|
|
This chapter describes how to install FlowCollector, configure it, and then validate that it is operating properly. This chapter includes the following sections:
FlowCollector operates with the following platforms:
FlowCollector requires at least 2 MB of disk space for its binary and configuration files.
FlowCollector generates output files containing aggregated data. These files require additional disk space; the exact amount depends on the flow arrival rate, collection interval, number of aggregation schemes specified, binary versus ASCII data file types, use of compression or not, and data file retention policies.
For more information on planning and managing disk space usage, see the "Managing Disk Space" section.
By default, FlowCollector 3.0 is installed in FlowCollector 2.0-compatible mode. This prevents potential problems with existing FlowCollector 2.0 installations. After installing FlowCollector, you can turn on all FlowCollector 3.0 features through the nf.resources file. See the "Modifying FlowCollector Resources" section for details on the NFC20_COMPATIBLE_MODE configuration parameter.
Four FlowCollector 3.0 features are not available with this default installation mode:
1. FlowCollector 3.0 filesready file. The new FORMAT identifier is not available. See the "Using the filesready File to Track Data Files" section.
2. FlowCollector 3.0 data file directory structure. The $NFC_DIR/Data/Thread ID subdirectory is not created. See the "Data File Directory Structure" section.
3. FlowCollector 3.0 MaxUsage parameter available in an NF_Thread. This parameter does not work in FlowCollector 2.0-compatible mode. See the "Creating a Thread" section.
4. FlowCollector 3.0 aggregation definitions in data files. Aggregation definitions do not appear in data files. See the "Aggregation Definition Format" section.
 | Caution FlowCollector 3.0 data files are created under a new directory structure. This could disable existing custom scripts that may be in use with your current FlowCollector installation. Thoroughly review your current FlowCollector configuration before turning off FlowCollector 2.0-compatible mode. |
FlowCollector is distributed on CD-ROM for the Solaris and HP-UX platforms. The installation process for both platforms consists of the following general tasks:
Whether you are installing on a Solaris platform or on an HP-UX platform, the FlowCollector installation script makes the installation process as easy as possible by automatically handling new and upgrade installation issues.
For example, FlowCollector requires that the value of the data size (maxdsiz) system tunable parameter in HP-UX Version 11.0 be set to at least 524288 KB for satisfactory FlowCollector operation. If you attempt to install FlowCollector on a workstation whose maxdsiz value is below 524288 KB, the FlowCollector installation script checks the current value, detects that it does not match the recommended minimum value, displays the following message, and puts a similar message in the installation log file named nfc_install.log, which is located at $NFC_DIR/logs when the installation process is complete.
ERROR: Existing datasize is "65536" The required datasize is at least "524288" System parameters validation failed, please consult your system administrator or your system vendor technical support for changing the system parameter(s) "maxdsiz" and rebuilding the kernel before running NetFlow FlowCollector.
The HP-UX Version 11.0 default for maxdsiz is 65536. If the value of this parameter falls below the recommended minimum value of 524288 KB, you must change the value to 524288 KB and then rebuild your kernel.
The installation script also searches for files from a previously installed version of FlowCollector. If it detects a previously installed version, it preserves existing data and configuration files. (Preserving the configuration files retains any additions or changes to the FlowCollector resource definitions or parameter settings that you may have made while using the previously installed version of FlowCollector.) Later in the installation process, the installation script allows you to specify whether you want to use the existing configuration files, or use the new configuration files. Depending on your choice, the unused files are given an alternative filename suffix and saved in case you need them later.
The installation script also gives you the opportunity to keep existing log files or delete them along with other files from the earlier FlowCollector version. You can also specify alternative path names for the log files associated with the new FlowCollector version.
The following procedure shows an upgrade installation. If you are installing FlowCollector for the first time, the installation is basically the same, but with fewer prompts from the installation script (because there are no files from a previously installed version of FlowCollector). The installation script prompts you for responses to any required steps.
To install FlowCollector on a Solaris platform, perform the following steps:
Step 1 Log in as root.
Step 2 Copy the NFC3_0.SOL.tar file from the distribution CD-ROM to a locally mounted directory such as /tmp on the workstation.
Step 3 Extract the FlowCollector files from the tar file.
# tar -xvf NFC3_0.SOL.tar
Step 4 Run the installation script to begin the installation process. Answer all questions.
