...
After installation you may need/want to change the directories that flows are stored in, the ports the flows are coming in on, etc. Please read the sections below for more.
nfdump
On most platforms nfdump uses , the classic init script /etc/init.d/nfdump, normally accessed via the service
helper, e.g. service nfdump stop
|stop|restart
To override configuation use /etc/sysconfig/nfdump (RH/CentOS) or /etc/default/nfdump (Debian/Ubuntu/etc).
This just needs to contain the changes you want, the init script (/etc/init.d/nfdump) has the following defaults. or start
.
The init script contains defaults for the most essential options for the nfdump
/nfcapd
programs.
It is recommended that you do not modify this init script, as upgraded nfdump packages may very well replace it.
Instead you should make use of the corret override file for your platform, and add values for (only) those options that you want to change. On CentOS/RedHat, you need to create or modify /etc/sysconfig/nfdump
, on Debian/Ubuntu the correct file is /etc/default/nfdump
. Please note that this override file wins over the defaults that the init script sets.
Here is a list of the defaults as provided by the init script:
Code Block |
---|
# best way to configure these is via /etc/default/nfdump or /etc/sysconfig/nfdump, # DATA_BASE_DIR needs to be the same as "<opflow_dir>" in opCommon.nmis DATA_BASE_DIR="/var/lib/nfdump" DATA_ROTATE_INTERVAL=300 NETFLOW_PORT=9995 PIDFILE=/var/run/$NAME.pid |
So To to change port and spool directory to your preferred settings, edit /etc/sysconfig/nfdump
rsp. /etc/default/nfdump
so that it contains the following entries:
Code Block |
---|
# non-standard config settings for nfdump # this directory was used by opFlow 2.99.2X DATA_BASE_DIR=/data/opflow NETFLOW_PORT=12345 |
When that's done, you need to restart the nfdump
service to activate your configuration: sudo service nfdump restart
.
Additional required steps If your OS is Debian or Ubuntu, and you are using systemd:
The most recent nfdump packages in Debian come with a problematic systemd service file (see bug Debian Bug 843602) which completely ignores /etc/default/nfdump.
Until that is resolved, we recommend that you disable the nfdump systemd service and have the system fall back to the properly working using sysv init scriptscripts, combined with the nfdump init script that was shipped with opFlow (which is available as /usr/local/omk/install/nfdump.init.d
).
A symptom of that issue would be that nfcapd
is running with data directory /var/cache/nfdump
, is listening on a port that is neither 9995 nor your NETFLOW_PORT from /etc/default/nfdump, does not include the "-T all
" argument to enable netflow extensions, and does not include the -t
argument for data rotation.
...