|
|
This chapter contains procedures describing how to install FlowCollector, configure it, and then validate that it is operating properly. This chapter is intended for network administrators, operators, and managers who want more insight into how FlowCollector operates, and more detailed instructions in the procedures.
This chapter includes information on the following topics:
FlowCollector is available for the following platforms:
FlowCollector requires at least 1 MB of disk space for its binary and configuration files.
FlowCollector generates output files containing aggregated data. These files require additional disk space; the exact amount depends on the flow arrival rate, collection interval, number of aggregation schemes specified, and data file retention policies.
For more information on planning and managing disk space usage, refer to the "Managing Disk Space" section in the chapter "Customizing FlowCollector," later in this guide.
FlowCollector is distributed on CD-ROM for the Solaris and HP-UX platforms. The installation process for both platforms consists of the following general tasks:
Whether you are installing on a Solaris platform or on an HP-UX platform, the FlowCollector installation script attempts to make the installation process as easy as possible by automatically handling certain kinds of new and upgrade installation issues.
For example, FlowCollector 2.0 requires that the value of the data size (maxdsiz) system tunable parameter in HP-UX Version 11.0 be set to at least 524288 KB for satisfactory FlowCollector 2.0 operation. If you attempt to install FlowCollector 2.0 on a workstation whose maxdsiz value is below 524288 KB, the FlowCollector 2.0 installation script checks the current value, detects that it doesn't match the recommended minimum value, displays the following message, and puts a similar message in the installation log file named nfc_install.log, which is located at /opt/CSCOnfc/logs when the installation process is complete.
ERROR: Existing datasize is "65536" The required datasize is at least "524288" System parameters validation failed. Please consult your system administrator or your system vendor technical support for information on changing the system parameters and rebuilding the kernel before running NetFlow FlowCollector
The HP-UX Version 11.0 default for maxdsiz is 65536. If the value of this parameter falls below the recommended minimum value of 524288 KB, you must change the value to 524288 KB and then rebuild your kernel.
The installation script also searches for files from a previously installed version of FlowCollector. If it detects a previously installed version, it preserves existing data and configuration files. (Preserving the configuration files retains any additions or changes to the FlowCollector resource definitions or parameter settings that you may have made while using the previously installed version of FlowCollector.) Later in the installation process, the installation script allows you to specify whether you want to use the existing configuration files, or use the new configuration files. Depending on your choice, the unused files are given an alternate file name suffix and saved in case you need them later.
The installation script also gives you the opportunity to keep existing log files or delete them along with other files from the earlier FlowCollector version. You can also specify alternate path names for the log files associated with the new FlowCollector version.
The following procedure shows an upgrade installation (FlowCollector 2.0 installed over a previously installed version of FlowCollector). If you are installing FlowCollector for the first time, the installation is basically the same as for an upgrade installation, but with fewer prompts from the installation script (because there are no files from a previously installed version of FlowCollector). The installation script prompts you for responses to any required steps.
To install FlowCollector on a Solaris platform, perform the following steps:
Step 1 Log in as root.
Step 2 Copy the NFC2_0.SOL.tar file from the distribution CD-ROM to a locally mounted directory such as /tmp on the workstation.
Step 3 Extract the FlowCollector files from the tar file.
Step 4 Run the installation script to begin the installation process. Answer all questions.
The installation script searches for any previously installed version of the FlowCollector.
If it detects a previously installed version, it prompts you to confirm that you want to delete the existing log files or leave them untouched:
If you enter y (yes), the installation script deletes the nfc.log file. If you enter n (no), the installation script does not delete the file.
The installation then repeats the prompt for the daemon log file:
The installation script then identifies the previously installed version of FlowCollector and prompts you to confirm that you want to delete the existing FlowCollector files. Enter y (yes).
The installation script deletes the files and path names associated with the previously installed version and signals the successful completion of the task:
The installation script begins installing the new version. The system prompts you to select the packaged to be installed. Press Return to accept the default.
The installation script begins processing the installation package. As part of the process, the installation script prompts you to confirm file permissions. Enter y (yes).
The installation script continues installing FlowCollector and signals when it has completed the task:
When the installation script has successfully completed the installation phase, it enters the post-installation setup phase.
During this phase, the installation script prompts you to select a method for handling FlowCollector configuration files. When you update to a new version of FlowCollector, your existing configuration files are not lost. The installation script gives you the opportunity to select how the old and new configuration files are handled. Unless your installation imposes special requirements, you should accept the default.
Next, the installation script offers you the opportunity to change the default path names for the FlowCollector log file and daemon log file. Unless your installation imposes special requirements, you should accept the default path names.
The record of this installation session is saved in /opt/CSCOnfc/logs/nfc_install.log.
The following procedure shows an upgrade installation (FlowCollector 2.0 installed over a previously installed version of the FlowCollector). If you are installing FlowCollector for the first time, the installation is basically the same as for an upgrade installation, but with fewer prompts from the installation script (because there are no files from a previously installed version of FlowCollector). The installation script prompts you for responses to any required steps.
To install FlowCollector over a previously installed version on an HP-UX platform, perform the following steps:
Step 1 Log in as root.
Step 2 Copy the NFC2_0.HP_11.tar file from the distribution CD-ROM to a locally mounted directory on the workstation.
Step 3 Extract the FlowCollector files from the tar file.
Step 4 Run the installation script to begin the preinstallation process. Answer all questions.
