Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »


Before you begin

Prerequisites

  • NMIS installed on the same server that opFlow is being installed (NMIS version >=8.5.6G).
  • The individual performing this installation has a small bit of Linux experience.
  • Root access is available.

  • Internet access is required for installing any missing but required software packages.
  • opFlow License (evaluation available here).

Preparation

Installation Steps

Transfer the opCharts tarball onto the server in question, either by direct download from the Opmantek website, or from your desktop with scp or sftp or a similar file transfer tool.
Make a record of where you put the tarball (root's home directory or /tmp are good locations).

  • Start the interactive installer and follow its instructions:

    sudo sh
    ./opFlow-Linux-x86_64-3.0.2.run
    
    ++++++++++++++++++++++++++++++++++++++++++++++++++++++
    opFlow (3.0.2) Installation script
    ++++++++++++++++++++++++++++++++++++++++++++++++++++++
    
    This installer will install opFlow into /usr/local/omk.
    To select a different installation location please rerun the 
    installer with the -t option.
    ...
  • The installer will interactively guide you through the steps of installing opFlow. Please make sure to read the on-screen prompts carefully.
  • When the installer finishes, opFlow is installed into /usr/local/omk, and the default configuration files are in /usr/local/omk/conf, ready for your initial config adjustments.
  • A detailed log of the installation process is saved as /usr/local/omk/install.log, and subsequent upgrades or installations of other Opmantek products will add to that logfile.
  • For detailed information about the interactive installer please check the Opmantek Installer page.

Initial Configuration

After installation you may need/want to change the directories that flows are stored in, the ports the flows are coming in on, etc.  Please read the sections below for more.

nfdump

nfdump uses, /etc/init.d/nfdump, e.g. service nfdump stop|stop|restart

To override configuation use /etc/sysconfig/nfdump (RH/CentOS) or /etc/default/nfdump (Debian/Ubuntu/etc).

This just needs to contain the changes you want, the init script (/etc/init.d/nfdump) has the following defaults. 

# best way to configure these is via /etc/default/nfdump or /etc/sysconfig/nfdump,
# DATA_BASE_DIR needs to be the same as "<opflow_dir>" in opCommon.nmis
DATA_BASE_DIR="/var/lib/nfdump"
DATA_ROTATE_INTERVAL=300
NETFLOW_PORT=9995
PIDFILE=/var/run/$NAME.pid

So to change port and directory

# non-standard config settings for nfdump
# used by opFlow 2.99.2
DATA_BASE_DIR=/data/opflow
NETFLOW_PORT=12345

Additional required steps If your OS is Debian or Ubuntu, and you are using systemd:

The most recent nfdump packages in Debian come with a problematic systemd service file (see bug Debian Bug 843602) which completely ignores /etc/default/nfdump.
Until that is resolved, we recommend that you disable the nfdump systemd service and have the system fall back to the properly working sysv init script, combined with the nfdump init script that was shipped with opFlow.

A symptom of that issue would be that nfcapd is running with data directory /var/cache/nfdump, is listening on a port that is neither 9995 nor your NETFLOW_PORT from /etc/default/nfdump, does not include the "-T all" argument to enable netflow extensions, and does not include the -t argument for data rotation.

ps ax|fgrep nfcapd
# good: that one honours custom settings as it should
1583 ?        S      0:47 /usr/bin/nfcapd -D -T all -l /data/opflow -t 120 -P /var/run/nfcapd.pid -p 12345
# BAD: that's an nfcapd with undesireable hardcoded arguments
1257 ?        S      0:00 /usr/bin/nfcapd -D -l /var/cache/nfdump -P /var/run/nfcapd.pid -p 2055

The forced switch to SysV init script can be made  by running the following commands as root (ie. under sudo bash or the like):

service nfdump stop
dpkg-divert --rename --divert /lib/systemd/system/nfdump.service.disabled --add /lib/systemd/system/nfdump.service
rm -f /etc/systemd/system/nfdump.service /etc/systemd/system/multi-user.target.wants/nfdump.service
systemctl daemon-reload
# note that this will only work fully if you use the nfdump init script from /usr/local/omk/install/nfdump.init.d!
service nfdump start

 

opCommon

The following changes can be made in the opCommon config file /usr/local/omk/conf/opCommon.nmis

opflowd/ndfump

It is important that the <opflow_dir> in opCommon.nmis matches the DATA_BASE_DIR in the nfdump configuration

    '<opflow_dir>' => '/data/opflow', # or '/var/lib/nfdump' to match the default shipping config

opCharts/NMIS integration

NMIS integration enables the resolution of Interface indexes to Interface Names.  The association to an NMIS node enables opFlow to look up the interface indexes which the traffic is flowing to and from.  Note the agents are a list of the IP addresses from which flows are received.  The System -> Manage Agents function enables you to associate that agent IP with an actual node in NMIS.  Associating to an NMIS node enables opFlow to look up the interface indexes which the traffic is flowing to and from.  You MUST tell opFlow which IP address is which Node Name for this process to work

Linking with opCharts/NMIS can be done to an NMIS instance on the same server (Local) or can integrate to a remote instance of opCharts.  The server (local or remote) must not be a master instance it must be a normal poller/slave instance.

Local NMIS integration

If the config setting 'opflow_opcharts_url_base' is left blank, opFlow will attempt to load node information from a local NMIS server found at 'nmis_dir' => '/usr/local/nmis8'

Remote NMIS/opCharts integration

Remote integration requires settting 3 config items, these are used so the opFlow server can access an opCharts server.  When this is working the GUI will show ifDescr and Descriptions in the agent selector, and when filtering on an agent/interface will display the interface info panel.  

The two servers must have the same value for <omk_url_base> (which is not often changed)

# NOTE: no trailing slash
'opflow_opcharts_url_base' => "http://localhost:8042", # base for omk
'opflow_opcharts_user' => "nmis",      # needs ro-access
'opflow_opcharts_password' => "nm1888",

High volume settings

There are two high volume controls for opFlow, one for the backend and one for the frontend.  

'opflow_high_volume' => 1,
'opflow_gui_high_flow_volume' => 1,

opflow_high_volume will cause opflowd to insert pre-aggregated flows if set, raw flows if not.  Currently the GUI has no way of displaying raw flows so this is enabled by default.

opflow_gui_high_flow_volume will force the GUI to show a simplified/optimized index page, it can also be viewed by setting ?simple=1 on the index page, it is enabled by default.

Graph display settings

The graph that show flows over time can display 2 modes: the default shows the number of octets/packets in the current time slice, the second mode makes the graph display the data in octets/second or packets/second.  To enable the second mode change the following config variable to 1:

'opflow_gui_graph_over_time_per_sec' => 1

Restart the daemons

After making changes to the config make sure to restart all opFlow daemons.

service nfdump restart
service omkd restart
service opflowd restart

Configuring your Flow exporters

A basic router configuration guide for exporing flow data is available here.

DNS

opFlow attempts to resolve all ip address so DNS settings must be correct. Be sure to verify that DNS settings are appropriate:

cat /etc/resolv.conf
# verify the  listed nameservers and search order works, 
# using dig, nslookup or host
  • No labels