Pejman Moghadam / Slackware

Slackware 12.0 - NetFlow notes

Public domain


Sensor

cd /usr/src/
wget http://www.mindrot.org/files/softflowd/softflowd-0.9.8.tar.gz
tar -zxf softflowd-0.9.8.tar.gz
cd softflowd-0.9.8
./configure
make
make install
softflowd -i eth0 -n 172.16.20.100:8818
echo "softflowd -i eth0 -n 172.16.20.100:8818" >> /etc/rc.d/rc.local
softflowctl statistics
softflowctl shutdown

Collector

cd /usr/src
wget ftp://ftp.eng.oar.net/pub/flow-tools/flow-tools-0.66.tar.gz
tar -zxf flow-tools-0.66.tar.gz
cd flow-tools-0.66
./configure
gmake

(label at end of compound statement : added a ; to the labels on the line proceeding it.)

gmake install
mkdir /var/log/netflows/
mkdir /var/log/netflows/saved/

/etc/rc.d/rc.local

/usr/local/netflow/bin/flow-capture -p /var/run/flow-capture.pid -n 287 -N 0 -w /var/log/netflows/ -S 5 0/0/8818

Reporter

cd /usr/src/flow-tools-0.66/contrib
tar -zxvf Cflow-1.051.tar.gz
cd Cflow-1.051
perl Makefile.PL
make
make install
cd /var/log/netflows/
flowdumper -s ft-v05.2007-09-04.184501+0330 | more

RRDTool

cd /usr/src
wget http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.2.23.tar.gz
tar -zxf rrdtool-1.2.23.tar.gz
cd rrdtool-1.2.23
./configure --enable-shared --enable-perl-site-install
make install site-perl-install
cp -r /usr/local/rrdtool-1.2.23/lib/perl/5.8.8/i486-linux/* /usr/lib/perl5/site_perl/5.8.8/i486-linux/

Boulder

cd /usr/src
wget http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Boulder-1.30.tar.gz
tar -zxf Boulder-1.30.tar.gz
cd Boulder-1.30
perl Makefile.PL
make
make test
make install

Patricia

cd /usr/src
wget http://net.doit.wisc.edu/~plonka/Net-Patricia/Net-Patricia-1.014.tar.gz
tar -zxf Net-Patricia-1.014.tar.gz
cd Net-Patricia-1.014
perl Makefile.PL
make
make test
make install

ConfigReader

cd /usr/src
wget http://search.cpan.org/CPAN/authors/id/A/AM/AMW/ConfigReader-0.5.tar.gz
tar -zxvf ConfigReader-0.5.tar.gz
cd ConfigReader-0.5
mkdir /usr/lib/perl5/site_perl/5.8.8/i486-linux/ConfigReader
cp ConfigReader.pod /usr/lib/perl5/site_perl/5.8.8/i486-linux/
cp *.pm /usr/lib/perl5/site_perl/5.8.8/i486-linux/ConfigReader

HTML::Table

cd /usr/src
wget http://search.cpan.org/CPAN/authors/id/A/AJ/AJPEACOCK/HTML-Table-2.06.tar.gz
tar -zxvf HTML-Table-2.06.tar.gz
cd HTML-Table-2.06
perl Makefile.PL
make
make test
make install

Grapher

cd /usr/src
wget http://net.doit.wisc.edu/~plonka/FlowScan/FlowScan-1.006.tar.gz
tar -zxf FlowScan-1.006.tar.gz
cd FlowScan-1.006
env RRDTOOL_PATH="/usr/local/rrdtool-1.2.23/bin" ./configure  --prefix=/usr/local/flows
make
make -n install
make install
cd /usr/local/flows/bin
cp FlowScan.pm FlowScan.pm.bak
wget http://net.doit.wisc.edu/~plonka/list/flowscan/archive/att-0848/01-FlowScan.pm
mv 01-FlowScan.pm FlowScan.pm
chmod 755 FlowScan.pm
cp /usr/src/FlowScan-1.006/cf/flowscan.cf .

