簡要架構說明:
Linux eth0 預備接收從 Switch Mirror 過來的網路封包介面
eth1 預備將來使用 NetFlow 軟體的 web 登入介面
透過 nprobe / fprobe 這一類的程式,將特定網卡介面的網路封包,
轉導給 NetFlow 軟體做分析與使用!
如下圖所示:
nprobe
https://www.ntop.org/products/netflow/nprobe/
nprobe 可使用 yum 安裝即可,參考的 URL 如下:
http://packages.ntop.org/centos/
如使用 fprobe 可參考如下步驟:
yum install libpcap-devel -y
wget http://sourceforge.net/projects/fprobe/files/fprobe/1.1/fprobe-1.1.tar.bz2
tar jxvf fprobe-1.1.tar.bz2
cd fprobe-1.1/
./configure
make
make install
使用的參考指令如下:
fprobe -i eth0 127.0.0.1:9996
其它參考資訊
(1)
NetFlow Analyzer
https://www.manageengine.com/products/netflow/
nProbe and NetFlow Analyzer
https://blogs.manageengine.com/network/netflowanalyzer/2011/05/19/nprobe-and-netflow-analyzer.html
(2)
NetFlow Traffic Analyzer
https://www.solarwinds.com/netflow-traffic-analyzer
NTA - How to configure nProbe to export flows to Solarwinds NTA
https://support.solarwinds.com/SuccessCenter/s/article/NTA-How-to-configure-nProbe-to-export-flows-to-Solarwinds-NTA
2019年8月23日 星期五
2019年6月16日 星期日
Zabbix 4.2 + TimescaleDB 安裝小筆記
Zabbix 4.2 + TimescaleDB
Zabbix 4.2 的新功能部份已支援 TimescaleDB,故留下這個小筆記,方便日後使用
(1) OS CentOS 7
(2) PostgreSQL 11
https://docs.timescale.com/v1.3/getting-started/installation/rhel-centos/installation-yum
PostgreSQL repository & Install
# yum install https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
# yum install postgresql11
# yum install postgresql11-server
# /usr/pgsql-11/bin/postgresql-11-setup initdb
# systemctl enable postgresql-11
# systemctl start postgresql-11
Add PATH
PATH=$PATH:/usr/pgsql-11/bin/
export PATH
PGDATA=/var/lib/pgsql/11/data
export PGDATA
# vi /var/lib/pgsql/11/data/pg_hba.conf
local all all md5
# or local all all trust
host all all 127.0.0.1/32 md5
# vi /var/lib/pgsql/11/data/postgresql.conf
# - Connection Settings -
listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5432 # (change requires restart)
max_connections = 100 # (change requires restart)
(3) TimescaleDB 1.3
TimescaleDB repository & Install
sudo cat > /etc/yum.repos.d/timescale_timescaledb.repo <<EOL
[timescale_timescaledb]
name=timescale_timescaledb
baseurl=https://packagecloud.io/timescale/timescaledb/el/7/\$basearch
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/timescale/timescaledb/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
EOL
# yum update -y
# yum install -y timescaledb-postgresql-11
(4) Configure database
# timescaledb-tune
[root@centos75 ~]# timescaledb-tune
Using postgresql.conf at this path:
/var/lib/pgsql/11/data/postgresql.conf
Is this correct? [(y)es/(n)o]: y
Writing backup to:
/tmp/timescaledb_tune.backup201906151823
shared_preload_libraries needs to be updated
Current:
#shared_preload_libraries = ''
Recommended:
shared_preload_libraries = 'timescaledb'
Is this okay? [(y)es/(n)o]: y
success: shared_preload_libraries will be updated
Tune memory/parallelism/WAL and other settings? [(y)es/(n)o]: y
Recommendations based on 3.69 GB of available memory and 4 CPUs for PostgreSQL 11
Memory settings recommendations
Current:
shared_buffers = 128MB
#effective_cache_size = 4GB
#maintenance_work_mem = 64MB
#work_mem = 4MB
Recommended:
shared_buffers = 966208kB
effective_cache_size = 2830MB
maintenance_work_mem = 483104kB
work_mem = 2415kB
Is this okay? [(y)es/(s)kip/(q)uit]: y
success: memory settings will be updated
