has nothing to do with the issue you are writing in with title "how to add multiple NetFlow /sflow sources", so please keep it structured when asking for help, thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@mbolli @realnet @Dona21 @Akshaykkapoor @pra838 @steinhorstbr