Cisco CNS Netflow Collection Engine Installation and Configuration Guide, 3.5
Installing and Configuring FlowCollector
Download this chapter
Installing and Configuring FlowCollectorInstalling and Configuring FlowCollector
give_us_feedback

Table Of Contents

Installing and Configuring FlowCollector

Verifying System Requirements

Understanding Installation Modes

Installing FlowCollector

Installing on a Solaris Platform

Installing on an HP-UX Platform

Default FlowCollector File Hierarchy

Setting UNIX Environment Variables

Enabling NetFlow Data Export

Starting FlowCollector

Verifying That FlowCollector Is Running

Stopping FlowCollector

Stopping the FlowCollector Daemon


Installing and Configuring FlowCollector

This chapter describes how to install FlowCollector, configure it, and then validate that it is operating properly. This chapter includes the following sections:

Verifying System Requirements

Understanding Installation Modes

Installing FlowCollector

Setting UNIX Environment Variables

Enabling NetFlow Data Export

Starting FlowCollector

Verifying That FlowCollector Is Running

Stopping FlowCollector

Stopping the FlowCollector Daemon

Verifying System Requirements

FlowCollector operates with the following platforms:

Solaris-Version 2.5.1 or 2.6. A minimum of an Ultra-1 workstation is recommended with at least 128 MB RAM, 512 MB of swap space, and 4 GB of disk space.

HP-UX, Version 11i (32-bit and 64-bit are supported). A minimum of a Class C workstation is recommended with at least 128 MB RAM, 512 MB of swap space, and 4 GB of disk space.

Note To prevent NetFlow data export packet loss, the workstation should be dedicated to the NetFlow data export device (router or switch) and should not be running other applications.

FlowCollector requires at least 2 MB of disk space for its binary and configuration files.

FlowCollector generates output files containing aggregated data. These files require additional disk space; the exact amount depends on the flow arrival rate, collection interval, number of aggregation schemes specified, binary versus ASCII data file types, use of compression or not, and data file retention policies.

For more information on planning and managing disk space usage, see the "Managing Disk Space" section on page 5-37.

Understanding Installation Modes

By default, FlowCollector 3.5 is installed in FlowCollector 2.0-compatible mode. This prevents potential problems with existing FlowCollector 2.0 installations. After installing FlowCollector, you can turn on all FlowCollector 3.5 features through the nf.resources file. See the "Modifying FlowCollector Resources" section on page 5-29 for details on the NFC20_COMPATIBLE_MODE configuration parameter.

Four FlowCollector 3.5 features are not available with this default installation mode:

1. FlowCollector 3.5 files ready file. The new FORMAT identifier is not available. See the "Using the filesready File to Track Data Files" section.

2. FlowCollector 3.5 data file directory structure. The $NFC_DIR/Data/Thread ID subdirectory is not created. See the "Data File Directory Structure" section.

3. FlowCollector 3.5 MaxUsage parameter available in an NF_Thread. This parameter does not work in FlowCollector 2.0-compatible mode. See the "Creating a Thread" section on page 5-8.

4. FlowCollector 3.5 aggregation definitions in data files. Aggregation definitions do not appear in data files. See the "Aggregation Definition Format" section.

Caution FlowCollector 3.5 data files are created under a new directory structure. This could disable existing custom scripts that may be in use with your current FlowCollector installation. Thoroughly review your current FlowCollector configuration before turning off FlowCollector 2.0-compatible mode.

Installing FlowCollector

FlowCollector is distributed on CD-ROM for the Solaris and HP-UX platforms. The installation process for both platforms consists of the following general tasks:

Identify a locally mounted partition, such as /tmp, that you can use to hold the FlowCollector tar file when you transfer it from the distribution CD-ROM.

Note Before you copy the FlowCollector tar file, you should verify that the locally mounted partition you plan to use contains at least 2 MB of free disk space. This partition must be large enough to hold the tar file, the files extracted from the tar file, and the temporary work files created by the installation script while it is installing FlowCollector.

