NetFlow Collector Installation and Configuration Guide - Configuring the Cisco NetFlow Collector [Cisco NetFlow Collection Engine]

Table Of Contents

Configuring the Cisco NetFlow Collector

Required Patches and Software Packages

UNIX Environment Variables

Enabling NetFlow Data Export

Starting the Cisco NetFlow Collector

Verifying That Cisco NetFlow Collector Is Running

NetFlow Collector Configuration Files

Browser Requirements

Starting the Cisco NetFlow Collector User Interface

Stopping Cisco NetFlow Collector

Updating JRE Time Zone Data

Configuring the Cisco NetFlow Collector

This chapter describes how to configure the Cisco NetFlow Collector application and then validate that it is operating properly.

This chapter includes the following sections:

•Required Patches and Software Packages

•UNIX Environment Variables

•Enabling NetFlow Data Export

•Starting the Cisco NetFlow Collector

•Verifying That Cisco NetFlow Collector Is Running

•NetFlow Collector Configuration Files

•Browser Requirements

•Starting the Cisco NetFlow Collector User Interface

•Stopping Cisco NetFlow Collector

•Updating JRE Time Zone Data

Required Patches and Software Packages

Solaris Platform

Prior to running Cisco NetFlow Collector on the Solaris platform, the latest Recommended Patch Cluster for the release should be installed.

Solaris patches can be downloaded at http://sunsolve.sun.com/.

Red Hat Enterprise Linux Platform

Prior to running Cisco NetFlow Collector on Red Hat Enterprise Linux platform, you must install the the following packages :

•The X Windows package must be installed for the web-based user interface to function properly. This is part of the default system configuration when Red Hat Enterprise Linux is installed; otherwise refer to Red Hat Enterprise Linux documentation for further instructions.

•For Red Hat Enterprise 3 and 4, you must ensure that the compat-libstdc++ RPM is installed on the system. This RPM is included in the Red Hat Enterprise distribution CDs.

UNIX Environment Variables

In releases prior to version 5.0, the Cisco NetFlow Collector Installation Guide recommended setting a number of environment variables, such as NFC_DIR and NFC_RESOURCEFILE. These settings should be removed from the environment for this release prior to installing and running Cisco NetFlow Collector. The environment is automatically determined by startup scripts in the 6.0 release.

Enabling NetFlow Data Export

Because of the configuration differences between routers and switches, any detailed configuration description for either type of NetFlow export device is beyond the scope of this guide. At the broadest conceptual level, you must perform the following types of configuration tasks on the export devices:

•Enable NetFlow services on Cisco routers; enable Multilayer Switching (MLS) on Catalyst 5000 series switches equipped with an NFFC.

•Specify the IP address and the UDP or SCTP port number used to identify Cisco NetFlow Collector as the receiver of exported NetFlow data. For information on configuring the UDP ports that Cisco NetFlow Collector uses to receive NetFlow exported data, refer to the "Creating an Aggregator" section in the Cisco NetFlow Collector User Guide.

•Enable NetFlow data export.

For information on Cisco IOS software features related to NetFlow services on Cisco routers, see the Cisco IOS software configuration guides and command references.

For information on specific configuration commands for Cisco Catalyst 5000 series switches, see the "NetFlow Switching Enhancements" feature module in Cisco IOS release notes and feature modules.

For information on software features related to MLS on Catalyst 5000 series switches, see the Catalyst 5000 Series Multilayer Switching User Guide.

Starting the Cisco NetFlow Collector

To start Cisco NetFlow Collector, perform the following steps:

Step 1 Log in as the user specified during installation. Refer to the "Installing NetFlow Collector" section on page 2-3.

Step 2 Enter the following command:
/opt/CSCOnfc/bin/nfcollector start all 
Cisco NetFlow Collector runs as several processes. See the "Cisco NetFlow Collector Architectural Overview" section on page 1-5 for details about these processes.

In most cases, NFC is configured during installation to be started automatically by the system when the host reboots. When this is the case, startup scripts are placed in the file /etc/rc*d.

Verifying That Cisco NetFlow Collector Is Running

To verify that Cisco NetFlow Collector is running properly, perform the following steps.

Step 1 To display a table of Cisco NetFlow Collector statistics, use the web-based user interface as described in the "Status" section of the Cisco NetFlow Collector User Guide.

Step 2 Verify that the UDP and/or SCTP ports that are expected to receive export data are receiving data. The status page of the web UI should indicate that flows are being received.

Step 3 Check log files in /opt/CSCOnfc/logs/nfc.logs for error messages.

If you are receiving data and there are no error messages in the log files, Cisco NetFlow Collector is running properly.

You should periodically monitor the log files for error and warning messages.

NetFlow Collector Configuration Files

Table 3-1 displays all of the configuration files used by Cisco NetFlow Collector.

