├── VERSION ├── healthcheck.sh ├── entrypoint.sh ├── README.md ├── .github └── workflows │ └── build.yml ├── Makefile ├── Dockerfile ├── nfsen.conf └── LICENSE /VERSION: -------------------------------------------------------------------------------- 1 | 1.0.0 2 | -------------------------------------------------------------------------------- /healthcheck.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # set -e : exit the script if any statement returns a non-true return value 4 | set -o errexit 5 | 6 | command=$(/opt/nfsen/bin/nfsen status | grep -c "is not running") 7 | 8 | if [[ $command == "0" ]]; then 9 | echo "NFSen healthcheck success" 10 | exit 0 11 | else 12 | echo "NFSen healthcheck failed" 13 | exit 2 14 | fi 15 | -------------------------------------------------------------------------------- /entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # set -e : exit the script if any statement returns a non-true return value 4 | set -o errexit 5 | 6 | [[ "$DEBUG" == "true" ]] && set -x 7 | 8 | # Starting nfsend 9 | /opt/nfsen/bin/nfsen start 10 | 11 | mkdir -p /run/lighttpd 12 | [[ $(stat -c %U /run/lighttpd) == "www-data" ]] || chown -R www-data /run/lighttpd 13 | [[ $(stat -c %G /run/lighttpd) == "www-data" ]] || chgrp -R www-data /run/lighttpd 14 | 15 | [[ $(stat -c %U /var/www/nfsen) == "www-data" ]] || chown -R www-data /var/www/nfsen 16 | [[ $(stat -c %G /var/www/nfsen) == "www-data" ]] || chgrp -R www-data /var/www/nfsen 17 | 18 | exec "$@" 19 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Dockerized Netflow Collector 2 | 3 | Netflow collector and local processing Docker image using [NfSen](http://nfsen.sourceforge.net/) 4 | and [nfdump](http://nfdump.sourceforge.net/) for processing. 5 | 6 | This docker image can be run standalone or in conjunction with a analytics engine that will perform 7 | time based graphing and stats summarization. 8 | 9 | ## Quick reference 10 | 11 | - **Maintained by:** [Serghei Iakovlev](https://github.com/sergeyklay) 12 | - **Where to get help:** [GitHub Issues](https://github.com/sergeyklay/docker-netflow/issues) 13 | 14 | ## Supported tags and respective `Dockerfile` links 15 | 16 | - [`1.0.0`, `1.0`, `1`, `latest`, `1.0.0-bullseye`, `1.0-bullseye`, `1-bullseye`, `bullseye`](https://github.com/sergeyklay/docker-netflow/releases/tag/1.0.0) 17 | 18 | ## Quick reference (cont.) 19 | 20 | - **Where to file issues:** https://github.com/sergeyklay/docker-netflow/issues 21 | - **Supported architectures:** `amd64`, `arm32v5`, `arm32v6`, `arm32v7`, `arm64v8`, `i386`, `mips64le`, `ppc64le`, `s390x` 22 | 23 | ## What is NfSen? 24 | 25 | NfSen is a graphical web based front end for the nfdump netflow tools. 26 | 27 | For more see http://nfsen.sourceforge.net/ 28 | 29 | ## What is nfdump? 30 | 31 | The nfdump tools collect and process netflow data on the command line. They are part of the NfSen project which is explained more detailed at 32 | http://www.ripe.net/ripe/meetings/ripe-50/presentations/ripe50-plenary-tue-nfsen-nfdump.pdf 33 | 34 | For more see http://nfdump.sourceforge.net/ 35 | 36 | ## How to use this image 37 | 38 | ### start a netflow instance 39 | 40 | 41 | ```bash 42 | $ docker run -p 80:80 -p 2055:2055/udp -p 4739:4739/udp -p 6343:6343/udp -p 9996:9996/udp klay/netflow 43 | ``` 44 | 45 | ## License 46 | 47 | View [license information](http://nfsen.sourceforge.net/BSD-license.html) 48 | for NfSen contained in this image. 