On Fri, Oct 10, 2014 at 05:46:40PM +0000, Steven Surdock wrote:
> Not chrooted. Flow records are being updated and stored correctly. The
> RRD and associated PNGs aren't being updated. I can still use the rrd
> generated images to look at flows. I've never gotten PortTracker working
> as it says it segfault in the log.
I've never used PortTracker, as I do not have sufficient capacity on the
nfsen collector. It is described as experimental, also.
I am running a very simple configuration, collecting flows from two
firewalls. The webserver is chrooted nginx, so my database is
inside /var/www with a symbolic link in /var/db, as directed by the nfsen
pkg-readme.
Here's my nfsen.conf, with comments removed
$BASEDIR = "/usr/local";
$BINDIR="${BASEDIR}/bin";
$LIBEXECDIR="${BASEDIR}/libdata/perl5/site_perl/NfSen";
$CONFDIR="/etc";
$HTMLDIR = "/var/www/htdocs/nfsen";
$DOCDIR="${BASEDIR}/share/doc/nfsen";
$VARDIR="/var/db/nfsen";
$PROFILESTATDIR="${VARDIR}/profiles-stat";
$PROFILEDATADIR="${VARDIR}/profiles-data";
$BACKEND_PLUGINDIR="${BASEDIR}/lib/nfsen/plugins";
$FRONTEND_PLUGINDIR="${HTMLDIR}/plugins";
$PREFIX = '/usr/local/bin';
$USER = "_nfcapd";
$WWWUSER = "www";
$WWWGROUP = "www";
$BUFFLEN = 200000;
$SUBDIRLAYOUT = 1;
$ZIPcollected = 1;
$ZIPprofiles = 1;
$PROFILERS = 2;
$DISKLIMIT = 98;
$PROFILERS = 6;
%sources = (
);
$low_water = 90;
$syslog_facility = 'local3';
@plugins = (
);
%PluginConf = (
demoplugin => {
param2 => 42,
param1 => { 'key' => 'value' },
},
otherplugin => [
'mary had a little lamb'
],
);
$MAIL_FROM = '[email protected]';
$SMTP_SERVER = 'localhost';
$MAIL_BODY = q{
Alert '@alert@' triggered at timeslot @timeslot@
};
1;
