Slackware 12.0 - NetFlow notes ============================== Public domain ******************************************************************************** ### Sensor cd /usr/src/ wget http://www.mindrot.org/files/softflowd/softflowd-0.9.8.tar.gz tar -zxf softflowd-0.9.8.tar.gz cd softflowd-0.9.8 ./configure make make install softflowd -i eth0 -n 172.16.20.100:8818 echo "softflowd -i eth0 -n 172.16.20.100:8818" >> /etc/rc.d/rc.local softflowctl statistics softflowctl shutdown ******************************************************************************** ### Collector cd /usr/src wget ftp://ftp.eng.oar.net/pub/flow-tools/flow-tools-0.66.tar.gz tar -zxf flow-tools-0.66.tar.gz cd flow-tools-0.66 ./configure gmake (label at end of compound statement : added a ; to the labels on the line proceeding it.) gmake install mkdir /var/log/netflows/ mkdir /var/log/netflows/saved/ ******************************************************************************** ### /etc/rc.d/rc.local /usr/local/netflow/bin/flow-capture -p /var/run/flow-capture.pid -n 287 -N 0 -w /var/log/netflows/ -S 5 0/0/8818 ******************************************************************************** ### Reporter cd /usr/src/flow-tools-0.66/contrib tar -zxvf Cflow-1.051.tar.gz cd Cflow-1.051 perl Makefile.PL make make install cd /var/log/netflows/ flowdumper -s ft-v05.2007-09-04.184501+0330 | more ******************************************************************************** ### RRDTool cd /usr/src wget http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.2.23.tar.gz tar -zxf rrdtool-1.2.23.tar.gz cd rrdtool-1.2.23 ./configure --enable-shared --enable-perl-site-install make install site-perl-install cp -r /usr/local/rrdtool-1.2.23/lib/perl/5.8.8/i486-linux/* /usr/lib/perl5/site_perl/5.8.8/i486-linux/ ******************************************************************************** ### Boulder cd /usr/src wget http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Boulder-1.30.tar.gz tar -zxf Boulder-1.30.tar.gz cd Boulder-1.30 perl Makefile.PL make make test make install ******************************************************************************** ### Patricia cd /usr/src wget http://net.doit.wisc.edu/~plonka/Net-Patricia/Net-Patricia-1.014.tar.gz tar -zxf Net-Patricia-1.014.tar.gz cd Net-Patricia-1.014 perl Makefile.PL make make test make install ******************************************************************************** ### ConfigReader cd /usr/src wget http://search.cpan.org/CPAN/authors/id/A/AM/AMW/ConfigReader-0.5.tar.gz tar -zxvf ConfigReader-0.5.tar.gz cd ConfigReader-0.5 mkdir /usr/lib/perl5/site_perl/5.8.8/i486-linux/ConfigReader cp ConfigReader.pod /usr/lib/perl5/site_perl/5.8.8/i486-linux/ cp *.pm /usr/lib/perl5/site_perl/5.8.8/i486-linux/ConfigReader ******************************************************************************** ### HTML::Table cd /usr/src wget http://search.cpan.org/CPAN/authors/id/A/AJ/AJPEACOCK/HTML-Table-2.06.tar.gz tar -zxvf HTML-Table-2.06.tar.gz cd HTML-Table-2.06 perl Makefile.PL make make test make install ******************************************************************************** ### Grapher cd /usr/src wget http://net.doit.wisc.edu/~plonka/FlowScan/FlowScan-1.006.tar.gz tar -zxf FlowScan-1.006.tar.gz cd FlowScan-1.006 env RRDTOOL_PATH="/usr/local/rrdtool-1.2.23/bin" ./configure --prefix=/usr/local/flows make make -n install make install cd /usr/local/flows/bin cp FlowScan.pm FlowScan.pm.bak wget http://net.doit.wisc.edu/~plonka/list/flowscan/archive/att-0848/01-FlowScan.pm mv 01-FlowScan.pm FlowScan.pm chmod 755 FlowScan.pm cp /usr/src/FlowScan-1.006/cf/flowscan.cf . ******************************************************************************** ### flowscan.cf FlowFileGlob /var/log/netflows/ft-v*[0-9] ReportClasses CUFlow WaitSeconds 300 Verbose 1 ******************************************************************************** ### CUFlow cd /usr/src wget http://www.columbia.edu/acis/networks/advanced/CUFlow/CUFlow-1.7.tgz tar -zxvf CUFlow-1.7.tgz cd CUFlow-1.7 cp CUFlow.pm /usr/local/flows/bin/ cp CUFlow.cf /usr/local/flows/bin/ cp CUGrapher.pl /var/www/cgi-bin/ ******************************************************************************** ### /var/www/cgi-bin/CUGrapher.pl my $rrddir = "/var/log/cuflow"; my $organization = "Home Development Zone"; ******************************************************************************** ### Commands mkdir /var/log/cuflow/ mkdir -p /var/www/htdocs/data/scoreboard/ ******************************************************************************** ### /usr/local/flows/bin/CUFlow.cf Subnet 172.16.20.0/24 Network 172.16.20.0/24 HomeNetwork Network 172.16.20.2,172.16.20.254,172.16.20.10,172.16.20.100 MyPCs Network 172.16.20.2 FirewallRouter Network 172.16.20.254 WindowsBox Network 172.16.20.10 Storage Network 172.16.20.100 TestBox OutputDir /var/log/cuflow Scoreboard 10 /var/www/htdocs/data/scoreboard /var/www/htdocs/data/scoreboard/topten.html AggregateScore 10 /var/log/cuflow/agg.dat /var/www/htdocs/data/overall.html Router 172.16.20.2 HomeFW Service 20-21/tcp ftp Service 22/tcp ssh Service 23/tcp telnet Service 25/tcp smtp Service 53/udp,53/tcp dns Service 80/tcp http Service 110/tcp pop3 Service 119/tcp nntp Service 143/tcp imap Service 412/tcp,412/udp dc Service 443/tcp https Service 1214/tcp kazaa Service 4661-4662/tcp,4665/udp edonkey Service 5190/tcp aim Service 6346-6347/tcp gnutella Service 6665-6669/tcp irc Service 54320/tcp bo2k Service 7070/tcp,554/tcp,6970-7170/udp real Protocol 1 icmp Protocol 4 ipinip Protocol 6 tcp Protocol 17 udp Protocol 47 gre Protocol 50 esp Protocol 51 ah Protocol 57 skip Protocol 88 eigrp Protocol 169 Protocol 255 TOS 0 normal TOS 1-255 other #ASNumber 1 Genuity ******************************************************************************** ### Starting up /usr/local/flows/bin/flowscan > /dev/null 2>&1 & cp /usr/src/FlowScan-1.006/rc/linux/flowscan /etc/rc.d/rc.flowscan chmod 755 /etc/rc.d/rc.flowscan ******************************************************************************** ### /etc/rc.d/rc.flowscan bindir=/usr/local/flows/bin scandir=/usr/local/flows logfile=/usr/local/flows/flowscan.log user=root ******************************************************************************** ### /etc/rc.d/rc.local # Start flowscan if [ -x /etc/rc.d/rc.flowscan ] ; then /etc/rc.d/rc.flowscan start fi ******************************************************************************** ### Browse http://172.16.20.100/cgi-bin/CUGrapher.pl ******************************************************************************** ### Bookmarks [http://net.doit.wisc.edu/~plonka/FlowScan/](http://net.doit.wisc.edu/~plonka/FlowScan/) [http://www.mindrot.org/projects/softflowd/](http://www.mindrot.org/projects/softflowd/) [http://wwwstats.net.wisc.edu/](http://wwwstats.net.wisc.edu/) [http://www.eng.wiscnet.net/stats/](http://www.eng.wiscnet.net/stats/) [http://www.splintered.net/sw/flow-tools/](http://www.splintered.net/sw/flow-tools/) [http://www.onlamp.com/pub/a/bsd/2005/08/18/Big_Scary_Daemons.html](http://www.onlamp.com/pub/a/bsd/2005/08/18/Big_Scary_Daemons.html) [http://www.onlamp.com/pub/a/bsd/2005/09/15/Big_Scary_Daemons.html](http://www.onlamp.com/pub/a/bsd/2005/09/15/Big_Scary_Daemons.html) [http://net.doit.wisc.edu/~plonka/Cflow](http://net.doit.wisc.edu/~plonka/Cflow) ******************************************************************************** _BY: Pejman Moghadam_ _TAG: netflow, rrdtool_ _DATE: 2007-09-05 23:49:45_