# ./NFC3_0.setup.sh NFC3_0.SOL.Z ******************************************************************** NetFlow FlowCollector 3.0 Copyright (c) 1986-1999 by Cisco Systems, inc. All rights reserved ******************************************************************** Hit Return to continue...
The installation script searches for any previously installed version of FlowCollector.
Searching for existing copy of CSCOnfc Found previous copy of CSCOnfc
If it detects a previously installed version, it asks whether you want to delete the existing log files or leave them untouched. Enter y (yes).
Found existing log file /opt/CSCOnfc/logs/nfc.log Would you like to delete this log file? (y/n)? y
If you enter y (yes), the installation script deletes the nfc.log file. If you enter n (no), the installation script does not delete the file.
The installation then repeats the prompt for the Gateway log file:
Found existing log file /opt/CSCOnfc/logs/nfcgw.log Would you like to delete this log file? (y/n)? y
The installation script then identifies the previously installed version of FlowCollector and prompts you to confirm that you want to delete the existing FlowCollector files. Enter y (yes).
The following package is currently installed: CSCOnfcCisco NetFlow FlowCollector (Solaris2.5.1) 2.0 Do you want to remove this package? y
The installation script deletes the files and path names associated with the previously installed version and signals the successful completion of the task:
Removal of <CSCOnfc> was successful
The installation script begins installing the new version. The system prompts you to select the package to be installed. Press Return to accept the default.
... Starting FlowCollector 3.0 Install ... The following packages are available: 1CSCOnfcCisco NetFlow FlowCollector (Solaris2.5.1) 3.0 Select package(s) you wish to process (or `all' to process all packages).(default: all)[?,??,q]:<CR>
The installation script begins processing the installation package. As part of the process, the installation script prompts you to confirm file permissions. Enter y (yes).
The following files are being installed with setuid and/or setgid
permissions:
/opt/CSCOnfc/bin/.nfcleaner0 <setuid root>
/opt/CSCOnfc/bin/NFCGW <setuid root>
/opt/CSCOnfc/bin/NFCollector <setuid root>
Do you want to install these as setuid/setgid files [y,n,?,q] y
The installation script continues installing FlowCollector and signals when it has completed the task:
Installation of <CSCOnfc> was successful.
When the installation script has successfully completed the installation phase, it enters the postinstallation setup phase.
post installation setup ...
During this phase, the installation script prompts you to select a method for handling FlowCollector configuration files. When you update to a new version of FlowCollector, your existing configuration files are not lost. The installation script gives you the opportunity to select how the old and new configuration files are handled. Unless your installation imposes special requirements, accept the default and enter 1.
Please choose one of the following: (1)Install new default configuration files (Your existing configuration files will be saved with `.old' extensions should you want to refer to them later) (2)Retain existing configuration files (New default configuration files will be saved with `.default' extensions should you want to refer to them later) Please choose [1/2] [1]: 1 1 Installing new configuration files ... Saving existing configuration files with .old extensions in /opt/CSCOnfc/config ...
Next, the installation script offers you the opportunity to change the default path names for the FlowCollector log file and gateway log file. Unless your installation imposes special requirements, you should accept the default path names. Press Return to accept the default.
FlowCollector's log file is: /opt/CSCOnfc/logs/nfc.log Enter a new location+name (hit RETURN to continue)<CR> FlowCollector Gateway's log file is: /opt/CSCOnfc/logs/nfcgw.log Enter a new location+name (hit RETURN to continue)<CR>
Next, the installation script asks you if you want FlowCollector applications to start automatically when the system is initialized. This saves you the extra step of starting FlowCollector processes from the command line when the system is started.
Would you like the FlowCollector applications to be
automatically started when the system is initialized? (y/n)? y
Finally, the installation script tests system tunable parameters. This includes the maxdsiz parameter discussed in the "Installing FlowCollector" section. If an error is encountered, you are prompted to take appropriate action to fix the problem.
Checking system tunable parameters ...
Validation successful
.
.
.
FlowCollector 3.0 installation completed successfully.
The record of this installation session is saved in /opt/CSCOnfc/logs/nfc_install.log.
The following procedure shows an upgrade installation. If you are installing FlowCollector for the first time, the installation is basically the same as an upgrade installation, but with fewer prompts from the installation script (because there are no files from a previously installed version of FlowCollector). The installation script prompts you for responses to any required steps.
