topic Re: Installing Splunk For NetFLow in Installation

Installing Splunk For NetFLow

dblprops — Mon, 31 Oct 2011 16:03:43 GMT

Hope I am not missing something simple but I do not see the install instructions for Splunk for Netflow.
I have already installed Splunk and I am using for my Syslog Server. I downloaded Splunk for Netflow but there are no install instructions. I do see the nfdump and nfcapd in the bin directory after unzipping. Is it just a matter of invoking nfcapd on the command line? I am using a Mac mini with OS X 10.6.8 Server installed.

Re: Installing Splunk For NetFLow

tgow — Mon, 28 Sep 2020 10:02:36 GMT

There is a README file in the $SPLUNK_HOME/etc/apps/netflow directory. Here are the contents of that file:

Splunk for NetFlow App (v1.2)
3 Splunk for NetFlow App (v1.2)

4

5 Description:

6 Capture netflow binary records, translate them into

7 text files, and then feed to Splunk to produce

8 dashboards and reports.

9

10 Splunk Version: 4.1 and Higher

11 Supported Platform: Linux

12 Last Modified: Jun-2011

13

14 Author: Andrew Thanalertvisuti - Splunk, Inc.

15 athana@splunk.com

16 17 For support, please contact: bd-labs@splunk.com

*** Disclaimer ***

By default, the NetFlow app only works on Linux 64-bit platforms (due to issues with nfdump binary compatibility).
If you want to run this app on 32-bit platforms, rename two binary files "nfcapd_linux32" and "nfdump_linux32" to "nfcapd" and "nfdump", respectively. These files are located in the NetFlow app's "bin" dire
ctory, which is $SPLUNK_HOME/etc/apps/netflow/bin .

Following is an example of how to rename the files within the directory:

$ cd $SPLUNK_HOME/etc/apps/netflow/bin
$ mv nfcapd_linux32 nfcapd
$ mv nfdump_linux32 nfdump

NOTE: You can download the nfdump source code from: http://sourceforge.net/projects/nfdump/

*** Welcome to the Splunk for NetFlow App ***
The Splunk for NetFlow App produces dashboards and reports of NetFlow binary records, which are captured using nfdump and fed into Splunk. The app also allows you to search through the NetFlow records using
Splunk.

The configuration file (config.ini) is located in the app's "default" directory, which is $SPLUNK_HOME/etc/apps/netflow/default/config.ini . The app relies on the sourcetype=netflow.

NOTE: It may take up to 5 minutes for new data to show up.

For support, please contact: bd-labs@splunk.com

Re: Installing Splunk For NetFLow

dblprops — Mon, 31 Oct 2011 17:56:54 GMT

Yes. I read the README file. I saw the Linux 64-bit platform info. I assume this precludes me from loading on the mac mini. However, I still do not see "install" instructions. There is no "Configure" or "Make" files in any of the unzipped folders.

Re: Installing Splunk For NetFLow

dwaddle — Tue, 01 Nov 2011 15:49:29 GMT

You will need to download the source for NFDUMP and associated tools and compile for your OS. The project homepage for NFDUMP is http://nfdump.sourceforge.net/

Re: Installing Splunk For NetFLow

dblprops — Tue, 01 Nov 2011 16:59:13 GMT

dwaddle,

Thanks. I finally figured that out. Only problem, don't have a C compiler installed on the Mac Mini. Trying to get that taken care of. The developer tools were not loaded and I need to open a new developer account.

Re: Installing Splunk For NetFLow

dblprops — Tue, 01 Nov 2011 17:00:47 GMT

All,

Thanks to dwaddle and some research on my on, I have determined that I need to install the NFDUMP code on my Mac Mini. I will do this after installing a C-Compiler on the mac mini. Thanks to all that responded.

Re: Installing Splunk For NetFLow

dwaddle — Tue, 01 Nov 2011 17:43:20 GMT

You might do just as well to get gcc for the mac out of macports.

Re: Installing Splunk For NetFLow

dblprops — Wed, 09 Nov 2011 14:00:32 GMT

Thanks. Sometime simple is the best answer. 🙂