49 | 50 | View [license information](https://github.com/phaag/nfdump/blob/master/LICENSE) 51 | for nfdump contained in this image. 52 | 53 | As with all Docker images, these likely also contain other software which may be 54 | under other licenses (such as Bash, etc from the base distribution, along with 55 | any direct or indirect dependencies of the primary software being contained). 56 | 57 | Some additional license information which was able to be auto-detected might be found 58 | [in the repo](https://github.com/sergeyklay/docker-netflow/blob/master/VERSION). 59 | 60 | As for any pre-built image usage, it is the image user's responsibility to ensure 61 | that any use of this image complies with any relevant licenses for all software 62 | contained within. 63 | -------------------------------------------------------------------------------- /.github/workflows/build.yml: -------------------------------------------------------------------------------- 1 | name: build 2 | 3 | on: 4 | workflow_dispatch: 5 | inputs: 6 | version: 7 | description: 'version' 8 | required: true 9 | default: '1.0.0' 10 | 11 | jobs: 12 | build: 13 | runs-on: ubuntu-latest 14 | 15 | # The maximum number of minutes to let a workflow run 16 | # before GitHub automatically cancels it. Default: 360 17 | timeout-minutes: 60 18 | 19 | steps: 20 | - name: Checkout code 21 | uses: actions/checkout@v2.4.0 22 | 23 | - name: Prepare tags 24 | id: prepare 25 | run: | 26 | VERSION=${{ github.event.inputs.version }} 27 | VERSION_MAJOR=$(echo ${VERSION} | cut -f1 -d.) 28 | VERSION_MINOR="$(echo ${VERSION} | cut -f2 -d.)" 29 | 30 | PROJECT_NAME=netflow 31 | 32 | IMAGE_VND=klay 33 | IMAGE_NAME="${IMAGE_VND}/${PROJECT_NAME}" 34 | IMAGE_TAG=${VERSION} 35 | 36 | FQIN="${IMAGE_NAME}:${IMAGE_TAG}" 37 | 38 | if [[ ${GITHUB_REF} == refs/heads/* ]]; then 39 | ACTION_REF=${GITHUB_REF:11} 40 | elif [[ ${GITHUB_REF} == refs/tags/* ]]; then 41 | ACTION_REF=${GITHUB_REF:10} 42 | file 43 | 44 | TAGS="${FQIN},${IMAGE_NAME}:${VERSION_MAJOR}.${VERSION_MINOR},${IMAGE_NAME}:${VERSION_MAJOR},${IMAGE_NAME}:${VERSION}-bullseye,${IMAGE_NAME}:${VERSION_MAJOR}.${VERSION_MINOR}-bullseye,${IMAGE_NAME}:${VERSION_MAJOR}-bullseye,${IMAGE_NAME}:bullseye,${IMAGE_NAME}:latest" 45 | 46 | echo ::set-output name=build_args::VERSION=${VERSION},BUILD_ID=${ACTION_REF} 47 | echo ::set-output name=image-name::${IMAGE_NAME} 48 | echo ::set-output name=tags::${TAGS} 49 | 50 | - name: Set up QEMU 51 | uses: docker/setup-qemu-action@v1 52 | 53 | - name: Set up Docker Buildx 54 | uses: docker/setup-buildx-action@v1 55 | 56 | - name: Login to DockerHub 57 | if: github.event_name != 'pull_request' 58 | uses: docker/login-action@v1 59 | with: 60 | username: ${{ secrets.DOCKERHUB_USERNAME }} 61 | password: ${{ secrets.DOCKERHUB_PASSWORD }} 62 | 63 | - name: Build 64 | uses: docker/build-push-action@v2 65 | with: 66 | context: ./ 67 | file: ./Dockerfile 68 | platforms: linux/386,linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7,linux/ppc64le,linux/s390x 69 | push: ${{ github.event_name != 'pull_request' }} 70 | build-args: ${{ steps.prepare.outputs.build_args }} 71 | tags: ${{ steps.prepare.outputs.tags }} 72 | 73 | - name: Clear 74 | if: always() 75 | run: | 76 | rm -rf ${HOME}/.docker/config.json 77 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | SHELL ?