Parallelism settings recommendations
Current:
missing: timescaledb.max_background_workers
#max_worker_processes = 8
#max_parallel_workers_per_gather = 2
#max_parallel_workers = 8
Recommended:
timescaledb.max_background_workers = 8
max_worker_processes = 15
max_parallel_workers_per_gather = 2
max_parallel_workers = 4
Is this okay? [(y)es/(s)kip/(q)uit]: y
success: parallelism settings will be updated
WAL settings recommendations
Current:
#wal_buffers = -1
min_wal_size = 80MB
max_wal_size = 1GB
Recommended:
wal_buffers = 16MB
min_wal_size = 4GB
max_wal_size = 8GB
Is this okay? [(y)es/(s)kip/(q)uit]: y
success: WAL settings will be updated
Miscellaneous settings recommendations
Current:
#default_statistics_target = 100
#random_page_cost = 4.0
#checkpoint_completion_target = 0.5
#max_locks_per_transaction = 64
#effective_io_concurrency = 1
Recommended:
default_statistics_target = 500
random_page_cost = 1.1
checkpoint_completion_target = 0.9
max_locks_per_transaction = 64
effective_io_concurrency = 200
Is this okay? [(y)es/(s)kip/(q)uit]: y
success: miscellaneous settings will be updated
Saving changes to: /var/lib/pgsql/11/data/postgresql.conf
[root@centos75 ~]#
# systemctl restart postgresql-11
(4) Zabbix 4.2
https://www.zabbix.com/download?zabbix=4.2&os_distribution=centos&os_version=7&db=postgresql
Install Zabbix repository
# rpm -Uvh https://repo.zabbix.com/zabbix/4.2/rhel/7/x86_64/zabbix-release-4.2-1.el7.noarch.rpm
Install Zabbix server, frontend, agent
# yum -y install zabbix-server-pgsql zabbix-web-pgsql zabbix-agent
Create initial database
# sudo -u postgres createuser --pwprompt zabbix
# sudo -u postgres createdb -O zabbix zabbix
Import initial schema and data. You will be prompted to enter your newly created password.
# zcat /usr/share/doc/zabbix-server-pgsql*/create.sql.gz | sudo -u zabbix psql zabbix
========================================
https://www.zabbix.com/documentation/4.2/manual/appendix/install/timescaledb
[root@centos75 zabbix-server-pgsql-4.2.3]# pwd
/usr/share/doc/zabbix-server-pgsql-4.2.3
[root@centos75 zabbix-server-pgsql-4.2.3]# ll
total 2292
-rw-r--r-- 1 root root 98 Jun 7 18:18 AUTHORS
-rw-r--r-- 1 root root 1000750 Jun 7 18:19 ChangeLog
-rw-r--r-- 1 root root 17990 Jun 7 18:18 COPYING
-rw-r--r-- 1 root root 1305981 Jun 7 18:26 create.sql.gz
-rw-r--r-- 1 root root 52 Jun 7 18:18 NEWS
-rw-r--r-- 1 root root 1317 Jun 7 18:19 README
-rw-r--r-- 1 root root 219 Jun 7 18:19 timescaledb.sql.gz
[root@centos75 zabbix-server-pgsql-4.2.3]#
root@centos75 zabbix-server-pgsql-4.2.3]# echo "CREATE EXTENSION IF NOT EXISTS timescaledb CASCADE;" | sudo -u postgres psql zabbix
WARNING:
WELCOME TO
_____ _ _ ____________
|_ _(_) | | | _ \ ___ \
| | _ _ __ ___ ___ ___ ___ __ _| | ___| | | | |_/ /
| | | | _ ` _ \ / _ \/ __|/ __/ _` | |/ _ \ | | | ___ \
| | | | | | | | | __/\__ \ (_| (_| | | __/ |/ /| |_/ /
|_| |_|_| |_| |_|\___||___/\___\__,_|_|\___|___/ \____/
Running version 1.3.1
For more information on TimescaleDB, please visit the following links:
1. Getting started: https://docs.timescale.com/getting-started
2. API reference documentation: https://docs.timescale.com/api
3. How TimescaleDB is designed: https://docs.timescale.com/introduction/architecture
Note: TimescaleDB collects anonymous reports to better understand and assist our users.