To install FlowCollector over a previously installed version on an HP-UX platform, perform the following steps:
Step 1 Log in as root.
Step 2 Copy the NFC3_0.HP_11.tar file from the distribution CD-ROM to a locally mounted directory on the workstation.
Step 3 Extract the FlowCollector files from the tar file.
# tar -xvf NFC3_0.HP_11.tar
Step 4 Run the installation script to begin the preinstallation process. Answer all questions.
# ./NFC3_0.setup.sh NFC3_0.HP_11.Z ******************************************************************** NetFlow FlowCollector 3.0 Copyright (c) 1986-1999 by Cisco Systems, inc. All rights reserved ******************************************************************** Hit Return to continue...
The installation script searches for any previously installed version of FlowCollector. If it detects a previously installed version, it looks for log files associated with that version and prompts you to confirm that the log files can be deleted. If you want to remove the files, enter y (yes).
Searching for existing copy of CSCOnfc... Found previous copy of CSCOnfc Found existing log file /opt/CSCOnfc/logs/nfc.log Would you like to delete this log file? (y/n)? y /opt/CSCOnfc/logs/nfc.log has been deleted Found existing log file /opt/CSCOnfc/logs/nfcgw.log Would you like to delete this log file (y/n)? y /opt/CSCOnfc/logs/nfcgw.log has been deleted invoking /usr/sbin/swremove utility...
When the installation script has successfully removed the log files, it removes any other earlier FlowCollector files except configuration files and data files. This process takes approximately a minute. During the time that the installation script is removing files, it displays various progress information messages.
======= 01/22/99 13:46:57 PDT BEGIN swremove SESSION (non-interactive) . . . ======= 01/22/99 13:47:06 PDT END swremove SESSION (non-interactive)
When the installation script has successfully removed the previous version, it begins installing the new version. This process takes approximately a minute. During the time that the installation script is extracting, copying, and installing files, it displays various progress information.
...Starting FlowCollector 3.0 Install .... . . . ======= 01/22/99 13:47:12 PDT BEGIN swcopy SESSION (non-interactive) . . . ======= 01/22/99 13:47:23 PDT END swcopy SESSION (non-interactive) ======= 01/22/99 13:47:24 PDT BEGIN swinstall SESSION (non-interactive)
. . . ======= 01/22/99 13:47:37 PDT END swinstall SESSION (non-interactive) . . .
When the installation script has successfully completed the installation phase, it enters the postinstallation setup phase.
post installation setup ...
During this phase, the installation script prompts you to select a method for handling FlowCollector configuration files. When you update to a new version of FlowCollector, your existing configuration files are not lost. The installation script gives you the opportunity to select how the old and new configuration files are handled. Unless your installation imposes special requirements, accept the default and enter 1.
Please choose one of the following: (1)Install new default configuration files (Your existing configuration files will be saved with `.old' extensions should you want to refer to them later) (2)Retain existing configuration files (New default configuration files will be saved with `.default' extensions should you want to refer to them later) Please choose [1/2] [1]: 1 1 Installing new configuration files ... Saving existing configuration files with .old extensions in /opt/CSCOnfc/config ...
Next, the installation script offers you the opportunity to change the default path names for the FlowCollector log file and gateway log file. Unless your installation imposes special requirements, you should accept the default path names. Press Return to accept the default.
FlowCollector's log file is: /opt/CSCOnfc/logs/nfc.log Enter a new location+name (hit RETURN to continue)<CR> FlowCollector Gateway's log file is: /opt/CSCOnfc/logs/nfcgw.log Enter a new location+name (hit RETURN to continue)<CR>
Next, the installation script asks you if you want FlowCollector applications to start automatically when the system is initialized. This saves you the extra step of starting FlowCollector processes from the command line when the system is started.
Would you like the FlowCollector applications to be
automatically started when the system is initialized? (y/n)? y
Finally, the installation script tests system tunable parameters. This includes the maxdsiz parameter discussed in the "Installing FlowCollector" section. If an error is encountered, you are prompted to take appropriate action to fix the problem.
Checking system tunable parameters ...
Validation successful
.
.
.
FlowCollector 3.0 installation completed successfully.
The record of this installation session is saved in /opt/CSCOnfc/logs/nfc_install.log.
Figure 2-1 shows the default FlowCollector directory structure created by the installation script.