Table 3-1 Cisco NetFlow Collector Configuration Files

File

Directory

Description

nfcmem

/opt/CSCOnfc/config

Memory limits for each collector process.

nfc-config.xml

/opt/CSCOnfc/config

Collector configuration file for the user-specified configuration.

nfc-config-predefined.xml

/opt/CSCOnfc/config

Collector configuration file of predefined configuration. You should never modify this file.

nfcbgp.xml

/opt/CSCOnfc/config

BGP peer configuration file.

nfcre.xml

/opt/CSCOnfc/config

Report generator configuration file.

nfcpw.xml

/opt/CSCOnfc/config

Process watcher configuration file.

nfcifname.xml

/opt/CSCOnfc/config

SNMP interface name mapping configuration file.

nfc-log4j.properties

/opt/CSCOnfc/config

Logging properties file for collector.

nfcweb-log4j.properties

/opt/CSCOnfc/config

Logging properties file for the web-based UI.

nfcpw-log4j.properties

/opt/CSCOnfc/config

Logging properties file for the process watcher.

nfcre-log4j.properties

/opt/CSCOnfc/config

Logging properties file for the report generator (scheduled reports).

nfcrd-log4j.properties

/opt/CSCOnfc/config

Logging properties file for the report daemon (custom reports).

nfcnmpd-log4j.properties

/opt/CSCOnfc/config

Logging properties file for the SNMP Daemon.

nfcxml-log4j.properties

/opt/CSCOnfc/config

Logging properties file for the Cisco/XML interface.

nfcbgp-log4j.properties

/opt/CSCOnfc/config

Logging properties file for the BGP peer.

server.xml

/opt/CSCOnfc/tomcat/conf

Web server configuration file.

web.xml

/opt/CSCOnfc/tomcat/webapps/nfc/WEB-INF

Web application configuration file for web-based UI.

auth.config

/opt/CSCOnfc/config

Authentication information for web-based UI.

healthmonitor.properties

/opt/CSCOnfc/config

Health monitor configuration.

nfcsnmpd.properties

/opt/CSCOnfc/config

SNMP configuration.

peList.conf

/opt/CSCOnfc/config

PE ID list

Browser Requirements

The Cisco NetFlow Collector, Release 6.0 web-based user interface is compatible with Microsoft Internet Explorer 6.0 and Firefox 1.5 on Windows or UNIX. The web-based UI requires that the browser run the Sun Java virtual machine (JVM) to run applets. For the filter editor , threshold editor, and multi-field map editor applets to be displayed, a Sun JVM version 1.5 or higher must be used.

Starting the Cisco NetFlow Collector User Interface

To start the Cisco NetFlow Collector User Interface, do the following:

Step 1 To run Cisco NetFlow Collector, log in as the user specified during installation.

Step 2 Enter the following command:

/opt/CSCOnfc/bin/nfcollector start all
Step 3 From a web browser enter:

//<nfc-hostname>:8080/nfc

Note The web-based UI only works with the collector located on the same machine. To access a different instance of Cisco NetFlow Collector you must start that collector's web server and access it through the corresponding URL.

Stopping Cisco NetFlow Collector

To stop the Cisco NetFlow Collector, you must be logged in as the user specified during installation.

To stop Cisco NetFlow Collector, enter the following command:

# /opt/CSCOnfc/bin/nfcollector shutdown

The shutdown option waits for the NFC process to exit. If a process fails to stop after a configurable number of seconds, the nfcollector script returns a non-zero exit status. To immediately and ungracefully stop all CNS NetFlow Collection Engine processes, enter the following command:

# /opt/CSCOnfc/bin/nfcollector clean

Caution The nfcollector clean command does not gracefully stop the system. Any and all Cisco NetFlow Collector functions cease immediately. Use this command with caution. The nfcollector shutdown command is the preferred way to shut down Cisco NetFlow Collector.

Cisco NetFlow Collector subsystems can also be stopped individually. For example, only the collection subsystem is stopped by entering the following command:

# /opt/CSCOnfc/bin/nfcollector stop collection

Updating JRE Time Zone Data

Cisco NetFlow Collector requires up-to-date time zone data in the Java Runtime Environment (JRE) bundled with NFC so that files and reports that contain the time-of-day accurately reflect current Daylight Saving Time rules that are in effect. Time zone data in NFC's JRE should be updated using the TZupdater tool provided by Sun Microsystems when NFC is installed and whenever local Daylight Saving Time rules change.

Note JRE time zone data that NFC depends on is separate from system time zone data. Although it is recommended that you should also update your operating system time zone data when local Daylight Saving Time rules change, NFC will report times correctly if only the JRE is updated.

Sun Microsystems has provided general information about this topic in the article Timezone Data and the Java Runtime Environment at http://java.sun.com/javase/timezones/. To see if a change announced recently for your location is reflected in the latest data provided by Sun, see Timezone Data Versions in the JRE Software at http://java.sun.com/javase/timezones/tzdata_versions.html.

To update the JRE timezone information for NFC, do the following:

Step 1 Login as the system user who owns NFC files and processes; this account was specified when NFC was installed.

Step 2 Run umask to verify that the current umask is not set to a restrictive value higher than 022. If set to a higher value, set to 022 by running umask 022.

Step 3 Download the latest TZupdater tool from Sun Microsystems. If you don't have a Sun Online Account, you will be prompted to create one. Information about the tool including a link to the download location of the most recent version is available at http://java.sun.com/javase/tzupdater_README.html.

Step 4 In a temporary directory, extract the zipped contents of the download file. This creates the subdirectory tzupdater-version containing the jar file tzupdater.jar.

Step 5 Shut down NFC by running /opt/CSCOnfc/bin/nfcollector shutdown. Verify that no java processes by running ps -ef | grep java.

Step 6 Run the TZupdater tool to update JRE timezone data as follows:

/opt/CSCOnfc/java/bin/java -jar path-to-tzupdater-files/tzupdater.jar -u

Note: On the Solaris platform, ignore package-related warning messages such as:

path-to-java-bin/java not directly found in contents file, no package resolution performed. (May not be in PKG form, not an absolute path, or is a symlink.)

Step 7 Restart Cisco NetFlow Collector. See the "Starting the Cisco NetFlow Collector User Interface" section