Hello Brian,
We run it in a similar configuration:
Server_1 - Analyzer (running NfSen, httpd/Apache, and NFS)
You can start nfsen with no collector by setting the port for that
particular source to 0:
'source1' => { 'port' => '0', 'col' => '#cc00ff', 'type' => 'netflow' },
This way NfSen does not attempt to start a collection daemon for this
source.
Server_2 - Collector (running nfcapd only)
Here is how we start the collection daemons:
nfcapd -w -e -D -I source1 -p 9998 -u apache -g apache -B 200000 -l
/data/netflow/live/source1 -P /var/run/netflow/source1.pid
nfcapd -w -e -D -I source2 -p 9999 -u apache -g apache -B 200000 -l
/data/netflow/live/source2 -P /var/run/netflow/source2.pid
"/data" is an NFS share on the Analyzer
You have to set the permissions so it is accessible by the user the
collection daemon is running as (apache in our case). That is because
NfSen on the Analyzer is also running as apache.
You can also split the NFS from the Analyzer by adding a third
server(NFS) or a NAS in the picture. You just have to mount the share on
both the collector and the analyzer and to make sure they both have
read/write.
In our config, once in a while (very very rare), due to locking issues
NfSen is not able to update the size for the live profile potentially
filling the whole disk. In this case we usually stop NfSen and the
collectors, re-mount the shares, delete the stat files and then restart
NfSen and the Collectors.
Here is the little script we use to clean up the stats:
cat /cleanstats
#!/bin/bash
for i in $(ls /data/netflow/live/)
do
rm -f /data/netflow/live/$i/.nfstat
# echo "/data/netflow/live/$i/.nfstat"
done
This will force NfSen to recalculate the profile size.
Another caveat is when adding new sources to let NfSen create the
directory structure. Do NOT manually add the directory for the new
source as /data/netflow/live/new_source. In my opinion the best way for
adding new sources is:
- stop nfsen (nfsen stop)
- add the new source in /nfsen/etc/nfsen.conf
- reconfig nfsen (nfsen reconfig) (this will create the directory for
the new source)
- restart nfsen (nfsen start)
On the Collector you only have to start a new nfcapd instance for the
new source. On the collector you can even have little scripts to start
and stop all nfcapd daemons at once.
Let me know if you have any other questions.
Thanks,
Bogdan.
------------------------------
Message: 6
Date: Mon, 07 Mar 2011 13:10:32 +0100
From: imap <brian_dorl...@t-online.de>
Subject: [Nfsen-discuss] Remote Usage of nfsen
To: nfsen-discuss@lists.sourceforge.net
Message-ID: <4d74cb38.4090...@t-online.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Hi,
I need some help deciding what the best strategy would be.
I have a router sending NFLOW data to my server that is switched on
24x7. This works
and nfcapd can be used to look at the data on the server. But the server
is headless and
I usually access it via SSH. But I could run a HTTP server if required.
So now I wanted to run nfsen somewhere. I have a PC running linux, that
can access
the server via SSH or the drives on the server via NFS.
So could someone please advise what would be the best configuration for
running nfsen for me?
Cheers Brian
Do you really need to print this email? Help preserve our environment!
Devez-vous vraiment imprimer ce courriel? Pensons a l'environnement
This message (and any associated files) is intended only for the
use of the individual or entity to which it is addressed and may
contain information that is confidential, subject to copyright or
constitutes a trade secret. If you are not the intended recipient
you are hereby notified that any dissemination, copying or
distribution of this message, or files associated with this message,
is strictly prohibited. If you have received this message in error,
please notify us immediately by replying to the message and deleting
it from your computer. Messages sent to and from us may be monitored.
Internet communications cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses. Therefore, we do not accept
responsibility for any errors or omissions that are present in this
message, or any attachment, that have arisen as a result of e-mail
transmission. If verification is required, please request a hard-copy
version. Any views or opinions presented are solely those of the author
and do not necessarily represent those of the company.
------------------------------------------------------------------------------
What You Don't Know About Data Connectivity CAN Hurt You
This paper provides an overview of data connectivity, details
its effect on application quality, and explores various alternative
solutions. http://p.sf.net/sfu/progress-d2d
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
