2 жил өмнө · 19722946c1
--- a/docs/Readme.en.md
+++ b/docs/Readme.en.md
@@ -142,13 +142,24 @@ systemctl enable stat-sync.service
 
				 
			
 
				 apt install nfdump -y
			
 
				 
			
 
				-cp docs/systemd/nfcapd@.service /etc/systemd/system/nfcapd@.service
			
 
				+for latest nfcapd 1.7:
			
 
				+cp docs/systemd/nfcapd-1.7@.service /etc/systemd/system/nfcapd@.service
			
 
				+
			
 
				+for old nfcapd 1.6:
			
 
				+cp docs/systemd/nfcapd-1.6@.service /etc/systemd/system/nfcapd@.service
			
 
				+
			
 
				 mkdir -p /etc/nfcapd
			
 
				 cp docs/systemd/nfcapd/office.conf /etc/nfcapd/office.conf
			
 
				 
			
 
				 Set nfdump port, path for collected files and router id. Router id see in url for edit device:
			
 
				 #http://[IP]/admin/devices/editdevice.php?id=1
			
 
				 
			
 
				+Set owner for nfcapd files to tcpdump:tcpdump:
			
 
				+mkdir -p /var/spool/flow-tools
			
 
				+chown tcpdump:tcpdump /var/spool/flow-tools
			
 
				+
			
 
				+Enable service:
			
 
				+
			
 
				 systemctl enable nfcapd@office
			
 
				 systemctl start nfcapd@office
			
 
				 
			
--- a/docs/Readme.ru.md
+++ b/docs/Readme.ru.md
@@ -138,20 +138,32 @@ cp docs/systemd/stat-sync.service /etc/systemd/system
 
				 
			
 
				 systemctl enable stat-sync.service
			
 
				 
			
 
				-######################################### Netflow #####################################################################
			
 
				+######################################### Network flow #####################################################################
			
 
				 
			
 
				 apt install nfdump -y
			
 
				 
			
 
				-cp docs/systemd/nfcapd@.service /etc/systemd/system/nfcapd@.service
			
 
				+Для свежего nfcapd 1.7:
			
 
				+cp docs/systemd/nfcapd-1.7@.service /etc/systemd/system/nfcapd@.service
			
 
				+
			
 
				+Для сторого nfcapd 1.6:
			
 
				+cp docs/systemd/nfcapd-1.6@.service /etc/systemd/system/nfcapd@.service
			
 
				+
			
 
				 mkdir -p /etc/nfcapd
			
 
				 cp docs/systemd/nfcapd/office.conf /etc/nfcapd/office.conf
			
 
				 
			
 
				-Указываем порт, место хранения статистики и id роутера, с которого снимается трафик
			
 
				+Указываем порт коллектора, расположение файлов дампов, id роутера, с которого данные забираем. Посмотреть можно в строке адерса при редактировании роутера
			
 
				+#http://[IP]/admin/devices/editdevice.php?id=1
			
 
				+
			
 
				+Ставим владельца на папку с дампами tcpdump:tcpdump:
			
 
				+mkdir -p /var/spool/flow-tools
			
 
				+chown tcpdump:tcpdump /var/spool/flow-tools
			
 
				+
			
 
				+И активируем коллектор:
			
 
				 
			
 
				 systemctl enable nfcapd@office
			
 
				 systemctl start nfcapd@office
			
 
				 
			
 
				-Включаем netflow на микротике:
			
 
				+Включаем netflow на роутере микротик:
			
 
				 /ip traffic-flow
			
 
				 set enabled=yes
			
 
				 /ip traffic-flow target
			
--- a/docs/systemd/nfcapd-1.6@.service
+++ b/docs/systemd/nfcapd-1.6@.service
@@ -0,0 +1,20 @@
 
				+[Unit]
			
 
				+Description=Traffic collector nfcapd 1.6 for %I
			
 
				+After=syslog.target network-online.target
			
 
				+
			
 
				+[Service]
			
 
				+Type=forking
			
 
				+EnvironmentFile=/etc/nfcapd/%i.conf
			
 
				+ExecStart=/usr/bin/nfcapd -D -P /var/run/nfcapd.%i.pid -z -w -t 600 -p ${LISTEN_PORT} -S 1 -l ${DATA_DIR} -x ${EXT}
			
 
				+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SETPCAP
			
 
				+PermissionsStartOnly=true
			
 
				+User=tcpdump
			
 
				+Group=tcpdump
			
 
				+RuntimeDirectory=nfcapd
			
 
				+RuntimeDirectoryMode=0770
			
 
				+PIDFile=/var/run/nfcapd.%i.pid
			
 
				+RestartSec=30
			
 
				+Restart=on-failure
			
 
				+
			
 
				+[Install]
			
 
				+WantedBy=multi-user.target
			
--- a/docs/systemd/nfcapd-1.7@.service
+++ b/docs/systemd/nfcapd-1.7@.service
@@ -0,0 +1,20 @@
 
				+[Unit]
			
 
				+Description=Traffic collector nfcapd 1.7 for %I
			
 
				+After=syslog.target network-online.target
			
 
				+
			
 
				+[Service]
			
 
				+Type=forking
			
 
				+EnvironmentFile=/etc/nfcapd/%i.conf
			
 
				+ExecStart=/usr/bin/nfcapd -w ${DATA_DIR} -z -D -S 1 -t 600 -P /run/nfcapd/nfcapd.%i.pid -p ${LISTEN_PORT} -x ${EXT}
			
