-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathINSTALL.ubuntu
184 lines (149 loc) · 5.98 KB
/
INSTALL.ubuntu
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
# 2013-04-10
#
# This has been tested on ubuntu 12.04.2 LTS
# It should work well on most ubuntu or debian releases
#
# Note: even though this install script looks like it could do a full install in one
# swoop, there is no error checking! You should be running these commands one-at-a-time
# or in small batches.
####### installation ########
#
# If you haven't already, gunzip and untar the distribution and change into its root directory
#
cd ~
gunzip -c wvnetflow-1.07.tar.gz | tar -xf -
cd ~/wvnetflow-1.07
#
# Install prerequisite modules with apt-get
#
apt-get update
apt-get --assume-yes install apache2 rrdtool libnet-snmp-perl libnet-patricia-perl libnet-dns-perl libspreadsheet-writeexcel-perl libcflow-perl librrds-perl libgd-gd2-perl build-essential byacc libtool automake
apt-get --assume-yes install zlib1g-dev
apt-get --assume-yes install zlib-devel
# (one of the zlib lines will fail, depending on which ubuntu version you have)
#
# Install the flowd collector.
# Webview uses a fork of the flowd source with improvements for logging and sequence number handling
# (see http://code.google.com/r/cweinhold-flowd-sequence for more information).
#
cd ~/wvnetflow-1.07
wget http://iweb.dl.sourceforge.net/project/wvnetflow/flowd-sequence/cweinhold-flowd-sequence.tar.gz
gunzip -c cweinhold-flowd-sequence.tar.gz | tar -xf -
cd cweinhold-flowd-sequence
./configure
make install
mkdir -p /var/empty/dev
groupadd _flowd
useradd -g _flowd -c "flowd privsep" -d /var/empty _flowd
#
# Install flow-tools and Cflow.pm.
# This requires building from the flow-tools fork at https://code.google.com/p/flow-tools/.
# (the relative directory structure for the next few steps is very important!)
#
cd ~/wvnetflow-1.07
wget https://flow-tools.googlecode.com/files/flow-tools-0.68.5.1.tar.bz2
bzcat flow-tools-0.68.5.1.tar.bz2 | tar -xf -
cd flow-tools-0.68.5.1/
patch -p1 <../optional-accessories/flow-tools-patches/patch.flow-tools.scan-and-hash
./configure
make
make install
#
# Set up rsyslogd -- first, add socket listener for flowd chroot log file:
#
sed -i.bak -e '/GLOBAL DIRECTIVES/i $AddUnixListenSocket /var/empty/dev/log\n' /etc/rsyslog.conf
#
# Set up rsyslogd -- second, add a /etc/rsyslog.d conf file sending flowd data to /var/log/flowd
#
cat <<EOT >/etc/rsyslog.d/40-flowd.conf
# set file permissions
\$umask 0000
\$FileCreateMode 0644
# log daemon traffic from flowd to its own file
:programname, isequal, "flowd" /var/log/flowd
:programname, isequal, "flowd" ~
EOT
#
# Set up rsyslogd -- lastly, restart the service
#
service rsyslog restart
#
# create directories and install files
#
cd ~/wvnetflow-1.07
mkdir -p /opt/netflow/tmp /opt/netflow/data /opt/netflow/cache /opt/netflow/capture /usr/local/webview
cp -Rp flowage www utils /usr/local/webview
cp etc/webview.conf /etc
chmod 777 /usr/local/webview/www/flow/graphs
#
# set up flowd init script
#
cd ~/wvnetflow-1.07
cp etc/flowd-2055.conf /usr/local/etc/
cp etc/init.d/flowd-ubuntu /etc/init.d/flowd
chmod 755 /etc/init.d/flowd
ln -s /etc/init.d/flowd /etc/init.d/flowd-2055
update-rc.d flowd-2055 defaults
service flowd-2055 start
# (Note that multiple flowd init scripts and config files can coexist. The
# "-number" is the port number of the listener. It's good form to use a different
# listener port for each type of collection -- e.g., MPLS WAN routers might use
# port 2055, while outside internet routers could use 2056 and data center
# switches could use 2057).
#
# modify crontab
#
crontab -l > /tmp/newcron
cat <<EOT >>/tmp/newcron
# every hour, keep the capture directory within bounds. This script logs to /var/log/flow-expire.log
0 * * * * /usr/local/webview/utils/flow-expire-perl -E 10G -e 9000 -w /opt/netflow/capture/2055
# every 5 minutes, run flowd2ft to convert flowd capture into flow-tools format in the capture directory
*/5 * * * * /usr/local/webview/utils/flowd2ft 2055 >> /var/log/flowd2ft-2055.log 2>&1
# run flowage.pl every five minutes
# DISABLED RIGHT NOW; ENABLE LATER
#*/5 * * * * perl /usr/local/webview/flowage/flowage.pl > /tmp/flowage.stdout 2> /tmp/flowage.stderr
# expire exporter summary files after two weeks
0 0 * * * find /opt/netflow/capture -name 'summary-*' -mtime +14 -exec rm -f {} \;
# expire unused RRD files after 30 days
0 2 * * * find /opt/netflow/capture -name '*.rrd' -mtime +30 -exec rm -f {} \;
15 2 * * * find /opt/netflow/capture -depth -type d -empty -exec rmdir {} \;
# every 15 minutes, run monFlows.pl to check on the health of the flowage processes
# DISABLED RIGHT NOW; ENABLE LATER
#*/15 * * * * /usr/local/webview/flowage/monitor/monFlows.pl >> /var/log/monFlows.log 2>&1
# every monday, archive the various log files (you can instead use logrotate
0 0 1 * * /usr/local/bin/sudo mv -f /var/log/flow-expire.log /var/log/flow-expire.old
0 0 1 * * /usr/local/bin/sudo mv -f /var/log/flowd2ft-2055.log /var/log/flowd2ft-2055.old
0 0 1 * * /usr/local/bin/sudo mv -f /var/log/monFlows.log /var/log/monFlows.old
EOT
crontab /tmp/newcron
#
# set up web server
#
sed -i.bak -e'/<\/VirtualHost>/ i\
Alias /webview "/usr/local/webview/www"\
\
<Directory /usr/local/webview/www>\
Options Indexes Includes FollowSymLinks ExecCGI\
order allow,deny\
SetEnv no-gzip 1\
allow from all\
</Directory>\
\
AddHandler cgi-script .cgi\
' /etc/apache2/sites-available/default
service apache2 restart
####### validation steps ########
# check if flowd is running
ps -fC flowd
# check that flows are being received
ls -lR /dev/shm/
# check that flow files are being moved to the capture directory
ls -lR /opt/netflow/capture/
# make sure web server is running
service apache2 status
# once you're sure you have flow data in the capture directory, run one of the web scripts
wget -O - 'http://127.0.0.1/webview/flow/adhoc.cgi?quiet=1&test=1&output=ascii'
# if that looks works (you see some IP addresses in the output), run flowage once from the CLI
/usr/local/webview/flowage/flowage.pl
# if that looks good (you see flow files being processed and rrd files be created), then uncomment
# the */5 flowage crontab entry and you're all set!