Before you begin
Prerequisites
- NMIS installed on the same server that opFlow is being installed (NMIS version >=8.5.6G).
- The individual performing this installation has a small bit of Linux experience.
Root access is available.
- Internet access is required for installing any missing but required software packages.
- opFlow License (evaluation available here).
Preparation
- If you do not yet have a working installation of NMIS in your server, please follow the procedure in the NMIS 8 Installation Guide.
- Download opFlow from the Opmantek website.
- If you have opFlow 2.X installed please see the upgrade documentation
Installation Steps
Transfer the opCharts tarball onto the server in question, either by direct download from the Opmantek website, or from your desktop with scp
or sftp
or a similar file transfer tool.
Make a record of where you put the tarball (root
's home directory or /tmp are good locations).
Start the interactive installer and follow its instructions:
sudo sh ./opFlow-Linux-x86_64-3.0.2.run ++++++++++++++++++++++++++++++++++++++++++++++++++++++ opFlow (3.0.2) Installation script ++++++++++++++++++++++++++++++++++++++++++++++++++++++ This installer will install opFlow into /usr/local/omk. To select a different installation location please rerun the installer with the -t option. ...
- The installer will interactively guide you through the steps of installing opFlow. Please make sure to read the on-screen prompts carefully.
- When the installer finishes, opFlow is installed into
/usr/local/omk
, and the default configuration files are in/usr/local/omk/conf
, ready for your initial config adjustments. - A detailed log of the installation process is saved as
/usr/local/omk/install.log
, and subsequent upgrades or installations of other Opmantek products will add to that logfile. - For detailed information about the interactive installer please check the Opmantek Installer page.
Initial Configuration
After installation you may need/want to change the directories that flows are stored in, the ports the flows are coming in on, etc. Please read the sections below for more.
nfdump
nfdump uses, /etc/init.d/nfdump, e.g. service nfdump stop|stop|restart
To override configuation use /etc/sysconfig/nfdump (RH/CentOS) or /etc/default/nfdump (Debian/Ubuntu/etc).
This just needs to contain the changes you want, the init script (/etc/init.d/nfdump) has the following defaults.
# best way to configure these is via /etc/default/nfdump or /etc/sysconfig/nfdump, # DATA_BASE_DIR needs to be the same as "<opflow_dir>" in opCommon.nmis DATA_BASE_DIR="/var/lib/nfdump" DATA_ROTATE_INTERVAL=300 NETFLOW_PORT=9995 PIDFILE=/var/run/$NAME.pid
So to change port and directory
# non-standard config settings for nfdump # used by opFlow 2.99.2 DATA_BASE_DIR=/data/opflow NETFLOW_PORT=12345
opCommon
The following changes can be made in the opCommon config file /usr/local/omk/conf/opCommon.nmis
opflowd/ndfump
It is important that the <opflow_dir> in opCommon.nmis matches the DATA_BASE_DIR in the nfdump configuration
'<opflow_dir>' => '/data/opflow', # or '/var/lib/nfdump' to match the default shipping config
opCharts integration
Linking with opCharts requires settting 3 config items, these are used so the opFlow server can access an opCharts server. When this is working the GUI will show ifDescr and Descriptions in the agent selector, and when filtering on an agent/interface will display the interface info panel.
The two servers must have the same value for <omk_url_base> (which is not often changed)
# NOTE: no trailing slash 'opflow_opcharts_url_base' => "http://localhost:8042", # base for omk 'opflow_opcharts_user' => "nmis", # needs ro-access 'opflow_opcharts_password' => "nm1888",
High volume settings
There are two high volume controls for opFlow, one for the backend and one for the frontend.
'opflow_high_volume' => 1, 'opflow_gui_high_flow_volume' => 1,
opflow_high_volume will cause opflowd to insert pre-aggregated flows if set, raw flows if not. Currently the GUI has no way of displaying raw flows so this is enabled by default.
opflow_gui_high_flow_volume will force the GUI to show a simplified/optimized index page, it can also be viewed by setting ?simple=1 on the index page, it is enabled by default.
Restart the daemons
After making changes to the config make sure to restart all opFlow daemons.
service nfdump restart service omkd restart service opflowd restart
DNS
opFlow attempts to resolve all ip address so DNS settings must be correct. Be sure to verify that DNS settings are appropriate:
cat /etc/resolv.conf # note: remove /etc/resolv.conf iff dhcp is fully functional.