| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| en:dpi:dpi_components:utilities:oldutility:ipfixreceiver [2019/05/13 19:20] – kvazikrav | en:dpi:dpi_components:utilities:oldutility:ipfixreceiver [2024/09/26 15:29] (current) – external edit 127.0.0.1 |
|---|
| ==== CentOS6 ==== | ==== CentOS6 ==== |
| |
| - add the VAS Experts repository according to the item 1 of [[en:dpi:dpi_components:platform:dpi_update:dpi_update_10:dpi_10_update:start|DPI installation]] instruction manual. | - add the VAS Experts repository <code>rpm --import http://vasexperts.ru/centos/RPM-GPG-KEY-vasexperts.ru |
| | rpm -Uvh http://vasexperts.ru/centos/6/x86_64/vasexperts-repo-1-0.noarch.rpm</code> |
| - instal the ipfixreceiver:\\ <code>yum install -y ipfixreceiver</code> | - instal the ipfixreceiver:\\ <code>yum install -y ipfixreceiver</code> |
| - check for the changes in the configuration files so they to be consistent with ipfixreceiver current version, see the "Important changes" section. | - check for the changes in the configuration files so they to be consistent with ipfixreceiver current version, see the "Important changes" section. |
| |
| ==== CentOS7 ==== | ==== CentOS7 ==== |
| - add the VAS Experts repository according to the item 1 of [[en:dpi:dpi_components:platform:dpi_update:dpi_update_10:dpi_10_update:start|DPI installation]] instruction manual. | - add the VAS Experts repository <code>rpm --import http://vasexperts.ru/centos/RPM-GPG-KEY-vasexperts.ru |
| | rpm -Uvh http://vasexperts.ru/centos/6/x86_64/vasexperts-repo-1-0.noarch.rpm</code> |
| - install the epel repository <code>yum -y install epel-release</code> | - install the epel repository <code>yum -y install epel-release</code> |
| - install the forencis repository: <code>rpm --import https://forensics.cert.org/forensics.asc | - install the forencis repository: <code>rpm --import https://forensics.cert.org/forensics.asc |
| rpm -Uvh https://forensics.cert.org/cert-forensics-tools-release-el7.rpm</code> | rpm -Uvh https://forensics.cert.org/cert-forensics-tools-release-el7.rpm</code> |
| - установите ipfixreceiver:\\ <code>yum -y install libfixbuf --disablerepo=forensics | - install the ipfixreceiver:\\ <code>yum -y install libfixbuf --disablerepo=forensics |
| yum -y install netsa-python netsa_silk | yum -y install netsa-python netsa_silk |
| yum -y install ipfixreceiver --disablerepo=forensics</code> | yum -y install ipfixreceiver --disablerepo=forensics</code> |
| - auxiliary files:\\ <code>/etc/dpiui/port_proto.txt contains the information on the translation of protocol identifier to its string representation, | - auxiliary files:\\ <code>/etc/dpiui/port_proto.txt contains the information on the translation of protocol identifier to its string representation, |
| it is used by the utility to get the protocol text-based name by its identifier</code> | it is used by the utility to get the protocol text-based name by its identifier</code> |
| - links to the executable:\\ <code>/usr/local/bin/ipfixreceiver -> link to the /usr/local/lib/ipfixreceiver.d/ipfixreceiver</code> | - links to the executables:\\ <code>/usr/local/bin/ipfixreceiver -> link to the /usr/local/lib/ipfixreceiver.d/ipfixreceiver</code> |
| |
| ===== Additional OS settings ===== | ===== Additional OS settings ===== |
| |
| The field names and their description can be accessed from the following links:\\ | The field names and their description can be accessed from the following links:\\ |
| - [[en:dpi:dpi_options:base_functionality:opt_statistics:statistics_ipfix:start|Netflow export template using the IPFIX format]] | - [[en:dpi:dpi_options:opt_statistics:statistics_ipfix|Netflow export template using the IPFIX format]] |
| - [[en:dpi:dpi_options:base_functionality:opt_li:li_ipfix:start|Clickstream and SIP export templates]] | - [[en:dpi:dpi_options:opt_li:li_ipfix|Clickstream and SIP export templates]] |
| - [[en:dpi:dpi_components:radius:radmon_acct_ipfix:start|AAA export template using the IPFIX format]] | - [[en:dpi:dpi_components:radius:radmon_acct_ipfix|AAA export template using the IPFIX format]] |
| |
| |
| </code> | </code> |
| |
| ==== Создаем сервис в Centos7 ==== | ==== Creation of systemd ipfixreceiver service in Centos7 ==== |