= /usr/bin/env bash 2 | 3 | # PLATFORMS ?= linux/arm64 4 | PLATFORMS ?= linux/arm64,linux/amd64,linux/386,linux/arm/v7,linux/arm/v6 5 | 6 | PROJECT_NAME ?= netflow 7 | VERSION ?= 1.0.0 8 | 9 | IMAGE_VND ?= klay 10 | IMAGE_NAME ?= $(IMAGE_VND)/$(PROJECT_NAME) 11 | IMAGE_TAG ?= $(VERSION) 12 | FQIN ?= $(IMAGE_NAME):$(IMAGE_TAG) 13 | 14 | ifneq ($(TERM),) 15 | BLUE := $(shell tput setaf 4) 16 | RESET := $(shell tput sgr0) 17 | M := $(shell printf "$(BLUE)▶$(RESET) ") 18 | else 19 | M := $(shell printf "▶ ") 20 | endif 21 | 22 | ifneq "$(wildcard $(CURDIR)/VERSION)" "" 23 | VERSION ?= $(shell cat $(CURDIR)/VERSION | head -n 1) 24 | else 25 | VERSION ?= 1.0.0 26 | endif 27 | 28 | VERSION_MAJOR := $(shell echo $(VERSION) | cut -f1 -d.) 29 | VERSION_MINOR := $(shell echo $(VERSION) | cut -f2 -d.) 30 | BUILD_ID ?= $(shell git rev-parse --short HEAD || echo -n 0000000) 31 | 32 | # build project by default 33 | .DEFAULT_GOAL = build 34 | 35 | # programs 36 | DOCKER ?= docker 37 | 38 | .PHONY: build 39 | build: Dockerfile 40 | build: ; $(info $(M)build docker image...) @ ## Build docker image 41 | $(DOCKER) buildx build \ 42 | --build-arg VERSION="$(VERSION)" \ 43 | --build-arg BUILD_ID="$(BUILD_ID)" \ 44 | --platform "$(PLATFORMS)" \ 45 | --pull \ 46 | --push \ 47 | --tag "$(FQIN)" \ 48 | --tag "$(IMAGE_NAME):$(VERSION_MAJOR).$(VERSION_MINOR)" \ 49 | --tag "$(IMAGE_NAME):$(VERSION_MAJOR)" \ 50 | --tag "$(IMAGE_NAME):$(VERSION)-bullseye" \ 51 | --tag "$(IMAGE_NAME):$(VERSION_MAJOR).$(VERSION_MINOR)-bullseye" \ 52 | --tag "$(IMAGE_NAME):$(VERSION_MAJOR)-bullseye" \ 53 | --tag "$(IMAGE_NAME):bullseye" \ 54 | --tag "$(IMAGE_NAME):latest" . 55 | @echo 56 | 57 | .PHONY: help 58 | help: ## Show this help and exit 59 | @echo 'Dockerized Netflow Collector' 60 | @echo 61 | @echo 'Usage:' 62 | @echo 63 | @echo ' make TARGET [[ENV_VARIABLE=ENV_VALUE] ...]' 64 | @echo 65 | @echo 'Available targets:' 66 | @echo '' 67 | @grep -hE '^[a-zA-Z. 0-9_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | \ 68 | awk 'BEGIN {FS = ":.*?## " }; {printf " %-13s %s\n", $$1, $$2}' 69 | @echo 70 | @echo 'Flags:' 71 | @echo '' 72 | @echo ' PLATFORMS: $(PLATFORMS)' 73 | @echo ' VERSION: $(VERSION)' 74 | @echo ' BUILD_ID: $(BUILD_ID)' 75 | @echo 76 | @echo 'Environment variables:' 77 | @echo 78 | @echo ' SHELL: $(shell echo $$SHELL)' 79 | @echo ' TERM: $(shell echo $$TERM)' 80 | @echo 81 | @echo 'Docker:' 82 | @echo 83 | @echo ' Docker bin: $(DOCKER)' 84 | @echo ' Docker image: $(IMAGE_NAME)' 85 | @echo ' Docker tags:' 86 | @echo ' - $(FQIN)' 87 | @echo ' - $(IMAGE_NAME):$(VERSION_MAJOR).$(VERSION_MINOR)' 88 | @echo ' - $(IMAGE_NAME):$(VERSION_MAJOR)' 89 | @echo ' - $(IMAGE_NAME):$(VERSION)-bullseye' 90 | @echo ' - $(IMAGE_NAME):$(VERSION_MAJOR).