For more information and how to disable, please see our docs https://docs.timescaledb.com/using-timescaledb/telemetry.
CREATE EXTENSION
[root@centos75 zabbix-server-pgsql-4.2.3]# zcat /usr/share/doc/zabbix-server-pgsql-4.2.3/timescaledb.sql.gz | sudo -u zabbix psql zabbix
create_hypertable
----------------------
(1,public,history,t)
(1 row)
create_hypertable
---------------------------
(2,public,history_uint,t)
(1 row)
create_hypertable
--------------------------
(3,public,history_log,t)
(1 row)
create_hypertable
---------------------------
(4,public,history_text,t)
(1 row)
create_hypertable
--------------------------
(5,public,history_str,t)
(1 row)
create_hypertable
---------------------
(6,public,trends,t)
(1 row)
create_hypertable
--------------------------
(7,public,trends_uint,t)
(1 row)
UPDATE 1
[root@centos75 zabbix-server-pgsql-4.2.3]#
=======================================
Configure the database for Zabbix server
vi /etc/zabbix/zabbix_server.conf
--> DBPassword=password
Configure PHP for Zabbix frontend
vi /etc/httpd/config.d/zabbix.conf
--> php_value date.timezone Asia/Taipei
Start Zabbix server and agent processes
Start Zabbix server and agent processes and make it start at system boot:
# systemctl restart zabbix-server zabbix-agent httpd
# systemctl enable zabbix-server zabbix-agent httpd
其它參考的 URL
https://www.opensourcetech.tokyo/entry/20190510/1557484230
host all all 127.0.0.1/32 md5
# vi /var/lib/pgsql/11/data/postgresql.conf
# - Connection Settings -
listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5432 # (change requires restart)
max_connections = 100 # (change requires restart)
(3) TimescaleDB 1.3
TimescaleDB repository & Install
sudo cat > /etc/yum.repos.d/timescale_timescaledb.repo <<EOL
[timescale_timescaledb]
name=timescale_timescaledb
baseurl=https://packagecloud.io/timescale/timescaledb/el/7/\$basearch
repo_gpgcheck=1
gpgcheck=0
enabled=1
gpgkey=https://packagecloud.io/timescale/timescaledb/gpgkey
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300
EOL
# yum update -y
# yum install -y timescaledb-postgresql-11
(4) Configure database
# timescaledb-tune
[root@centos75 ~]# timescaledb-tune
Using postgresql.conf at this path:
/var/lib/pgsql/11/data/postgresql.conf
Is this correct? [(y)es/(n)o]: y
Writing backup to:
/tmp/timescaledb_tune.backup201906151823
shared_preload_libraries needs to be updated
Current:
#shared_preload_libraries = ''
Recommended:
shared_preload_libraries = 'timescaledb'
Is this okay? [(y)es/(n)o]: y
success: shared_preload_libraries will be updated
Tune memory/parallelism/WAL and other settings? [(y)es/(n)o]: y
Recommendations based on 3.69 GB of available memory and 4 CPUs for PostgreSQL 11
Memory settings recommendations
Current:
shared_buffers = 128MB
#effective_cache_size = 4GB
#maintenance_work_mem = 64MB
#work_mem = 4MB
Recommended:
shared_buffers = 966208kB
effective_cache_size = 2830MB
maintenance_work_mem = 483104kB
work_mem = 2415kB
Is this okay? [(y)es/(s)kip/(q)uit]: y
success: memory settings will be updated
Parallelism settings recommendations
Current:
missing: timescaledb.max_background_workers
#max_worker_processes = 8
#max_parallel_workers_per_gather = 2