Copy the appropriate tar file from the FlowCollector distribution CD-ROM.

Extract the FlowCollector files from the tar file.

Start the installation script.

Whether you are installing on a Solaris platform or on an HP-UX platform, the FlowCollector installation script makes the installation process as easy as possible by automatically handling new and upgrade installation issues.

For example, FlowCollector requires that the value of the data size (maxdsiz) system tunable parameter in HP-UX Version 11.0 be set to at least 524,288 KB for satisfactory FlowCollector operation. If you attempt to install FlowCollector on a workstation whose maxdsiz value is below 524,288 KB, the FlowCollector installation script checks the current value, detects that it does not match the recommended minimum value, displays the following message, and puts a similar message in the installation log file named nfc_install.log, which is located at $NFC_DIR/logs when the installation process is complete. 

ERROR: Existing datasize is "65536" 

The required datasize is at least "524288" 

System parameters validation failed, please consult 

your system administrator or your system vendor technical

support for changing the system parameter(s) "maxdsiz" 

and rebuilding the kernel before running NetFlow FlowCollector.

The HP-UX Version 11.0 default for maxdsiz is 65536. If the value of this parameter falls below the recommended minimum value of 524,288 KB, you must change the value to 524,288 KB and then rebuild your kernel.

Note The process of changing this system tunable parameter value and rebuilding the kernel is beyond the scope of this document. For information or help, you should refer to the documentation that came with your workstation, contact your system administrator, or contact your workstation vendor's technical support organization.

The installation script also searches for files from a previously installed version of FlowCollector. If it detects a previously installed version, it preserves existing data and configuration files (preserving the configuration files retains any additions or changes to the FlowCollector resource definitions or parameter settings that you may have made while using the previously installed version of FlowCollector.) Later in the installation process, the installation script allows you to specify whether you want to use the existing configuration files, or use the new configuration files. Depending on your choice, the unused files are given an alternative filename suffix and saved in case you need them later.

The installation script also gives you the opportunity to keep existing log files or delete them along with other files from the earlier FlowCollector version. You can also specify alternative path names for the log files associated with the new FlowCollector version.

Note If the installation script does not find files from a previously installed version of FlowCollector, the installation is a first-time installation and is basically the same as for an upgrade installation, but with fewer prompts from the installation script. The installation script prompts you for responses to any required steps.

Installing on a Solaris Platform

The following procedure shows an upgrade installation. If you are installing FlowCollector for the first time, the installation is basically the same, but with fewer prompts from the installation script (because there are no files from a previously installed version of FlowCollector). The installation script prompts you for responses to any required steps.

Note During an upgrade installation, existing configuration files and data files are detected and you are given the option of saving them with a .old extension.

To install FlowCollector on a Solaris platform, perform the following steps:

Step 1 Log in as root.

Step 2 Copy the NFC-solaris-standard-X-Y.tar file from the distribution CD-ROM to a locally mounted directory such as /tmp on the workstation.

Note Replace the X and Y in the tar file name with the major and minor software release number.

Step 3 Extract the FlowCollector files from the tar file.

# tar -xvf NFC-solaris-standard-X-Y.tar

Step 4 Run the installation script to begin the installation process. Answer all questions.

# ./NFC_setup.sh NFC.solaris.Z 

********************************************************************

                  NetFlow FlowCollector 3.5

       Copyright (c) 1986-1999 by Cisco Systems, inc.

                    All rights reserved

********************************************************************




Hit Return to continue...

The installation script searches for any previously installed version of FlowCollector. 

Searching for existing copy of CSCOnfc

Found previous copy of CSCOnfc

If it detects a previously installed version, it asks whether you want to delete the existing log files or leave them untouched. Enter y (yes). 