$(VERSION_MINOR)-bullseye' 91 | @echo ' - $(IMAGE_NAME):$(VERSION_MAJOR)-bullseye' 92 | @echo ' - $(IMAGE_NAME):bullseye' 93 | @echo ' - $(IMAGE_NAME):latest' 94 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:bullseye-slim AS builder 2 | 3 | ARG NFDUMP_VERSION=1.6.23 4 | ARG NFSEN_VERSION=1.3.8 5 | ARG TIMEZONE=UTC 6 | ARG VERSION=1.0.0 7 | ARG BUILD_ID=0000000 8 | 9 | ENV DEBIANFRONTEND=noninteractive 10 | ENV NFDUMP_VERSION=${NFDUMP_VERSION} 11 | ENV NFSEN_VERSION=${NFSEN_VERSION} 12 | ENV TIMEZONE=${TIMEZONE} 13 | ENV VERSION=${VERSION} 14 | ENV BUILD_ID=${BUILD_ID} 15 | 16 | RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections \ 17 | && apt-get update -qq \ 18 | && apt-get install --no-install-recommends --no-install-suggests -y \ 19 | autoconf \ 20 | autogen \ 21 | automake \ 22 | bison \ 23 | build-essential \ 24 | ca-certificates \ 25 | flex \ 26 | libbz2-dev \ 27 | librrd-dev \ 28 | libtool \ 29 | m4 \ 30 | pkg-config \ 31 | wget 32 | 33 | WORKDIR /artifacts 34 | 35 | # Bellow are nfdump configure options: 36 | # 37 | # --prefix - Install files in PREFIX/bin, PREFIX/lib, etc. 38 | # --enable-nfprofile - Build nfprofile used by NfSen. 39 | # --enable-nftrack - Build nftrack used by PortTracker. 40 | # --enable-sflow - Build sflow collector sfcpad. 41 | # 42 | RUN wget -O nfdump.tar.gz https://github.com/phaag/nfdump/archive/refs/tags/v${NFDUMP_VERSION}.tar.gz \ 43 | && tar -xzf nfdump.tar.gz \ 44 | && cd nfdump-${NFDUMP_VERSION} \ 45 | && bash autogen.sh \ 46 | && mkdir -p /artifacts/nfdump \ 47 | && ./configure \ 48 | --prefix=/artifacts/nfdump \ 49 | --enable-nfprofile \ 50 | --enable-nftrack \ 51 | --enable-sflow \ 52 | && make \ 53 | && make install 54 | 55 | ADD nfsen.conf /artifacts/nfsen.conf 56 | ADD entrypoint.sh /artifacts/entrypoint.sh 57 | ADD healthcheck.sh /artifacts/healthcheck.sh 58 | 59 | WORKDIR /artifacts 60 | RUN wget -O nfsen.tar.gz http://sourceforge.net/projects/nfsen/files/stable/nfsen-${NFSEN_VERSION}/nfsen-${NFSEN_VERSION}.tar.gz \ 61 | && tar -xzf nfsen.tar.gz \ 62 | && mv nfsen-${NFSEN_VERSION} nfsen \ 63 | && sed -i -re "s|rrd_version < 1.6|rrd_version < 1.8|g" nfsen/libexec/NfSenRRD.pm \ 64 | && mv /artifacts/nfsen.conf /artifacts/nfsen/etc/nfsen.conf 65 | 66 | FROM debian:bullseye-slim 67 | 68 | ARG TIMEZONE=UTC 69 | ARG VERSION=1.0.0 70 | ARG BUILD_ID=0000000 71 | 72 | LABEL org.opencontainers.image.authors="Serghei Iakovlev " \ 73 | org.opencontainers.image.description="Slimmed-down Netflow collector and local processing Docker image" \ 74 | org.opencontainers.image.source="https://github.com/sergeyklay/docker-netflow" \ 75 | org.opencontainers.image.version=$VERSION \ 76 | org.opencontainers.image.revision=$BUILD_ID 77 | 78 | # Copy artifacts 79 | COPY --from=builder /artifacts/nfdump/ /usr/local 80 | COPY --from=builder /artifacts/nfsen /build/nfsen 81 | 82 | # start script 83 | COPY --from=builder /artifacts/entrypoint.sh /entrypoint.sh 84 | 85 | # healthcheck script 86 | COPY --from=builder /artifacts/healthcheck.sh /healthcheck.sh 87 | 88 | HEALTHCHECK --interval=1m --timeout=5s CMD /healthcheck.sh 89 | 90 | RUN ln -snf /usr/share/zoneinfo/${TIMEZONE} /etc/localtime \ 91 | && echo "$TIMEZONE" > /etc/timezone \ 92 | && echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections \ 93 | && apt-get update -qq \ 94 | && apt-get install --no-install-recommends --no-install-suggests -y \ 95 | libmailtools-perl \ 96 | librrds-perl \ 97 | libsocket6-perl \ 98 | lighttpd \ 99 | php-cgi \ 100 | && lighttpd-enable-mod fastcgi-php \ 101 | && sed -i -re 's|^server.document-root[ ]+=.