flowscan.cf

FlowFileGlob /var/log/netflows/ft-v*[0-9]
ReportClasses CUFlow
WaitSeconds 300
Verbose 1

CUFlow

cd /usr/src
wget http://www.columbia.edu/acis/networks/advanced/CUFlow/CUFlow-1.7.tgz
tar -zxvf CUFlow-1.7.tgz
cd CUFlow-1.7
cp CUFlow.pm /usr/local/flows/bin/
cp CUFlow.cf /usr/local/flows/bin/
cp CUGrapher.pl /var/www/cgi-bin/

/var/www/cgi-bin/CUGrapher.pl

my $rrddir = "/var/log/cuflow";
my $organization = "Home Development Zone";

Commands

mkdir /var/log/cuflow/
mkdir -p /var/www/htdocs/data/scoreboard/

/usr/local/flows/bin/CUFlow.cf

Subnet 172.16.20.0/24
Network 172.16.20.0/24                                        HomeNetwork
Network 172.16.20.2,172.16.20.254,172.16.20.10,172.16.20.100  MyPCs
Network 172.16.20.2                                           FirewallRouter
Network 172.16.20.254                                         WindowsBox
Network 172.16.20.10                                          Storage
Network 172.16.20.100                                         TestBox
OutputDir /var/log/cuflow
Scoreboard 10 /var/www/htdocs/data/scoreboard /var/www/htdocs/data/scoreboard/topten.html
AggregateScore 10 /var/log/cuflow/agg.dat /var/www/htdocs/data/overall.html
Router 172.16.20.2 HomeFW
Service 20-21/tcp ftp
Service 22/tcp ssh
Service 23/tcp telnet
Service 25/tcp smtp
Service 53/udp,53/tcp dns
Service 80/tcp http
Service 110/tcp pop3
Service 119/tcp nntp
Service 143/tcp imap
Service 412/tcp,412/udp dc
Service 443/tcp https
Service 1214/tcp kazaa
Service 4661-4662/tcp,4665/udp edonkey
Service 5190/tcp aim
Service 6346-6347/tcp gnutella
Service 6665-6669/tcp irc
Service 54320/tcp bo2k
Service 7070/tcp,554/tcp,6970-7170/udp real
Protocol 1 icmp
Protocol 4 ipinip
Protocol 6 tcp
Protocol 17 udp
Protocol 47 gre
Protocol 50 esp
Protocol 51 ah
Protocol 57 skip
Protocol 88 eigrp
Protocol 169
Protocol 255
TOS 0 normal
TOS 1-255 other
#ASNumber 1 Genuity

Starting up

/usr/local/flows/bin/flowscan > /dev/null 2>&1 &
cp /usr/src/FlowScan-1.006/rc/linux/flowscan /etc/rc.d/rc.flowscan
chmod 755 /etc/rc.d/rc.flowscan

/etc/rc.d/rc.flowscan

bindir=/usr/local/flows/bin
scandir=/usr/local/flows
logfile=/usr/local/flows/flowscan.log
user=root

/etc/rc.d/rc.local

# Start flowscan
if [ -x /etc/rc.d/rc.flowscan ] ; then
  /etc/rc.d/rc.flowscan start
fi

Browse

http://172.16.20.100/cgi-bin/CUGrapher.pl


Bookmarks

http://net.doit.wisc.edu/~plonka/FlowScan/
http://www.mindrot.org/projects/softflowd/
http://wwwstats.net.wisc.edu/
http://www.eng.wiscnet.net/stats/
http://www.splintered.net/sw/flow-tools/
http://www.onlamp.com/pub/a/bsd/2005/08/18/BigScaryDaemons.html
http://www.onlamp.com/pub/a/bsd/2005/09/15/BigScaryDaemons.html
http://net.doit.wisc.edu/~plonka/Cflow


BY: Pejman Moghadam
TAG: netflow, rrdtool
DATE: 2007-09-05 23:49:45


Pejman Moghadam / Slackware [ TXT ]