 
				+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SETPCAP
			
 
				+PermissionsStartOnly=true
			
 
				+User=tcpdump
			
 
				+Group=tcpdump
			
 
				+RuntimeDirectory=nfcapd
			
 
				+RuntimeDirectoryMode=0770
			
 
				+PIDFile=/run/nfcapd/nfcapd.%i.pid
			
 
				+RestartSec=30
			
 
				+Restart=on-failure
			
 
				+
			
 
				+[Install]
			
 
				+WantedBy=multi-user.target
			
--- a/docs/systemd/nfcapd/office.conf
+++ b/docs/systemd/nfcapd/office.conf
@@ -1,3 +1,3 @@
 
				 LISTEN_PORT=7818
			
 
				-DATA_DIR="/mnt/sdb/flow-tools/netflow-office"
			
 
				-EXT="-x /opt/Eye/scripts/nf_calc_fprobe %d/%f 60"
			
 
				+DATA_DIR="/var/spool/flow-tools"
			
 
				+EXT="/opt/Eye/scripts/nf_calc %d/%f 60"
			
--- a/docs/systemd/nfcapd@.service
+++ b/docs/systemd/nfcapd@.service
@@ -1,14 +0,0 @@
 
				-[Unit]
			
 
				-Description=Traffic collector for %I
			
 
				-After=syslog.target network-online.target
			
 
				-
			
 
				-[Service]
			
 
				-Type=forking
			
 
				-EnvironmentFile=/etc/nfcapd/%i.conf
			
 
				-ExecStart=/bin/nfcapd -D -P /var/run/nfcapd.%i.pid -z -w -t 600 -p ${LISTEN_PORT} -S 1 -l ${DATA_DIR} ${EXT}
			
 
				-PIDFile=/var/run/nfcapd.%i.pid
			
 
				-RestartSec=30
			
 
				-Restart=on-failure
			
 
				-
			
 
				-[Install]
			
 
				-WantedBy=multi-user.target
			
--- a/scripts/eyelib/config.pm
+++ b/scripts/eyelib/config.pm
@@ -124,7 +124,7 @@ our @FN=split("/",$0);
 
				 
			
 
				 $config_ref{my_name}=$FN[-1];
			
 
				 $config_ref{pid_file}="/var/run/".$FN[-1];
			
 
				-$config_ref{log_dir}=$Config->{_}->{log_dir} || '/var/log/scripts';
			
 
				+$config_ref{log_dir}=$Config->{_}->{log_dir} || '/opt/Eye/scripts/log';
			
 
				 $config_ref{log_common}=$config_ref{log_dir}."/$FN[-1].log";
			
 
				 $config_ref{dhcpd_conf}=$Config->{_}->{dhcpd_conf} || "/etc/dnsmasq.d";
			
 
				 $config_ref{DBHOST}	= $Config->{_}->{DBSERVER} || '127.0.0.1';
			
@@ -134,10 +134,12 @@ $config_ref{DBPASS}	= $Config->{_}->{DBPASS} || "rstat";
 
				 $config_ref{domain_auth}= $Config->{_}->{domain_auth} || 'Administrator%password';
			
 
				 $config_ref{winexe}	= $Config->{_}->{winexe} || '/usr/bin/winexe';
			
 
				 $config_ref{fping}	= $Config->{_}->{fping} || '/sbin/fping';
			
 
				-$config_ref{log_owner_user}= $Config->{_}->{user} || 'nagios';
			
 
				-$config_ref{log_owner_group}= $Config->{_}->{group} || 'nagios';
			
 
				+#$config_ref{log_owner_user}= $Config->{_}->{user} || 'nagios';
			
 
				+$config_ref{log_owner_user}= $Config->{_}->{user} || 'tcpdump';
			
 
				+#$config_ref{log_owner_group}= $Config->{_}->{group} || 'nagios';
			
 
				+$config_ref{log_owner_group}= $Config->{_}->{group} || 'tcpdump';
			
 
				 
			
 
				-$config_ref{nagios_dir}=$Config->{_}->{nagios_dir} || '/etc/nagios';
			
 
				+$config_ref{nagios_dir}=$Config->{_}->{nagios_dir} || '/etc/nagios4';
			
 
				 $config_ref{nagios_dir}=~s/\/$//;
			
 
				 $config_ref{nagios_cmd}=$Config->{_}->{nagios_cmd} || '/var/spool/nagios/cmd/nagios.cmd';
			
 
				 $config_ref{nagios_event_socket}=$Config->{_}->{nagios_event_socket} || '/var/spool/nagios/hoststate.socket';
			
--- a/scripts/nf_calc
+++ b/scripts/nf_calc
@@ -10,6 +10,6 @@ routerid=$2
 
				 [ ! -e "${fname}" ] && exit 101
			
 
				 
			
 
				 #renice +19 -p $$ >/dev/null 2>&1
			
 
				-/bin/nfdump -N -r ${fname} -q -o 'fmt:%tsr;%pr;%sa;%xda;%sp;%dp;%ipkt;%ibyt;%in;%out' | /opt/Eye/scripts/parse_flow.pl ${routerid} &
			
 
				+/usr/bin/nfdump -N -r ${fname} -q -o 'fmt:%tsr;%pr;%sa;%xda;%sp;%dp;%ipkt;%ibyt;%in;%out' | /opt/Eye/scripts/parse_flow.pl ${routerid} &
			
 
				 
			
 
				 exit 0