Found existing log file /opt/CSCOnfc/logs/nfc.log

Would you like to delete this log file? (y/n)? y

If you enter y (yes), the installation script deletes the nfc.log file. If you enter n (no), the installation script does not delete the file.

The installation then repeats the prompt for the Gateway log file (nfcgw.log): 

Found existing log file /opt/CSCOnfc/logs/nfcgw.log

Would you like to delete this log file? (y/n)? y

The installation script then identifies the previously installed version of FlowCollector and prompts you to confirm that you want to delete the existing FlowCollector files. Enter y (yes). 

The following package is currently installed:

  CSCOnfc        Cisco NetFlow FlowCollector

             (Solaris2.5.1) 2.0


Do you want to remove this package? y

The installation script deletes the files and path names associated with the previously installed version and signals the successful completion of the task: 

Removal of <CSCOnfc> was successful

The installation script begins installing the new version. The system prompts you to select the package to be installed. Press Return to accept the default. 

... Starting FlowCollector 3.5 Install ...


The following packages are available:

1 CSCOnfc      Cisco NetFlow FlowCollector

       (Solaris2.5.1) 3.5


Select package(s) you wish to process (or `all' to process

all packages). (default: all) [?,??,q]:<CR>

The installation script begins processing the installation package. As part of the process, the installation script prompts you to confirm file permissions. Enter y (yes). 

The following files are being installed with setuid and/or setgid permissions:                                                                    

   /opt/CSCOnfc/bin/.nfcleaner0 <setuid root> 

   /opt/CSCOnfc/bin/NFCGW <setuid root> 

   /opt/CSCOnfc/bin/NFCollector <setuid root> 


Do you want to install these as setuid/setgid files [y,n,?,q] y

The installation script continues installing FlowCollector and signals when it has completed the task: 

Installation of <CSCOnfc> was successful.

When the installation script has successfully completed the installation phase, it enters the post installation setup phase. 

post installation setup ...

During this phase, the installation script prompts you to select a method for handling FlowCollector configuration files. When you update to a new version of FlowCollector, your existing configuration files are not lost. The installation script gives you the opportunity to select how the old and new configuration files are handled. Unless your installation imposes special requirements, accept the default and enter 1. 

Please choose one of the following:

(1) Install new default configuration files

   (Your existing configuration files will be saved with `.old'

   extensions should you want to refer to them later)


(2) Retain existing configuration files

   (New default configuration files will be saved with `.default'

   extensions should you want to refer to them later)


Please choose [1/2] [1]: 1

1

Installing new configuration files ...


Saving existing configuration files with .old extensions 

in /opt/CSCOnfc/config ...

Note The configuration files provided with FlowCollector 3.5 contain several new configuration parameters that are not available under FlowCollector 1.0/2.0. If you decide to retain the configuration files (option 2) from the previously installed version, you may want to add these new configuration parameters and their values to your existing configuration files after you are finished with the installation process. That way you have access to the new features that these configuration parameters control.

Next, the installation script offers you the opportunity to change the default path names for the FlowCollector log file and gateway log file. Unless your installation imposes special requirements, you should accept the default path names. Press Return to accept the default. 

FlowCollector's log file is: /opt/CSCOnfc/logs/nfc.log

Enter a new location+name (hit RETURN to continue)<CR>


FlowCollector Gateway's log file is: /opt/CSCOnfc/logs/nfcgw.log


Enter a new location+name (hit RETURN to continue)<CR>

Next, the installation script asks you if you want FlowCollector applications to start automatically when the system is initialized. This saves you the extra step of starting FlowCollector processes from the command line when the system is started. 

Would you like the FlowCollector applications to be 

automatically started when the system is initialized?  (y/n)? y

Finally, the installation script tests system tunable parameters. This includes the maxdsiz parameter discussed in the "Installing FlowCollector" section. If an error is encountered, you are prompted to take appropriate action to fix the problem. 

Checking system tunable parameters ... 


Validation successful

.

.

.

FlowCollector 3.5 installation completed successfully.

