...
After installation you may need/want to change the directories that flows are stored in, the ports the flows are coming in on, etc. Please read the sections below for more.
nfdump
nfdump uses, /etc/init.d/nfdump, e.g. service nfdump stop|stop|restart
...
Code Block |
---|
# non-standard config settings for nfdump # used by opFlow 2.99.2 DATA_BASE_DIR=/data/opflow NETFLOW_PORT=12345 |
Additional required steps If your OS is Debian or Ubuntu, and you are using systemd:
The most recent nfdump packages in Debian come with a problematic systemd service file (see bug Debian Bug 843602) which completely ignores /etc/default/nfdump.
Until that is resolved, we recommend that you disable the nfdump systemd service and have the system fall back to the properly working sysv init script, combined with the nfdump init script that was shipped with opFlow.
A symptom of that issue would be that nfcapd
is running with data directory /var/cache/nfdump
, is listening on a port that is neither 9995 nor your NETFLOW_PORT from /etc/default/nfdump, does not include the "-T all
" argument to enable netflow extensions, and does not include the -t
argument for data rotation.
Code Block |
---|
ps ax|fgrep nfcapd
# good: that one honours custom settings as it should
1583 ? S 0:47 /usr/bin/nfcapd -D -T all -l /data/opflow -t 120 -P /var/run/nfcapd.pid -p 12345
# BAD: that's an nfcapd with undesireable hardcoded arguments
1257 ? S 0:00 /usr/bin/nfcapd -D -l /var/cache/nfdump -P /var/run/nfcapd.pid -p 2055
|
The forced switch to SysV init script can be made by running the following commands as root
(ie. under sudo bash
or the like):
Code Block |
---|
service nfdump stop
dpkg-divert --rename --divert /lib/systemd/system/nfdump.service.disabled --add /lib/systemd/system/nfdump.service
rm -f /etc/systemd/system/nfdump.service /etc/systemd/system/multi-user.target.wants/nfdump.service
systemctl daemon-reload
# note that this will only work fully if you use the nfdump init script from /usr/local/omk/install/nfdump.init.d!
service nfdump start |
opCommon
The following changes can be made in the opCommon config file /usr/local/omk/conf/opCommon.nmis
opflowd/ndfump
It is important that the <opflow_dir> in opCommon.nmis matches the DATA_BASE_DIR in the nfdump configuration
Code Block |
---|
'<opflow_dir>' => '/data/opflow', # or '/var/lib/nfdump' to match the default shipping config |
opCharts/NMIS integration
Linking with opCharts/NMIS can be done in two ways.
Local NMIS integration
If the config setting 'opflow_opcharts_url_base' is left blank, opFlow will attempt to load node information from a local NMIS server found at 'nmis_dir' => '/usr/local/nmis8'
Remote NMIS/opCharts integration
Remote integration requires settting 3 config items, these are used so the opFlow server can access an opCharts server. When this is working the GUI will show ifDescr and Descriptions in the agent selector, and when filtering on an agent/interface will display the interface info panel.
...
Code Block |
---|
# NOTE: no trailing slash 'opflow_opcharts_url_base' => "http://localhost:8042", # base for omk 'opflow_opcharts_user' => "nmis", # needs ro-access 'opflow_opcharts_password' => "nm1888", |
High volume settings
There are two high volume controls for opFlow, one for the backend and one for the frontend.
...
opflow_gui_high_flow_volume will force the GUI to show a simplified/optimized index page, it can also be viewed by setting ?simple=1 on the index page, it is enabled by default.
Graph display settings
The graph that show flows over time can display 2 modes: the default shows the number of octets/packets in the current time slice, the second mode makes the graph display the data in octets/second or packets/second. To enable the second mode change the following config variable to 1:
Code Block |
---|
'opflow_gui_graph_over_time_per_sec' => 1 |
Restart the daemons
After making changes to the config make sure to restart all opFlow daemons.
Code Block |
---|
service nfdump restart service omkd restart service opflowd restart |
Configuring your Flow exporters
A basic router configuration guide for exporing flow data is available here.
DNS
opFlow attempts to resolve all ip address so DNS settings must be correct. Be sure to verify that DNS settings are appropriate:
...