*|server.document-root = "/var/www/nfsen"|g' /etc/lighttpd/lighttpd.conf \ 102 | && sed -i -re 's|^server.errorlog[ ]+=.*|server.errorlog = "/dev/stdout"|g' /etc/lighttpd/lighttpd.conf \ 103 | && sed -i -re 's|^index-file.names[ ]+=.*|index-file.names = ( "nfsen.php" )|g' /etc/lighttpd/lighttpd.conf \ 104 | && sed -i -re 's|^server.pid-file[ ]+=.*|server.pid-file = "/run/lighttpd/lighttpd.pid"|g' /etc/lighttpd/lighttpd.conf \ 105 | && sed -i -re 's|"socket"[ ]+=>.*|"socket" => "/run/lighttpd/php.socket",|g' /etc/lighttpd/conf-enabled/15-fastcgi-php.conf \ 106 | && mkdir -p /var/www /opt/nfsen /build/nfsen \ 107 | && cd /build/nfsen \ 108 | && ldconfig \ 109 | && echo | ./install.pl ./etc/nfsen.conf || true \ 110 | && chmod +x /entrypoint.sh \ 111 | && rm -rf /var/www/html \ 112 | && rm -f /etc/lighttpd/conf-enabled/99-unconfigured.conf \ 113 | && rm -rf /build \ 114 | && apt-get autoremove -y >/dev/null 2>&1 || true \ 115 | && apt-get clean -y >/dev/null 2>&1 || true \ 116 | && apt-get autoclean -y >/dev/null 2>&1 || true \ 117 | && rm -rf /tmp/* /var/tmp/* \ 118 | && find /var/cache/apt/archives /var/lib/apt/lists -not -name lock -type f -delete \ 119 | && find /var/cache -type f -delete \ 120 | && find /var/log -type f | while read -r f; do echo -ne '' > "${f}" >/dev/null 2>&1 || true; done 121 | 122 | # HTTP server 123 | EXPOSE 80 124 | 125 | # NetFlow 126 | EXPOSE 2055/udp 127 | 128 | # IPFIX 129 | EXPOSE 4739/udp 130 | 131 | # sFlow 132 | EXPOSE 6343/udp 133 | 134 | ENTRYPOINT ["/entrypoint.sh"] 135 | 136 | CMD ["lighttpd", "-D", "-f", "/etc/lighttpd/lighttpd.conf", "2>&1"] 137 | -------------------------------------------------------------------------------- /nfsen.conf: -------------------------------------------------------------------------------- 1 | ############################## 2 | # 3 | # NfSen master config file 4 | # 5 | # Configuration of NfSen: 6 | # Set all the values to fit your NfSen setup and run the 'install.pl' 7 | # script from the nfsen distribution directory. 8 | # 9 | # The syntax must conform to Perl syntax. 10 | # 11 | ############################## 12 | # 13 | # NfSen default layout: 14 | # Any scripts, modules or profiles are installed by default under $BASEDIR. 15 | # However, you may change any of these settings to fit your requested layout. 16 | 17 | # 18 | # Required for default layout 19 | $BASEDIR = "/opt/nfsen"; 20 | 21 | # 22 | # Where to install the NfSen binaries 23 | $BINDIR="${BASEDIR}/bin"; 24 | 25 | # 26 | # Where to install the NfSen Perl modules 27 | $LIBEXECDIR="${BASEDIR}/libexec"; 28 | 29 | # 30 | # Where to install the config files 31 | $CONFDIR="${BASEDIR}/etc"; 32 | 33 | # 34 | # NfSen html pages directory: 35 | # All php scripts will be installed here. 36 | # URL: Entry point for nfsen: http:///nfsen/nfsen.php 37 | $HTMLDIR = "/var/www/nfsen/"; 38 | 39 | # 40 | # Where to install the docs 41 | $DOCDIR="${HTMLDIR}/doc"; 42 | 43 | # 44 | # Var space for NfSen 45 | $VARDIR="${BASEDIR}/var"; 46 | 47 | # directory for all pid files 48 | # $PIDDIR="$VARDIR/run"; 49 | # 50 | # Filter directory 51 | # FILTERDIR="${VARDIR}/filters"; 