The record of this installation session is saved in /opt/CSCOnfc/logs/nfc_install.log.

Installing on an HP-UX Platform

The following procedure shows an upgrade installation. If you are installing FlowCollector for the first time, the installation is basically the same as an upgrade installation, but with fewer prompts from the installation script (because there are no files from a previously installed version of FlowCollector). The installation script prompts you for responses to any required steps.

Note During an upgrade installation, existing configuration files and data files are detected and you are given the option of saving them with a .old extension.

To install FlowCollector over a previously installed version on an HP-UX platform, perform the following steps:

Step 1 Log in as root.

Step 2 Copy the NFC-hpux-standard-X-Y.tar file from the distribution CD-ROM to a locally mounted directory on the workstation.

Step 3 Extract the FlowCollector files from the tar file. 

# tar -xvf NFC-hpux-standard-X-Y.tar

Step 4 Run the installation script to begin the preinstallation process. Answer all questions. 

# ./NFC_setup.sh NFC.hpux.Z 


********************************************************************

                    NetFlow FlowCollector 3.5

             Copyright (c) 1986-1999 by Cisco Systems, inc.

                      All rights reserved

********************************************************************


Hit Return to continue...

The installation script searches for any previously installed version of FlowCollector. If it detects a previously installed version, it looks for log files associated with that version and prompts you to confirm that the log files can be deleted. If you want to remove the files, enter y (yes). 

Searching for existing copy of CSCOnfc...


Found previous copy of CSCOnfc

Found existing log file /opt/CSCOnfc/logs/nfc.log

Would you like to delete this log file? (y/n)? y


/opt/CSCOnfc/logs.nfc.log has been deleted


Found existing log file /opt/CSCOnfc/logs/nfcgw.log

Would you like to delete this log file (y/n)? y


/opt/CSCOnfc/logs/nfcgw.log has been deleted

invoking /usr/sbin/swremove utility...

When the installation script has successfully removed the log files, it removes any other earlier FlowCollector files except configuration files and data files. This process takes approximately a minute. During the time that the installation script is removing files, it displays various progress information messages. 

=======  01/22/99 13:46:57 PDT  BEGIN swremove SESSION (non-interactive)

.

.

.

=======  01/22/99 13:47:06 PDT END swremove SESSION (non-interactive)

When the installation script has successfully removed the previous version, it begins installing the new version. This process takes approximately a minute. During the time that the installation script is extracting, copying, and installing files, it displays various progress information. 

...Starting FlowCollector 3.5 Install ....

.

.

.

=======  01/22/99 13:47:12 PDT  BEGIN swcopy SESSION (non-interactive)

.

.

.

=======  01/22/99 13:47:23 PDT  END swcopy SESSION (non-interactive)


=======  01/22/99 13:47:24 PDT  BEGIN swinstall SESSION (non-interactive)

.

.

.

=======  01/22/99 13:47:37 PDT  END swinstall SESSION (non-interactive)

.

.

.

When the installation script has successfully completed the installation phase, it enters the post installation setup phase. 

post installation setup ...

During this phase, the installation script prompts you to select a method for handling FlowCollector configuration files. When you update to a new version of FlowCollector, your existing configuration files are not lost. The installation script gives you the opportunity to select how the old and new configuration files are handled. Unless your installation imposes special requirements, accept the default and enter 1. 

Please choose one of the following:

(1) Install new default configuration files

    (Your existing configuration files will be saved with `.old'

    extensions should you want to refer to them later)

(2) Retain existing configuration files

    (New default configuration files will be saved with `.default'

    extensions should you want to refer to them later)


Please choose [1/2] [1]: 1

1

Installing new configuration files ...


Saving existing configuration files with .old extensions 

in /opt/CSCOnfc/config ...

Note The configuration files provided with FlowCollector 3.5 contain several new configuration parameters that are not available under FlowCollector 1.0/2.0. If you decide to retain the configuration files (Option 2) from the previously installed version, you may want to add these configuration parameters and their values to your existing configuration files after you are finished with the installation process. That way you have access to the new features that these configuration parameters control.

