Home | 簡體中文 | 繁體中文 | 雜文 | 知乎專欄 | Github | OSChina 博客 | 雲社區 | 雲棲社區 | Facebook | Linkedin | 視頻教程 | 打賞(Donations) | About
7.3. NetFlow
上一頁 第 7 章 網絡監控 下一頁
知乎專欄多維度架構 微信號 netkiller-ebook | QQ群:128659835 請註明“讀者”

7.3. NetFlow

查看設備是否發送Netflow包

$ sudo tcpdump -n udp port 2055

7.3.1. flow-tools - collects and processes NetFlow data

$ sudo apt-get install flow-tools

7.3.1.1. flow-capture

mkdir /opt/netflow
flow-capture -z 6 -n 143 -e 8928 -V 5 -w /opt/netflow 0/0/2055

7.3.1.2. NetFlow into MySQL with flow-tools

NetFlow into MySQL with flow-tools

創建netflow資料庫,創建flows表

CREATE TABLE `flows` (
  `FLOW_ID` int(32) NOT NULL AUTO_INCREMENT,
  `UNIX_SECS` int(32) unsigned NOT NULL default '0',
  `UNIX_NSECS` int(32) unsigned NOT NULL default '0',
  `SYSUPTIME` int(20) NOT NULL,
  `EXADDR` varchar(16) NOT NULL,
  `DPKTS` int(32) unsigned NOT NULL default '0',
  `DOCTETS` int(32) unsigned NOT NULL default '0',
  `FIRST` int(32) unsigned NOT NULL default '0',
  `LAST` int(32) unsigned NOT NULL default '0',
  `ENGINE_TYPE` int(10) NOT NULL,
  `ENGINE_ID` int(15) NOT NULL,
  `SRCADDR` varchar(16) NOT NULL default '0',
  `DSTADDR` varchar(16) NOT NULL default '0',
  `NEXTHOP` varchar(16) NOT NULL default '0',
  `INPUT` int(16) unsigned NOT NULL default '0',
  `OUTPUT` int(16) unsigned NOT NULL default '0',
  `SRCPORT` int(16) unsigned NOT NULL default '0',
  `DSTPORT` int(16) unsigned NOT NULL default '0',
  `PROT` int(8) unsigned NOT NULL default '0',
  `TOS` int(2) NOT NULL,
  `TCP_FLAGS` int(8) unsigned NOT NULL default '0',
  `SRC_MASK` int(8) unsigned NOT NULL default '0',
  `DST_MASK` int(8) unsigned NOT NULL default '0',
  `SRC_AS` int(16) unsigned NOT NULL default '0',
  `DST_AS` int(16) unsigned NOT NULL default '0',
  PRIMARY KEY (FLOW_ID)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;

創建資料庫插入腳本

			
$ cat flow-mysql-export
#!/bin/bash
 
flow-export -f3 -u "username:password:localhost:3306:netflow:flows" < /flows/router/$1

獲取Netflow信息,執行插入任務

mkdir -p /srv/flows/router
flow-capture -w /srv/flows/router -E5G 0/0/2055 -R /srv/bin/flow-mysql-export

7.3.2. netams - Network Traffic Accounting and Monitoring Software

過程 7.1. 安裝步驟

  1. netams netams-web

    $ sudo apt-get install netams netams-web
				
    $ dpkg -s netams netams-web

  2. NeTAMS administrator password

    				
┌───────────────────┤ Configuring netams ├────────────────────┐
│ Please enter password for "admin" user in NeTAMS database.  │
│                                                             │
│ NeTAMS administrator password:                              │
│                                                             │
│ *******____________________________________________________ │
│                                                             │
│                           <Ok>                              │
│                                                             │
└─────────────────────────────────────────────────────────────┘

┌──────────┤ Configuring netams ├───────────┐
│                                           │
│                                           │
│ Repeat password for NeTAMS user "admin":  │
│                                           │
│ *******__________________________________ │
│                                           │
│                  <Ok>                     │
│                                           │
└───────────────────────────────────────────┘

    如果你想重新配置安裝過程可以運行下面命令

    $ sudo dpkg-reconfigure netams netams-web

  3. 基本配置

    $ sudo vim /etc/default/netams
RUN="yes"
				
    $ sudo cp /etc/netams/netams.conf /etc/netams/netams.conf.old
$ sudo vim /etc/netams/netams.conf

$ sudo /etc/init.d/netams restart
				
    				
$ cat /etc/apache2/conf.d/netams.conf
Alias /netams/images /usr/share/netams
Alias /netams/stat /var/lib/netams/stat

<Directory /var/lib/netams/stat/>
        Options -Indexes -FollowSymlinks

        DirectoryIndex index.html

        AllowOverride All
</Directory>

<Directory /usr/share/netams/>
        Options -Indexes -FollowSymlinks
        AllowOverride None
</Directory>
				
				
    				
$ cat /etc/apache2/conf.d/netams-web.conf
ScriptAlias /netams/cgi-bin /usr/share/netams-web

# Uncomment the following if you have no netams package installed
#Alias /netams/images /usr/share/netams-web/images

<Directory /usr/share/netams-web>

        Options -Indexes +FollowSymlinks

        AddHandler cgi-script .cgi

        AllowOverride None

# By default we deny access from other hosts. May be you will need to configure
# mod_auth_basic or mod_auth_mysql.
        Order deny,allow
        Deny from All
        Allow from 127.0.0.1

</Directory>

  4. .netamsctl.rc

    $ vim ~/.netamsctl.rc
login=admin
password=123456
host=localhost


$ netamsctl "show version"
NeTAMS 3.4.3 (3475.1) buildd@yellow / Tue 06 Apr 2010 03:40:49 +0000
Run time  22 mins 6.5699 secs
System time:  22 mins 1.2800 secs
Average CPU/system load: 0.10%
Process ID: 23647 RES: 9212K
Memory allocated: 3640404 (23161), freed (31) (0 NULL) [23130 used]
Total objects:
   Oids used: 9
   NetUnits: 4
   Policies: 3
   Services: 10
   Users: 1
   Connections: 1 active, 8 total

Services info:
 Storage ID=1 type mysql wr_q 0/0 rd_q 0/0
 Data-source ID=1 type LIBPCAP source eth0:0 loop 316382 average 4182 mcsec
    Perf: average skew delay 21580 mcsec, PPS: 77, BPS: 16788
Alerter 0 queue max: 255, current: 0
 Scheduled tasks: 1

7.3.2.1. netams-web

http://localhost/netams/stat/

http://localhost/netams/cgi-bin/login.cgi


上一頁 上一級 下一頁
7.2. Bandwidth 起始頁 7.4. Ntop