| Создание сервиса в centos7 по шагам, название сервиса **ipfix1**, используемая конфигурация **/etc/dpiui/ipfixreceiver.conf**, используемый порт **1500**. \\ | Step-by-step creation of service in Centos 7, here the service name is ** ipfix1 **, its configuration is in the **/etc/dpiui/ipfixreceiver.conf** file, listening port is **1500**. \\ |
| Создаем файл /etc/systemd/system/ipfix1.service следующего содержания: | Create the /etc/systemd/system/ipfix1.service file as follows: |
| <code> | <code> |
| [Unit] | [Unit] |
| WantedBy=multi-user.target | WantedBy=multi-user.target |
| </code> | </code> |
| Выполняем: | Issue the following commands: |
| systemctl enable ipfix1.service | systemctl enable ipfix1.service |
| systemctl start ipfix1.service | systemctl start ipfix1.service |
| systemctl daemon-reload | systemctl daemon-reload |
| |
| Проверяем: | Check whether the service is running: |
| systemctl status ipfix1.service -l | systemctl status ipfix1.service -l |
| :!:**не забудьте проверить поднятие сервиса после перезагрузки** | :!: **Do not forget to check the service status after rebooting!** |
| |
| ===== Проблемы и решения ===== | ===== Troubleshooting ===== |
| - как получить версию утилиты?\\ Используйте следующие команды:\\ <code>ipfixreceiver -v</code><code>yum info ipfixreceiver</code> | - how to get utility version?\\ You should use the following commands:\\ <code>ipfixreceiver -v</code><code>yum info ipfixreceiver</code> |
| - можно ли на один порт отправлять IPFIX потоки с разных DPI?\\ Да. Единственное в записываемом потоке их будет не различить. | - Is it allowed to send IPFIX flows from different DPI to one port?\\ Yes, it is. The only thing is that they can not be distinguished in the recorded flow. |
| - как понять, что утилита работает?\\ a) проверьте, что порт из конфигурации прослушивается утилитой, например 1500:<code>netstat -nlp | grep 1500</code> b) проверьте лог, нет ли ошибок\\ c) Проверьте, что запись в промежуточный файл происходит, например для 9996 порта (директория для файлов - /var/dump/dpiui/ipfixurl): <code>tail -f /var/dump/dpiui/ipfixurl/9996.url.dump</code> | - How can I understand that the utility works properly?\\ a) check that the port specified in the configuration file is listened on by the utility, for example 1500:<code>netstat -nlp | grep 1500</code> b) check the log for errors\\ c) check that the writing to the temporary file occurs, for example for port 9996 (directory for dump files: /var/dump/dpiui/ipfixurl): <code>tail -f /var/dump/dpiui/ipfixurl/9996.url.dump</code> |
| - все проверено, но приема сообщений нет?\\ a) забыли открыть порт в iptables.\\ b) инициализировали ipfixreceiver с неверным IP сервера. | - everything is checked, but the messages are not received?\\ a) it seems you have forgotten to open port in iptables\\ b) it seems you have initialized ipfixreceiver with the wrong server IP. |
| - с DPI идет большое количество сессий (более 2 млн сессий/мин), при включенном DEBUG режиме видно, что счетчик обмена буферами не успевает записать до получения следующего блока записей, что можно сделать?\\ a) удалите преобразование даты в строку, это уменьшит процессорное время на обработку и дополнительно получите уменьшение объема результирующего файла\\ b) удалите преобразование decodeipv4, не значительно, но так же получите ускорение записи файла\\ c)настройте buffer_size при к-ве сес /сек более 30к совместно с п.d\\ d) увеличьте частоту процессора и объем памяти | - a huge number of sessions (more than 2 million sessions/min) is going from the DPI, it can be seen with the DEBUG mode on that the buffer exchange counter does not have time to write before receiving the next block of records, what can be done in this case?\\ a) remove the date-to-line conversion, this will reduce the time needed for processing and in addition you will receive reduction the size of resulting file\\ b) remove the decodeipv4 conversion; it will not affect significantly, but you can get the higher speed of writing the file\\ c) configure the ''buffer_size'' when number of sessions per second is more than 30k along with the following item d)\\ d) increase the processor frequency and RAM |