Next, the installation script offers you the opportunity to change the default path names for the FlowCollector log file and gateway log file. Unless your installation imposes special requirements, you should accept the default path names. Press Return to accept the default. 

FlowCollector's log file is: /opt/CSCOnfc/logs/nfc.log

Enter a new location+name (hit RETURN to continue)<CR>


FlowCollector Gateway's log file is: /opt/CSCOnfc/logs/nfcgw.log

Enter a new location+name (hit RETURN to continue)<CR>

Next, the installation script asks you if you want FlowCollector applications to start automatically when the system is initialized. This saves you the extra step of starting FlowCollector processes from the command line when the system is started. 

Would you like the FlowCollector applications to be 

automatically started when the system is initialized?  (y/n)? y

Finally, the installation script tests system tunable parameters. This includes the maxdsiz parameter discussed in the "Installing FlowCollector" section. If an error is encountered, you are prompted to take appropriate action to fix the problem. 

Checking system tunable parameters ... 


Validation successful                                                         


.

.

.

FlowCollector 3.5 installation completed successfully.

The record of this installation session is saved in /opt/CSCOnfc/logs/nfc_install.log.

Default FlowCollector File Hierarchy

Figure 2-1 shows the default FlowCollector directory structure created by the installation script.

Figure 2-1 Default FlowCollector File Hierarchy

Setting UNIX Environment Variables

Add the following environment variables to the startup files (.cshrc or .profile) of all users wanting to run the FlowCollector application. These environment variables identify the location of the FlowCollector directory structure and the nf.resources file:

Set NFC_DIR to /opt/CSCOnfc

Set NFC_RESOURCEFILE to $NFC_DIR/config/nf.resources

For C shell users, the commands (using default installation values) are: 

setenv NFC_DIR /opt/CSCOnfc

setenv NFC_RESOURCEFILE $NFC_DIR/config/nf.resources

For Bourne or Korn shell users, the commands (using default installation values) are: 

NFC_DIR=/opt/CSCOnfc; export NFC_DIR

NFC_RESOURCEFILE=$NFC_DIR/config/nf.resources; export NFC_RESOURCEFILE

The nf.resources file contains the variables and corresponding path names used to configure your startup FlowCollector environment (see Table 2-1). The files identified in Table 2-11 are described in Chapter 5, "Customizing FlowCollector."

Table 2-1 nf.resources Variables 

Variable
Default Path Name

NFC_CONFIGFILE

$NFC_DIR/config/nfconfig.file

NFC_KNOWNPROTOCOLS

$NFC_DIR/config/nfknown.protocols

NFC_KNOWNSRCPORTS

$NFC_DIR/config/nfknown.srcports

NFC_KNOWNDSTPORTS

$NFC_DIR/config/nfknown.dstports

NFC_KNOWNSRCASNS

$NFC_DIR/config/nfknown.srcasns

NFC_KNOWNDSTASNS

$NFC_DIR/config/nfknown.dstasns

NFC_LOG

$NFC_DIR/config/nfc.log

NFCGW_LOG

$NFC_DIR/config/nfcgw.log


In addition to the path names, the nf.resources file also includes a number of parameters for tuning FlowCollector performance. For more information about the parameters in the nf.resources file, see Chapter 5, "Customizing FlowCollector."

Enabling NetFlow Data Export

Because of the configuration differences between routers and switches, any detailed configuration description for either type of NetFlow export device is beyond the scope of this guide. At the broadest conceptual level, you need to perform the following types of configuration tasks on the export devices:

Enable NetFlow services on Cisco routers; enable Multilayer Switching (MLS) on Catalyst 5000 series switches equipped with an NFFC.