#max_parallel_workers = 8
Recommended:
timescaledb.max_background_workers = 8
max_worker_processes = 15
max_parallel_workers_per_gather = 2
max_parallel_workers = 4
Is this okay? [(y)es/(s)kip/(q)uit]: y
success: parallelism settings will be updated
WAL settings recommendations
Current:
#wal_buffers = -1
min_wal_size = 80MB
max_wal_size = 1GB
Recommended:
wal_buffers = 16MB
min_wal_size = 4GB
max_wal_size = 8GB
Is this okay? [(y)es/(s)kip/(q)uit]: y
success: WAL settings will be updated
Miscellaneous settings recommendations
Current:
#default_statistics_target = 100
#random_page_cost = 4.0
#checkpoint_completion_target = 0.5
#max_locks_per_transaction = 64
#effective_io_concurrency = 1
Recommended:
default_statistics_target = 500
random_page_cost = 1.1
checkpoint_completion_target = 0.9
max_locks_per_transaction = 64
effective_io_concurrency = 200
Is this okay? [(y)es/(s)kip/(q)uit]: y
success: miscellaneous settings will be updated
Saving changes to: /var/lib/pgsql/11/data/postgresql.conf
[root@centos75 ~]#
# systemctl restart postgresql-11
(4) Zabbix 4.2
https://www.zabbix.com/download?zabbix=4.2&os_distribution=centos&os_version=7&db=postgresql
Install Zabbix repository
# rpm -Uvh https://repo.zabbix.com/zabbix/4.2/rhel/7/x86_64/zabbix-release-4.2-1.el7.noarch.rpm
Install Zabbix server, frontend, agent
# yum -y install zabbix-server-pgsql zabbix-web-pgsql zabbix-agent
Create initial database
# sudo -u postgres createuser --pwprompt zabbix
# sudo -u postgres createdb -O zabbix zabbix
Import initial schema and data. You will be prompted to enter your newly created password.
# zcat /usr/share/doc/zabbix-server-pgsql*/create.sql.gz | sudo -u zabbix psql zabbix
========================================
https://www.zabbix.com/documentation/4.2/manual/appendix/install/timescaledb
[root@centos75 zabbix-server-pgsql-4.2.3]# pwd
/usr/share/doc/zabbix-server-pgsql-4.2.3
[root@centos75 zabbix-server-pgsql-4.2.3]# ll
total 2292
-rw-r--r-- 1 root root 98 Jun 7 18:18 AUTHORS
-rw-r--r-- 1 root root 1000750 Jun 7 18:19 ChangeLog
-rw-r--r-- 1 root root 17990 Jun 7 18:18 COPYING
-rw-r--r-- 1 root root 1305981 Jun 7 18:26 create.sql.gz
-rw-r--r-- 1 root root 52 Jun 7 18:18 NEWS
-rw-r--r-- 1 root root 1317 Jun 7 18:19 README
-rw-r--r-- 1 root root 219 Jun 7 18:19 timescaledb.sql.gz
[root@centos75 zabbix-server-pgsql-4.2.3]#
root@centos75 zabbix-server-pgsql-4.2.3]# echo "CREATE EXTENSION IF NOT EXISTS timescaledb CASCADE;" | sudo -u postgres psql zabbix
WARNING:
WELCOME TO
_____ _ _ ____________
|_ _(_) | | | _ \ ___ \
| | _ _ __ ___ ___ ___ ___ __ _| | ___| | | | |_/ /
| | | | _ ` _ \ / _ \/ __|/ __/ _` | |/ _ \ | | | ___ \
| | | | | | | | | __/\__ \ (_| (_| | | __/ |/ /| |_/ /
|_| |_|_| |_| |_|\___||___/\___\__,_|_|\___|___/ \____/
Running version 1.3.1
For more information on TimescaleDB, please visit the following links:
1. Getting started: https://docs.timescale.com/getting-started
2. API reference documentation: https://docs.timescale.com/api
3. How TimescaleDB is designed: https://docs.timescale.com/introduction/architecture
Note: TimescaleDB collects anonymous reports to better understand and assist our users.
