Welcome, Guest. Please login or register.

Author Topic: How to Setup Sflow and NFdump  (Read 521 times)

MissouriSpartan

  • Newbie
  • *
  • Posts: 13
    • View Profile
How to Setup Sflow and NFdump
« on: May 04, 2017, 07:14:17 PM »
Hi,

I wasn't sure which topic thread to post this under, I hope I got the right one!!! We are using NeDi Plus and would like to make use of the Nodes-Traffic module. However, I'm new to setting up NFdump and Sflow (we use HP Procurve switches). Would someone be able to give me some pointers on how to get this setup on the server? I'm pretty confident with the syntax on pointing Sflow on the switch side. Just need to know how to set this up server-side for NeDi.

Cheers!!  :)

Missouri Spartan

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2528
    • View Profile
    • NeDi
Re: How to Setup Sflow and NFdump
« Reply #1 on: May 06, 2017, 01:46:02 PM »
On a shell in the nedi folder do "perldoc flowi.pl". It briefly describes how to setup the whole thing. Contact me, if you want me to help you remotely...
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

MissouriSpartan

  • Newbie
  • *
  • Posts: 13
    • View Profile
Re: How to Setup Sflow and NFdump
« Reply #2 on: May 09, 2017, 09:23:15 PM »
Hi, Rickli,

I checked that out, and even tried running the pl script directly "./flowi.pl" but to no avail. I get the following error:

stat() error '/var/nfdump//nfcapd.201705091415': File not found!


Any ideas?

harry

  • Full Member
  • ***
  • Posts: 125
    • View Profile
Re: How to Setup Sflow and NFdump
« Reply #3 on: May 10, 2017, 06:22:25 AM »
HI
Could you please check if nfdump is installed? if yes...
Then you have to set  a polling  of flow data from device specifying the port in your system to collect data ans store it  in /var/nfdump directory.
if you see data being collected for a specified time in to that directory than you run the flow.pl in crontab.

I hope this will help.

RE
Harry.

MissouriSpartan

  • Newbie
  • *
  • Posts: 13
    • View Profile
Re: How to Setup Sflow and NFdump
« Reply #4 on: May 10, 2017, 05:13:40 PM »
Ok. I got it figured out and setup, but now my NFcap is lighting up with red error text:


"Ident: none, Error reading netflow header: Unexpected netflow version 0"

Any ideas?

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2528
    • View Profile
    • NeDi
Re: How to Setup Sflow and NFdump
« Reply #5 on: May 14, 2017, 01:46:48 PM »
HP supports sflow only. This means you need to run sfcapd not nfcapd...
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

MissouriSpartan

  • Newbie
  • *
  • Posts: 13
    • View Profile
Re: How to Setup Sflow and NFdump
« Reply #6 on: May 15, 2017, 02:18:43 PM »
Ok. I'm trying to figure out how to get nfDump to utilize the sfcapd. I'm sure I've got it installed, but it defaults to the nfcapd when I start the service. Is this something as simple as a .conf file config?

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2528
    • View Profile
    • NeDi
Re: How to Setup Sflow and NFdump
« Reply #7 on: May 15, 2017, 03:06:28 PM »
This really depends on what the nfdump package maintainer did. If you can execute sfcapd it's a good thing. If not you may have to compile your own. Perldoc flowi.pl yields all necessary information...
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

MissouriSpartan

  • Newbie
  • *
  • Posts: 13
    • View Profile
Re: How to Setup Sflow and NFdump
« Reply #8 on: May 15, 2017, 03:53:15 PM »
when I run sfcapd with the correct options (name,IP,path) here is the returned result:

"Add extension: 2 byte input/output interface index
Add extension: 4 byte input/output interface index
Add extension: 2 byte src/dst AS number
Add extension: 4 byte src/dst AS number
Add extension: 4 byte output bytes
Add extension: 8 byte output bytes
Add extension: NSEL Common block
Add extension: NSEL xlate ports
Add extension: NSEL xlate IPv4 addr
Add extension: NSEL xlate IPv6 addr
Add extension: NSEL ACL ingress/egress acl ID
Add extension: NSEL username
Add extension: NSEL max username
Add extension: NEL Common block"

Does that look right?  :-\  I'm a complete newbie to nfdump/nfsen/sflow/netflow. I'm learning this as I go, literally.
« Last Edit: May 15, 2017, 05:40:40 PM by MissouriSpartan »

harry

  • Full Member
  • ***
  • Posts: 125
    • View Profile
Re: How to Setup Sflow and NFdump
« Reply #9 on: May 16, 2017, 12:48:57 AM »
Yes, looks ok to me. Could you please check in your /var/nfdump folder if the device name folder is created or not.
if you are using this command "sfcapd -e -w -D -l /var/nfdump/device name/ -p 9002" it should work.
if yes then check with the folder if you have files in the folder.

if yes than you need to run the flowi.pl  and set the cron job.

regards,
-Harry.

MissouriSpartan

  • Newbie
  • *
  • Posts: 13
    • View Profile
Re: How to Setup Sflow and NFdump
« Reply #10 on: May 16, 2017, 02:09:59 PM »
This is the file I see in the device folder:

"nfcapd.current.24005"

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2528
    • View Profile
    • NeDi
Re: How to Setup Sflow and NFdump
« Reply #11 on: May 22, 2017, 08:11:24 PM »
That seems ok. Do you see the device listed in Nodes-Traffic? Verify nfdpath in nedi.conf, if not...
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

MissouriSpartan

  • Newbie
  • *
  • Posts: 13
    • View Profile
Re: How to Setup Sflow and NFdump
« Reply #12 on: May 23, 2017, 02:53:20 PM »
It's working!! Thanks again, gentlemen, for your help!! I didn't have my nfdump path setup correctly in NeDi.conf.  :-[