Specify the IP address and the UDP port number used to identify FlowCollector as the receiver of exported NetFlow data. In a default FlowCollector installation, UDP ports 9995 and 9996 are automatically configured as the UDP ports FlowCollector uses to receive NetFlow exported data.

Enable NetFlow data export.

For information on Cisco IOS software features related to NetFlow services on Cisco routers, refer to the Cisco IOS software configuration guides and command references. For information on specific configuration commands for Cisco Catalyst 5000 series switches, refer to the "NetFlow Switching Enhancements" feature module in Cisco IOS release notes and feature modules.

For information on software features related to MLS on Catalyst 5000 series switches, refer to the Catalyst 5000 Series Multilayer Switching User Guide.

Starting FlowCollector

To start FlowCollector, you can be logged in as a normal user or as root. To run FlowCollector, perform the following steps:

Step 1 Log in.

Step 2 To start the FlowCollector application, enter the following command:

$   $NFC_DIR/bin/nfcollector start all

FlowCollector runs as several processes. This command also starts the FlowCollector Daemon if it is not already running. See the "FlowCollector Architectural Overview" section on page 1-5 for details about these processes.

Note Typically, FlowCollector is started and allowed to run until there is some reason to stop it. The NFUI is separate from FlowCollector and dependent on FlowCollector for current application statistics and resource definitions-such as for threads, filters, and protocols. Once FlowCollector is running, anyone can start the NFUI and use it to review application statistics and resource definitions. However, you cannot create or modify FlowCollector resource definitions while FlowCollector is running. For more information about the NFUI, see Chapter 3, "Using the FlowCollector User Interface."

Verifying That FlowCollector Is Running

To verify that FlowCollector is running properly, perform the following steps.

Step 1 To display a table of FlowCollector statistics, enter the following command:

$    $NFC_DIR/bin/NFUI -s 

10. Retrieve application stats

FlowCollector has been up since Wed May 20 13:56:49 1999


Port    Packets rcvd(wrap)    Records(wrap)    Discarded  Missed Recs(wrap)

----    ------------------    -------------    ---------  -----------------

9995                  0(0)             0(0)            0               0(0)


9996              70748(0)       2122440(0)            0               0(0)

Note The statistics are listed according to the UDP port numbers on which FlowCollector is expecting NetFlow data. In a default FlowCollector installation, UDP ports 9995 and 9996 are automatically configured as the UDP ports FlowCollector uses to receive NetFlow exported data. You can define other UDP port numbers (see the "Creating a Thread" section on page 5-8.

Step 2 Verify that the UDP ports that are expected to receive export data are receiving data.

In the example shown above, UDP port 9996 is collecting data, but UDP port 9995 is not.

Step 3 Check the $NFC_DIR/logs/nfc.log and $NFC_DIR/logs/nfcd.log files for error messages.

If you are receiving data on the FlowCollector UDP port and there are no error messages in the log files, FlowCollector is running properly. You should periodically monitor the $NFC_DIR/logs/nfc.log and $NFC_DIR/logs/nfcd.log files for error and warning messages.

Stopping FlowCollector

To stop FlowCollector, perform the following steps:

Step 1 Log in.

Step 2 Enter the following command to stop the FlowCollector application. 

# $NFC_DIR/bin/nfcollector stop all

Note To stop FlowCollector, you must be logged in as root or the user who started this FlowCollector session. This command does not stop the FlowCollector Daemon.

Stopping the FlowCollector Daemon

Stop the FlowCollector Daemon using one of two commands. Keep in mind that each command has a different effect on the FlowCollector workstation. To stop the FlowCollector Daemon and all processes that the Daemon started, enter the following command: 

# $NFC_DIR/bin/nfcollector stop nfcd

To stop the Daemon and all other FlowCollector processes, enter the following command: 

# $NFC_DIR/bin/nfcollector clean
Caution The nfcollector clean command does not gracefully stop the system. Any and all FlowCollector functions cease immediately. This includes flow collection and data file creation. Use this command with caution.