How-to – Configuring Ntopng to collect sFlow packets

Maybe you thought the same as I thought when I searched online for good ntopng tutorials : “damn, I’ll have to make my own”. Well, as I will have to install the whole setup myself again, I prefer write it here and share it with you.

Presentation

Just to clarify things before we put our hands in the dirt, ntopng is a netflow analyzer with a nice web-interface, that can get the traffic of its own interface. HOWEVER. It cannot work as a netflow collector too. That means that if you have a couple network devices on a WAN Network, and you want to know what kind of flows are going through your network, you will have to install a separate tool, which is also developped by the ntopng guys : nProbe. Sadly, this one is not free, and you will need a license to get it working in production environnement as the default-installation provides a 20K flows limit per nprobe thread, then it stops collecting them.

So to make it short, you will have to :

  • install ntopng and nprobe
  • configure your network devices to send net/sflow packets to ntopng server
  • configure nProbe to collect net/sflow packets and to stream them in JSON to ntopng
  • configure ntopng to listen for nProbe JSON streams

Continue reading

Advertisements

Really Awesome Network Config Differ Tricks we use to forget

Install Rancid

First install rancid via the repositories :

aptitude install rancid

Maybe it will not install the CVS dependency, if it is the case you can still install it later.

Most of files should be located in

/var/lib/rancid/

. Only the config file is located in

/etc/rancid/

The script files which are going to save your configs are located in the

../bin/

directory.

SAVE ALL THE CONFIGS!

Configure Router

Brocade

On Brocade devices, I strugeled at the beginning until I found out the problem was the SSH cryptographic method, and then that I needed the “skip-page-display” option set to get full config saved :

enable read-only-password anypassword
privilege exec level 5 skip-page-display
username rancid privilege 5 password yourpassword

Check that ssh access-list grants you access to the device.

JunOS

set system login class noc permissions view
set system login class noc permissions view-configuration
set system login user rancid authentication plain-text-password/encrypted-password
set system login user rancid class noc