52 | # 53 | 54 | # FORMATDIR for custom printing formats 55 | # FORMATDIR="${VARDIR}/fmt"; 56 | # 57 | 58 | # 59 | # The Profiles stat directory, where all profile information 60 | # RRD DBs and png pictures of the profile are stored 61 | $PROFILESTATDIR="${BASEDIR}/profiles-stat"; 62 | 63 | # 64 | # The Profiles directory, where all netflow data is stored 65 | $PROFILEDATADIR="${BASEDIR}/profiles-data"; 66 | 67 | # 68 | # Where go all the backend plugins 69 | $BACKEND_PLUGINDIR="${BASEDIR}/plugins"; 70 | 71 | # 72 | # Where go all the frontend plugins 73 | $FRONTEND_PLUGINDIR="${HTMLDIR}/plugins"; 74 | 75 | # 76 | # nfdump tools path 77 | $PREFIX = '/usr/local/bin'; 78 | 79 | # 80 | # nfsend communication socket 81 | # $COMMSOCKET = "$PIDDIR/nfsen.comm"; 82 | 83 | # BASEDIR unrelated vars: 84 | # 85 | # Run nfcapd as this user 86 | # This may be a different or the same uid than your web server. 87 | # Note: This user must be in group $WWWGROUP, otherwise nfcapd 88 | # is not able to write data files! 89 | $USER = "www-data"; 90 | 91 | # user and group of the web server process 92 | # All netflow processing will be done with this user 93 | $WWWUSER = "www-data"; 94 | $WWWGROUP = "www-data"; 95 | 96 | # Receive buffer size for nfcapd - see man page nfcapd(1) 97 | $BUFFLEN = 200000; 98 | 99 | # list of extensions for each collector. See argument -T 100 | # for nfcapd(1) for more detailes. 101 | # defaults to empty -> compatible to nfdump-1.5.8 102 | # $EXTENSIONS = ''; 103 | # Example: 104 | # $EXTENSIONS = 'all'; 105 | # $EXTENSIONS = '+3,+4'; 106 | # 107 | # Directory sub hierarchy layout: 108 | # Possible layouts: 109 | # 110 | # 0 default no hierachy levels - flat layout - compatible with pre NfSen versions 111 | # 1 %Y/%m/%d year/month/day 112 | # 2 %Y/%m/%d/%H year/month/day/hour 113 | # 3 %Y/%W/%u year/week_of_year/day_of_week 114 | # 4 %Y/%W/%u/%H year/week_of_year/day_of_week/hour 115 | # 5 %Y/%j year/day-of-year 116 | # 6 %Y/%j/%H year/day-of-year/hour 117 | # 7 %Y-%m-%d year-month-day 118 | # 8 %Y-%m-%d/%H year-month-day/hour 119 | $SUBDIRLAYOUT = 1; 120 | 121 | # Compress flows while collecting 0 or 1 122 | $ZIPcollected = 1; 123 | 124 | # Compress flows in profiles 0 or 1 125 | $ZIPprofiles = 1; 126 | 127 | # Interrupt expire -- not yet enabled as not yet fully tested 128 | #$InterruptExpire = 0; 129 | 130 | # number of nfprofile processes to spawn during the profiling phase 131 | # depends on how busy your system is and how many CPUs you have 132 | # on very busy systems increase it to a higher value 133 | $PROFILERS = 2; 134 | 135 | # if the PROFILEDATADIR is filled up to this percentage, a warning message will be printed. 136 | # set to 0 to disable the test 137 | $DISKLIMIT = 98; 138 | 139 | # number of nfprofile processes to spawn during the profiling phase 140 | $PROFILERS = 6; 141 | 142 | # Some Perl Versions/Builds have memory leaks for unknown reason. 