The installation script searches for any previously installed version of the FlowCollector. If it detects a previously installed version, it looks for log files associated with that version and prompts you to confirm that the log files can be deleted. If you want to remove the files, enter y (yes).
When the installation script has successfully removed the log files, it removes any other earlier FlowCollector files except configuration files and data files. This process takes approximately a minute. During the time that the installation script is removing files, it displays various progress information messages.
When the installation script has successfully removed the previous version, it begins installing the new version. This process takes approximately a minute. During the time that the installation script is extracting, copying, and installing files, it displays various progress information.
When the installation script has successfully completed the installation phase, it enters the post-installation setup phase.
During this phase, the installation script prompts you to select a method for handling FlowCollector configuration files. When you update to a new version of FlowCollector, your existing configuration files are not lost. The installation script gives you the opportunity to select how the old and new configuration files are handled. Unless your installation imposes special requirements, you should accept the default.
Next, the installation script offers you the opportunity to change the default path names for the FlowCollector log file and daemon log file. Unless your installation imposes special requirements, you should accept the default path names.
The record of this installation session is saved in /opt/CSCOnfc/logs/nfc_install.log.
Figure 3-1 shows the default FlowCollector directory structure created by the installation script.
Add the following environment variables to the startup files (.cshrc or .profile) of all users wanting to run the FlowCollector application. These environment variables identify the location of the FlowCollector directory structure and the nf.resources file:
For C shell users, the commands (using default installation values) are:
setenv NFC_DIR /opt/CSCOnfc setenv NFC_RESOURCEFILE $NFC_DIR/config/nf.resources
For Bourne or Korn shell users, the commands (using default installation values) are:
NFC_DIR=/opt/CSCOnfc; export NFC_DIR NFC_RESOURCEFILE=$NFC_DIR/config/nf.resources; export NFC_RESOURCEFILE
The nf.resources file contains the variables and corresponding path names used to configure your startup FlowCollector environment (see Table 3-1). The files identified in Table 3-1 are described in the chapter "Customizing FlowCollector," later in this guide.
| Variable | Default Path Name |
|---|---|
| NFC_CONFIGFILE | /opt/CSCOnfc/config/nfconfig.file |
| NFC_KNOWNPROTOCOLS | /opt/CSCOnfc/config/nfknown.protocols |
| NFC_KNOWNSRCPORTS | /opt/CSCOnfc/config/nfknown.srcports |
| NFC_KNOWNDSTPORTS | /opt/CSCOnfc/config/nfknown.dstports |
| NFC_KNOWNSRCASNS | /opt/CSCOnfc/config/nfknown.srcasns |
| NFC_KNOWNDSTASNS | /opt/CSCOnfc/config/nfknown.dstasns |
| NFC_LOG | /opt/CSCOnfc/config/nfc.log |
| NFCD_LOG | /opt/CSCOnfc/config/nfcd.log |
In addition to the path names, the nf.resources file also includes a number of parameters for tuning FlowCollector performance. For more information about the parameters in the nf.resources file, refer to the chapter "Customizing FlowCollector," later in this guide.
Because of the configuration differences between routers and switches, any detailed configuration description for either type of NetFlow export device is beyond the scope of this guide. At the broadest conceptual level, you need to perform the following types of configuration tasks on the export devices:
For information on Cisco IOS software features related to NetFlow services on Cisco 7500, 7200, and 7000 series routers, refer to the Cisco IOS Release 11.1(2) or later configuration guides and command references. For information on specific configuration commands, refer to the "NetFlow Switching Enhancements" feature module in the Release Note for Cisco IOS Release 11.1 CA and Feature Modules.
For information on software features related to MLS on Catalyst 5000 series switches, refer to the Multilayer Switching User Guide.
To run FlowCollector, you can be logged in as a user or as root.
To run FlowCollector, perform the following steps:
Step 1 Log in.
Step 2 Start the FlowCollector application.
FlowCollector runs as several processes:
To verify that FlowCollector is running properly, perform the following steps:
Step 1 Use the following command to display a table of FlowCollector statistics:
Step 2 Verify that the UDP ports that are expected to receive export data are receiving data.
In the example shown above, UDP port 9996 is collecting data, but UDP port 9995 is not.
Step 3 Check the $NFC_DIR/logs/nfc.log and $NFC_DIR/logs/nfcd.log files for error messages.
If you are receiving data on the FlowCollector UDP port and there are no error messages in the log files, FlowCollector is running properly. You should periodically monitor the $NFC_DIR/logs/nfc.log and $NFC_DIR/logs/nfcd.log files for error and warning messages.
To stop FlowCollector, perform the following steps:
Step 1 Log in.
Step 2 Use the following command to stop the FlowCollector application.
The remaining chapters and appendixes in this guide provide information on the following topics:
| For more information on... | Refer to ... |
|---|---|
| Using the NetFlow FlowCollector user interface (NFUI) to review application statistics and resource definitions--such as for threads, filters, and protocols, or to create and modify FlowCollector resource definitions | "Using the NetFlow FlowCollector User Interface" |
| Locating and understanding FlowCollector data files | "Understanding the FlowCollector Data File Format" |
| Customizing FlowCollector operation using thread, filter, and protocol definitions, lists of port and autonomous system numbers, and other FlowCollector configuration parameters | "Customizing FlowCollector" |
| Helpful information and procedures in case you encounter problems while using FlowCollector | "Troubleshooting" |
| NetFlow export datagram formats | "NetFlow Export Datagram Format" |
|
|