Versions Compared

Old Version 6

changes.mady.by.user Keith Sinclair

Saved on

compared with

New Version 7

changes.mady.by.user Mark Dueck

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Add authentication configuration for remote mongod servers

...

Code Block
themeEmacs
cd /usr/local
tar xvf ~/opFlow-Linux-x86_64-<version>.tar.gz
cd opmantek/
cp install/opCommon.nmis conf/
cp install/opFlow.nmis conf/ 
bin/opfixperms.pl
cp install/01opmantek.conf /etc/httpd/conf.d/
service httpd restart

Considerations for NetFlow Data Storage 
Anchor
Considerations_for_NetFlow_Data_Storage
Considerations_for_NetFlow_Data_Storage

NetFlow data can get away on you, there could be several Gigabytes of NetFlow data each hour, day or month, this is all very dependant on where you are generating netflow from, the number of active users and the types of applications they are using.  A longer discussion on this will be written up, but in summary, if you are expecting large amounts of NetFlow data, then you will want to consider storing the MongoDB database and the NetFlow data into a filesystem with 50 gigabytes or more.  During development we found 20gigabytes was enough for our purposes, but caused problems with the flow files mainly.

...

The following commands get MongoDB running (before doing this make sure to read the section above on considerations for storage).  The last command here starts MongoDB, the first time it runs it can take some time to do its pre-allocation of database and journal files.  This will depend on the performance of your storage.

...

Code Block
themeEmacs
/usr/local/opmantek/bin/opflow_setup.pl setup=cron 

######################################################
# opFlow Cronfig
######################################################
# Run the DNS resolution every 15 minutes
*/15 * * * * /usr/local/opmantek/bin/opflowd.pl type=endpoints
# Purge the old Flows every 24 hours
0 0 * * * /usr/local/opmantek/bin/opflowd.pl type=purge
######################################################
# Check to rotate the logs 4:05AM every day
5 4 * * * /usr/sbin/logrotate /usr/local/opmantek/conf/oplogrotate.conf  

crontab -e

Insert the above text, then save and quit.

Configuring mongod on a remote server 
Anchor
configuring_mongod_on_a_remote_server
configuring_mongod_on_a_remote_server

If you not are running your mongo db server on the same server as opFlow mongo database authentication will need to be done manually.

  1. Ensure mongod is not running with the --auth switch, if you are using the mongod.init.d script included in opFlow run 

    Code Block
    /etc/init.d/mongod stop;
 /etc/init.d/mongod start_no_auth;

  2. Create the user, currently the opFlow user requires access to both the admin database and it's own. Start up the mongo shell and type these commands:

    Code Block
    use admin;
db.addUser('opUserRW', 'op42flow42'); // these are the defaults, change them as well as your opFlow.nmis file
use nmis; // again this is a default, it doesn't need to be changed
db.addUser('opUserRW', 'op42flow42'); // these are the defaults, change them as well as your opFlow.nmis file, it should match the above user command

  3. Restart the mongo server with authentication, --auth 

    Code Block
    /etc/init.d/mongod stop;
 /etc/init.d/mongod start;

Starting the opFlow Daemon

...