NetFlow (FlowView) plug-in for Cacti

First to all we need to download flowview plug-in from cacti.net and copy the file to the server with WINSCP http://docs.cacti.net/plugins
# download flowview plugin from cacti.net

When you are ready, extract the file # this command is to update clamav antivirus
freshclam cd /home/admin/Desktop tar -xzvf /home/admin/Desktop/flowview-v1.1-1.tgz # edit php.ini vi /etc/php.ini date.timezone =America/Bogota service httpd restart # add the structure of flowviews sql to cacti database mysql -u root -p cacti < /home/admin/Desktop/flowview/flowview.sql # copy flowview directory to cactis plugins directory cp -r flowview/ /var/www/html/cacti/plugins/flowview chown -R admin:admin /var/www/html/cacti/plugins/flowview chmod 775 /var/www/html/cacti/plugins/flowview # install and enable flowview plugin from cacti webpage Configuration > Plugin Management Configuration > Settings > Misc and specify the Flows Directory /var/netflow/flows/completed

mkdir -p /var/netflow/flows/completed chmod 777 /var/netflow/flows/completed ls -la /var/netflow/flows

# Install netflow tool box called flow-tools

yum install flow-tools chkconfig flow-capture on service flow-capture status service flow-capture start # change the listen port and ip addresses for flow-capture service vi /etc/sysconfig/flow-capture OPTIONS="-V 5 -E 5G -N 3 -w /var/netflow/flows/completed -S 5 0/0/2203" service flow-capture restart netstat -uan iptables -nL v

# Permit netflow traffic from Cisco Router to cactis box vi /etc/sysconfig/iptables -A INPUT -p udp -m state --state NEW -m udp --dport 2203 -j ACCEPT service iptables restart iptables -nL v

# test netflow traffic from client (Cisco Router) to server (Cactis box), BUT BEFORE YOU NEED TO CONFIGURE NETFLOW IN CISCO ROUTER, below you can see how to do it flow-print < /var/netflow/flows/completed tcpdump udp port 2203 flow-receive 0/0/2203 | flow-print # useful link http://www.splintered.net/sw/flow-tools/docs/ # Edit and Copy flow-capture service in order to work with cacti application cp /etc/init.d/flow-capture /etc/init.d/flow-capture.bk vi /var/www/html/cacti/plugins/flowview/flow-capture $cacti_base = '/var/www/html/cacti'; cp /var/www/html/cacti/plugins/flowview/flow-capture /etc/init.d/flowcapture /etc/init.d/flow-capture stop /etc/init.d/flow-capture start ## Ok, now let's configure the ROUTER CISCO to send netflow traffic to cacti's box ### CONFIGURATION OF CISCO IOS to send NetFlow to the cacti's box interface Vlan10

ip flow egress ip route-cache flow ip ip ip ip flow-cache timeout active 5 flow-export source Vlan11 flow-export version 5 flow-export destination 192.168.180.3 2203

## Command that can be useful to check the configuration show ip flow export show ip flow interface show ip cache verbose flow

# finally create the listener device from cacti's box # Go to cacti website and select flowview tab > select Listeners and select add in the top right corner # and please restart once more time flow-capture service # NOTE EVERY TIME THAT YOU ADD A NEW DEVICE TO NETFLOW FROM CACTI's Flowview tab you need stop and start the service flow-capture /etc/init.d/flow-capture stop /etc/init.d/flow-capture start