143 | # Therefore nfsend will increase its memory footprint over time. 144 | # In order to reset nfsend, it automatically reloads after 1 day 145 | # if PERL_HAS_MEMLEAK is set to 1 146 | # $PERL_HAS_MEMLEAK=0; 147 | 148 | # Netflow sources 149 | # Define an ident string, port and colour per netflow source 150 | # 151 | # Required parameters: 152 | # ident identifies this netflow source. e.g. the router name, 153 | # Upstream provider name etc. 154 | # port nfcapd listens on this port for netflow data for this source 155 | # set port to '0' if you do not want a collector to be started 156 | # col colour in nfsen graphs for this source 157 | # 158 | # Optional parameters 159 | # type Collector type needed for this source. Can be 'netflow' or 'sflow'. Default is netflow 160 | # optarg Optional args to the collector at startup 161 | # 162 | # Syntax: 163 | # 'ident' => { 'port' => '', 'col' => '', 'type' => '' } 164 | # Ident strings must be 1 to 19 characters long only, containing characters [a-zA-Z0-9_]. 165 | 166 | %sources = ( 167 | 'netflow-global' => { 'port' => '2055', 'col' => '#0000ff', 'type' => 'netflow' }, 168 | 'ipfix-global' => { 'port' => '4739', 'col' => '#0000ff', 'type' => 'netflow' }, 169 | 'sflow-global' => { 'port' => '6343', 'col' => '#0000ff', 'type' => 'sflow' }, 170 | ); 171 | 172 | # 173 | # Low water mark: When expiring files, delete files until 174 | # size = $low_water % of max_size 175 | # typically 90 176 | $low_water = 90; 177 | 178 | # 179 | # syslog facility for periodic jobs 180 | # nfsen uses level 'debug', 'info', 'warning' and 'err' 181 | # Note: nfsen is very chatty for level 'debug' and 'info' 182 | # For normal operation, you may set the logging level in syslog.conf 183 | # to warning or error unless you want to debug NfSen 184 | $syslog_facility = 'local3'; 185 | 186 | # 187 | # SYSLOG mess 188 | # Log socket type: Most *NIX such as LINUX and *BSD are fine with 'unix' 189 | # which is the default. You need to change that to 'stream' or 'inet' for 190 | # some Solaris version 8/9, AIX and others .. 191 | # You may set it to undef to prevent calling Sys::Syslog::setlogsock at all 192 | # ( works for Solaris 10 and newer Sys::Syslog module 193 | # 194 | # If not defined at all, 'unix' is assumed unless for Solaris, which defaults to 'stream' 195 | $LogSocket = undef; 196 | 197 | # 198 | # Plugins 199 | # Plugins extend NfSen for the purpose of: 200 | # Periodic data processing, alerting-condition and alerting-action 201 | # For data processing a plugin may run for any profile or for a specific profile only. 202 | # Syntax: [ 'profile list', 'module' ] 203 | # profile list: ',' separated list of profiles ( 'profilegroup/profilename' ), 204 | # or '*' for any profile, '!' for no profile 205 | # module: Perl Module name, equal to plugin name 206 | # The profile list '!' make sense for plugins, which only provide alerting functions 207 | # 208 | # The module follows the standard Perl module conventions, with at least one 209 | # function: Init(). See demoplugin.pm for a simple template. 210 | # 211 | # A file with the same name in the FRONTEND_PLUGINDIR and .php extension is automatically 212 | # recongized as frontend plugin. 