Differences

This shows you the differences between two versions of the page.

--- en:dpi:dpi_components:utilities:oldutility:nfsen:nfsen_ext [2024/09/26 15:29] – external edit 127.0.0.1
+++ en:dpi:dpi_components:utilities:oldutility:nfsen:nfsen_ext [2025/08/29 09:45] (current) – elena.krasnobryzh
@@ Line 1: / Line 1: @@
-====== Extended functionality ======
+====== Advanced Capabilities ======
-{{indexmenu_n>5}}
+{{indexmenu_n>6}}
-NFSEN functionality is extended to include making of charts and reports indicating independent systems' and protocols' names.
+NFSEN is enhanced with capabilities for generating graphs and reports considering autonomous system names
-<html><div class="menu"></html>
+and protocol names.
-  -[[nfsen_ext_graph|Making charts]]
-  -[[nfsen_ext_reports|Making reports]]
-  -[[nfsen_full_netflow|Making reports by IP]]
-<html></div></html>
+  - Graph generation
+  - Report generation
+  - IP-based report generation
+===== Graph Generation =====
+Before generating a graph, ensure that at least one day's worth of statistics has been accumulated.
+For your convenience, we have created scripts that automatically calculate the top N protocols (or directions - autonomous systems) and create a profile where each is highlighted with its own color.
+Run the script to create a profile with top protocols
+<code>
+/usr/local/nfsen/bin/create_top_protocols --consumers 8 --divide-up-down --profile-name top_8_protocols
+</code>
+where
+consumers 8 - number of protocols displayed on the graph (maximum 10)\\
+divide-up-down - means incoming and outgoing traffic will be displayed separately relative to the zero axis\\
+profile-name top_8_protocols - name of the created profile((the profile is selected in the upper right corner of the NFSEN screen; if you cannot select the newly created profile, select the Stat tab in the top row))
+As a result of the script, the profile top_8_protocols will be created, where the top 8 protocols by volume will be highlighted in different colors on the graphs:
+{{ nfsen-combined.png }}
+Protocols not in the top will be combined into "others" under a common color on the graph\\
+This profile is convenient for generating protocol reports, as indicated in the section [[dpi:dpi_components:utilities:oldutility:nfsen:nfsen_ext#report_generation|Report Generation]]
+Furthermore, on the graphs, you can leave only the protocols we are interested in by unchecking the boxes next to "extra" protocols in the Statistics section (located below the graphs).\\
+Example: only torrents are left on the graph
+{{ nfsen-torrents.png }}
+Similarly, to create a profile with top directions, run the script:
+<code>
+/usr/local/nfsen/bin/create_top_directions --consumers 10 --divide-up-down --profile-name top_10_directions
+</code>
+As a result, the profile top_10_directions will be created, where you can, for example, visually observe
+the difference in traffic volume to GOOGLE and VKONTAKTE services
+{{ nfsen-vk-vs-google.png }}
+===== Report Generation =====
+Select the live profile (profile is selected in the upper right corner) or, if you previously created a separate profile with top directions, as indicated in the section [[dpi:dpi_components:utilities:oldutility:nfsen:nfsen_ext#graph_generation|Graph Generation]], then select it.
+To create a report on autonomous systems, click the Details tab in the very top row and select on the graph
+the required period (Time Window) or move the slider to the investigated moment in time (Single Timeslot)
+Now in the Options section (under Netflow Processing), select the type of desired report:
+{{ :en:nfsen-dir-options.png |}}
+where Stat TopN - list of top directions\\
+Top: 10 - number of elements in the top\\
+Stat: Any AS Name/SRC AS Name or DST AS Name - consider all traffic or only in one direction\\
+Order By: bytes - calculate top by data volume\\
+and press the Process button.\\
+For the live profile, you must also select only Source: directions
+As a result, a report on top data transmission directions will be prepared
+{{ :en:nfsen-dir-report.png?1000 |}}
+Similarly, when selecting Source: protocols or a separate profile with top protocols, you can generate
+reports on protocols in both or one of the directions DPI Protocol/IN DPI Protocol/OUT DPI Protocol\\
+{{ :en:nfsen-options.png |}}\\
+{{ :en:nfsen-proto-report.png?900 }}
+===== IP-Based Report Generation =====
+. Add a new data receiver to the nfsen configuration
+<code>
+vi /usr/local/nfsen/etc/nfsen.conf
+%sources = (
+'protocols' => { 'port' => '9997', 'col' => '#00ff00', 'type' => 'netflow' },
+'directions' => { 'port' => '9998', 'col' => '#ffff00', 'type' => 'netflow' },
+'full' => { 'port' => '9999', 'col' => '#114422', 'type' => 'netflow' }
+);
+</code>
+. Activate changes in the configuration
+<code>
+/usr/local/nfsen/bin/nfsen reconfig
+</code>
+. Allow udp reception on port 9999 in iptables
+<code>
+vi /etc/sysconfig/iptables
+-A INPUT -m state --state NEW -m udp -p udp --dport 9999 -j ACCEPT
+service iptables restart
+</code>
+. Activate full netflow sending to the created collector on dpi (in addition to protocol and direction collectors)
+<code>
+vi /etc/dpi/fastdpi.conf
+netflow=11
+netflow_full_collector=127.0.0.1:9999
+netflow_passive_timeout=20
+netflow_active_timeout=60
+service fastdpi restart
+</code>
+nfsen is not the best tool for investigating full netflow
+but it allows generating simple reports (section on the Netflow Processing page, for example, top by ip)
+In full netflow, the original port number is transmitted by default,
+therefore, protocol reports do not work. To activate encoding protocol information in the port number, enable the setting
+netflow_full_port_swap=1

Profile

Settings

Differences

Differences

What were you trying to find?