Versions Compared

Old Version 17

changes.mady.by.user Mark Dueck

Saved on

compared with

New Version 18

changes.mady.by.user Alexander Zangerl

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: updated nfdump init-script-override-file section for improved clarity

...

After installation you may need/want to change the directories that flows are stored in, the ports the flows are coming in on, etc.  Please read the sections below for more.

nfdump

On most platforms nfdump uses , the classic init script /etc/init.d/nfdump, normally accessed via the service helper, e.g. service nfdump stop|stop|restart

To override configuation use /etc/sysconfig/nfdump (RH/CentOS) or /etc/default/nfdump (Debian/Ubuntu/etc).

or start.
The init script contains defaults for the most essential options for the nfdump/nfcapd programs.

It is recommended that you do not modify this init script, as upgraded nfdump packages may very well replace it.

Instead you should make use of the corret override file for your platform, and add values  for (only) those options that you want to change. On CentOS/RedHat, you need to create or modify  /etc/sysconfig/nfdump, on Debian/Ubuntu the correct file is /etc/default/nfdump. Please note that this override file wins over the defaults that the init script sets.

Here is a list of the defaults as provided by the init script:This just needs to contain the changes you want, the init script (/etc/init.d/nfdump) has the following defaults. 

Code Block
# best way to configure these is via /etc/default/nfdump or /etc/sysconfig/nfdump,
# DATA_BASE_DIR needs to be the same as "<opflow_dir>" in opCommon.nmis
DATA_BASE_DIR="/var/lib/nfdump"
DATA_ROTATE_INTERVAL=300
NETFLOW_PORT=9995
PIDFILE=/var/run/$NAME.pid

So To to change port and spool directory to your preferred settings, edit /etc/sysconfig/nfdump rsp. /etc/default/nfdump so that it contains the following entries:

Code Block
# non-standard config settings for nfdump
# this directory was used by opFlow 2.99.2X
DATA_BASE_DIR=/data/opflow
NETFLOW_PORT=12345

When that's  done, you need to restart the nfdump service to activate your configuration: sudo service nfdump restart.

Additional required steps If your OS is Debian or Ubuntu, and you are using systemd:

The most recent nfdump packages in Debian come with a problematic systemd service file (see bug Debian Bug 843602) which completely ignores /etc/default/nfdump.
Until that is resolved, we recommend that you disable the nfdump systemd service and have the system fall back to the properly working using sysv init scriptscripts, combined with the nfdump init script that was shipped with opFlow (which is available as /usr/local/omk/install/nfdump.init.d).

A symptom of that issue would be that nfcapd is running with data directory /var/cache/nfdump, is listening on a port that is neither 9995 nor your NETFLOW_PORT from /etc/default/nfdump, does not include the "-T all" argument to enable netflow extensions, and does not include the -t argument for data rotation.

...