Add the following environment variables to the startup files (.cshrc or .profile) of all users wanting to run the FlowCollector application. These environment variables identify the location of the FlowCollector directory structure and the nf.resources file:
For C shell users, the commands (using default installation values) are:
setenv NFC_DIR /opt/CSCOnfc setenv NFC_RESOURCEFILE $NFC_DIR/config/nf.resources
For Bourne or Korn shell users, the commands (using default installation values) are:
NFC_DIR=/opt/CSCOnfc; export NFC_DIR NFC_RESOURCEFILE=$NFC_DIR/config/nf.resources; export NFC_RESOURCEFILE
The nf.resources file contains the variables and corresponding path names used to configure your startup FlowCollector environment (see Table 2-1). The files identified in Table 2-1 are described in "Customizing FlowCollector."
| Variable | Default Path Name |
|---|---|
$NFC_DIR/config/nfconfig.file | |
$NFC_DIR/config/nfknown.protocols | |
$NFC_DIR/config/nfknown.srcports | |
$NFC_DIR/config/nfknown.dstports | |
$NFC_DIR/config/nfknown.srcasns | |
$NFC_DIR/config/nfknown.dstasns | |
$NFC_DIR/config/nfc.log | |
NFCGW_LOG | $NFC_DIR/config/nfcgw.log |
In addition to the path names, the nf.resources file also includes a number of parameters for tuning FlowCollector performance. For more information about the parameters in the nf.resources file, see "Customizing FlowCollector."
Because of the configuration differences between routers and switches, any detailed configuration description for either type of NetFlow export device is beyond the scope of this guide. At the broadest conceptual level, you need to perform the following types of configuration tasks on the export devices:
For information on Cisco IOS software features related to NetFlow services on Cisco routers, refer to the Cisco IOS software configuration guides and command references. For information on specific configuration commands for Cisco Catalyst 5000 series switches, refer to the "NetFlow Switching Enhancements" feature module in Cisco IOS release notes and feature modules.
For information on software features related to MLS on Catalyst 5000 series switches, refer to the Catalyst 5000 Series Multilayer Switching User Guide.
To run FlowCollector, you can be logged in as a user or as root.
To run FlowCollector, perform the following steps:
Step 1 Log in.
Step 2 Start the FlowCollector application. Enter the following command:
$ $NFC_DIR/bin/nfcollector start all
FlowCollector runs as several processes. This command also starts the FlowCollector Daemon if it is not already running. See the "FlowCollector Architectural Overview" section for details on these processes.
To verify that FlowCollector is running properly, perform the following steps.
Step 1 To display a table of FlowCollector statistics, enter the following command:
$ $NFC_DIR/bin/NFUI -s 10.Retrieve application stats FlowCollector has been up since Wed May 20 13:56:49 1999 PortPackets rcvd(wrap)Records(wrap)DiscardedMissed Recs(wrap) ------------------------------------------------------------- 99950(0)0(0)00(0) 999670748(0)2122440(0)00(0)
Step 2 Verify that the UDP ports that are expected to receive export data are receiving data.
In the example shown above, UDP port 9996 is collecting data, but UDP port 9995 is not.
Step 3 Check the $NFC_DIR/logs/nfc.log and $NFC_DIR/logs/nfcd.log files for error messages.
If you are receiving data on the FlowCollector UDP port and there are no error messages in the log files, FlowCollector is running properly. You should periodically monitor the $NFC_DIR/logs/nfc.log and $NFC_DIR/logs/nfcd.log files for error and warning messages.
To stop FlowCollector, perform the following steps:
Step 1 Log in.
Step 2 Enter the following command to stop the FlowCollector application.
# $NFC_DIR/bin/nfcollector stop all
Stop the FlowCollector Daemon using one of two commands. Keep in mind that each command has a different effect on the FlowCollector workstation. To stop the FlowCollector Daemon and all processes that the Daemon started, enter the following command:
# $NFC_DIR/bin/nfcollector stop nfcd
To stop the Daemon and all other FlowCollector processes, enter the following command:
# $NFC_DIR/bin/nfcollector clean
| Caution The nfcollector clean command does not "gracefully" stop the system. Any and all FlowCollector functions cease immediately. This includes flow collection and data file creation. Use this command with caution. |
Posted: Fri Jul 9 11:03:20 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.