For more information and how to disable, please see our docs https://docs.timescaledb.com/using-timescaledb/telemetry.
CREATE EXTENSION
[root@centos75 zabbix-server-pgsql-4.2.3]# zcat /usr/share/doc/zabbix-server-pgsql-4.2.3/timescaledb.sql.gz | sudo -u zabbix psql zabbix
create_hypertable
----------------------
(1,public,history,t)
(1 row)
create_hypertable
---------------------------
(2,public,history_uint,t)
(1 row)
create_hypertable
--------------------------
(3,public,history_log,t)
(1 row)
create_hypertable
---------------------------
(4,public,history_text,t)
(1 row)
create_hypertable
--------------------------
(5,public,history_str,t)
(1 row)
create_hypertable
---------------------
(6,public,trends,t)
(1 row)
create_hypertable
--------------------------
(7,public,trends_uint,t)
(1 row)
UPDATE 1
[root@centos75 zabbix-server-pgsql-4.2.3]#
=======================================
Configure the database for Zabbix server
vi /etc/zabbix/zabbix_server.conf
--> DBPassword=password
Configure PHP for Zabbix frontend
vi /etc/httpd/config.d/zabbix.conf
--> php_value date.timezone Asia/Taipei
Start Zabbix server and agent processes
Start Zabbix server and agent processes and make it start at system boot:
# systemctl restart zabbix-server zabbix-agent httpd
# systemctl enable zabbix-server zabbix-agent httpd
其它參考的 URL
https://www.opensourcetech.tokyo/entry/20190510/1557484230
2019年1月11日 星期五
CentOS7 Pritunl OpenVPN
https://docs.pritunl.com/docs/getting-started
https://docs.pritunl.com/docs/installation
sudo tee /etc/yum.repos.d/mongodb-org-4.0.repo << EOF
[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
EOF
sudo tee /etc/yum.repos.d/pritunl.repo << EOF
[pritunl]
name=Pritunl Repository
baseurl=https://repo.pritunl.com/stable/yum/centos/7/
gpgcheck=1
enabled=1
EOF
sudo rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 7568D9BB55FF9E5287D586017AE645C0CF8E292A
gpg --armor --export 7568D9BB55FF9E5287D586017AE645C0CF8E292A > key.tmp; sudo rpm --import key.tmp; rm -f key.tmp
sudo yum -y install pritunl mongodb-org
sudo systemctl start mongod pritunl
sudo systemctl enable mongod pritunl
OpenVPN + 2FA + OTP
https://docs.pritunl.com/docs/installation
sudo tee /etc/yum.repos.d/mongodb-org-4.0.repo << EOF
[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
EOF
sudo tee /etc/yum.repos.d/pritunl.repo << EOF
[pritunl]
name=Pritunl Repository
baseurl=https://repo.pritunl.com/stable/yum/centos/7/
gpgcheck=1
enabled=1
EOF
sudo rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 7568D9BB55FF9E5287D586017AE645C0CF8E292A
gpg --armor --export 7568D9BB55FF9E5287D586017AE645C0CF8E292A > key.tmp; sudo rpm --import key.tmp; rm -f key.tmp
sudo yum -y install pritunl mongodb-org
sudo systemctl start mongod pritunl
sudo systemctl enable mongod pritunl
OpenVPN + 2FA + OTP
訂閱:
文章 (Atom)