213 | # 214 | # Plugins are installed under 215 | # $BACKEND_PLUGINDIR and $FRONTEND_PLUGINDIR 216 | 217 | @plugins = ( 218 | # profile # module 219 | # [ '*', 'demoplugin' ], 220 | ); 221 | 222 | %PluginConf = ( 223 | # For plugin demoplugin 224 | demoplugin => { 225 | # scalar 226 | param2 => 42, 227 | # hash 228 | param1 => { 'key' => 'value' }, 229 | }, 230 | # for plugin otherplugin 231 | otherplugin => [ 232 | # array 233 | 'mary had a little lamb' 234 | ], 235 | ); 236 | 237 | # 238 | # Alert module: email alerting: 239 | # Use this from address 240 | $MAIL_FROM = 'your@from.example.net'; 241 | 242 | # Use this SMTP server 243 | $SMTP_SERVER = 'localhost'; 244 | 245 | # Use this email body: 246 | # You may have multiple lines of text. 247 | # Var substitution: 248 | # @alert@ replaced by alert name 249 | # @timeslot@ replaced by timeslot alert triggered 250 | $MAIL_BODY = q{ 251 | Alert '@alert@' triggered at timeslot @timeslot@ 252 | }; 253 | 254 | ###################################################### 255 | # 256 | # For the NfSen simulator include the section below. 257 | # 258 | ###################################################### 259 | # 260 | # Nfsen Simulator 261 | # The simulator requires, that you have already installed 262 | # and configured NfSen. The simulation is based on already 263 | # pre-colleted data, which you may get from another live 264 | # NfSen system. 265 | # 266 | # Steps to setup the NfSen simulator: 267 | # 1. Configure the sources of the live profile with the 268 | # same names of the NfSen system, you take netflow data 269 | # for the simulation. Set the port for each netflow source 270 | # to 0 to prevent a collector to be started. 271 | # Install NfSen with this config in a seperate directory 272 | # 2. Copy the pre-collected data into the appropriate 273 | # netflow directory of the live profile. 274 | # 3. Configure the simulator using the parameters below 275 | # Enable Simulation mode => $SIMmode = 1 276 | # Configure the time window of the pre-collected data. 277 | # tstart => Start of time window. yyyymmddhhmm 278 | # tbegin => Optional parameter. Start of simulation 279 | # profile exists already between tstart - tbegin 280 | # tend => End of time window. yyyymmddhhmm 281 | # cycletime => simulation time in seconds of a 5min slot 282 | # Setting cycletime = 0 processes the cycles as fast as 283 | # possible. Please note, if you test plugings, your 284 | # cycletime needs to be at least the time required to 285 | # process all plugins. 286 | # 4. Start nfsen: ../nfsen start 287 | # Simulation starts 288 | # 289 | # The simulator runs from tstart to tend and stops when tend 290 | # is reached. You may stop the simulation at any given time 291 | # using ./nfsen stop. To continue the simulation start NfSen 292 | # again: ./nfsen start. You may reset the simulator at any 293 | # given time using ./nfsen abort-reset. This stops the sumulation 294 | # and rolls back to tstart. All profiles/alerts are deleted, 295 | # so you may start from scratch again. 296 | # 297 | # Configure simulator parameters 298 | # 299 | # $SIMmode = 1; 300 | # %sim = ( 301 | # 'tstart' => '200707100000', # Simulation data available from July 10th 2007 00:00 302 | # 'tbegin' => '200707110000', # Simulation begins at July 11th 2007 00:00 303 | # 'tend' => '200707112355', # Simulation ends at July 11th 2007 23:55 304 | # 'cycletime' => '30', # 30s per 5min slot 305 | # ); 306 | 307 | 1; 308 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | --------------------------------------------------------------------------------