Installation

Installing Splunk For NetFLow

dblprops
Engager

Hope I am not missing something simple but I do not see the install instructions for Splunk for Netflow.
I have already installed Splunk and I am using for my Syslog Server. I downloaded Splunk for Netflow but there are no install instructions. I do see the nfdump and nfcapd in the bin directory after unzipping. Is it just a matter of invoking nfcapd on the command line? I am using a Mac mini with OS X 10.6.8 Server installed.

Tags (2)
0 Karma

dblprops
Engager

All,

Thanks to dwaddle and some research on my on, I have determined that I need to install the NFDUMP code on my Mac Mini. I will do this after installing a C-Compiler on the mac mini. Thanks to all that responded.

0 Karma

dwaddle
SplunkTrust
SplunkTrust

You will need to download the source for NFDUMP and associated tools and compile for your OS. The project homepage for NFDUMP is http://nfdump.sourceforge.net/

dblprops
Engager

Thanks. Sometime simple is the best answer. 🙂

0 Karma

dwaddle
SplunkTrust
SplunkTrust

You might do just as well to get gcc for the mac out of macports.

0 Karma

dblprops
Engager

dwaddle,

Thanks. I finally figured that out. Only problem, don't have a C compiler installed on the Mac Mini. Trying to get that taken care of. The developer tools were not loaded and I need to open a new developer account.

0 Karma

tgow
Splunk Employee
Splunk Employee

There is a README file in the $SPLUNK_HOME/etc/apps/netflow directory. Here are the contents of that file:

Splunk for NetFlow App (v1.2)
3 Splunk for NetFlow App (v1.2)

4

5 Description:

6 Capture netflow binary records, translate them into

7 text files, and then feed to Splunk to produce

8 dashboards and reports.

9

10 Splunk Version: 4.1 and Higher

11 Supported Platform: Linux

12 Last Modified: Jun-2011

13

14 Author: Andrew Thanalertvisuti - Splunk, Inc.

15 athana@splunk.com

16 17 For support, please contact: bd-labs@splunk.com

*** Disclaimer ***

By default, the NetFlow app only works on Linux 64-bit platforms (due to issues with nfdump binary compatibility).
If you want to run this app on 32-bit platforms, rename two binary files "nfcapd_linux32" and "nfdump_linux32" to "nfcapd" and "nfdump", respectively. These files are located in the NetFlow app's "bin" dire
ctory, which is $SPLUNK_HOME/etc/apps/netflow/bin .

Following is an example of how to rename the files within the directory:

$ cd $SPLUNK_HOME/etc/apps/netflow/bin
$ mv nfcapd_linux32 nfcapd
$ mv nfdump_linux32 nfdump

NOTE: You can download the nfdump source code from: http://sourceforge.net/projects/nfdump/

*** Welcome to the Splunk for NetFlow App ***
The Splunk for NetFlow App produces dashboards and reports of NetFlow binary records, which are captured using nfdump and fed into Splunk. The app also allows you to search through the NetFlow records using
Splunk.

The configuration file (config.ini) is located in the app's "default" directory, which is $SPLUNK_HOME/etc/apps/netflow/default/config.ini . The app relies on the sourcetype=netflow.

NOTE: It may take up to 5 minutes for new data to show up.

For support, please contact: bd-labs@splunk.com

dblprops
Engager

Yes. I read the README file. I saw the Linux 64-bit platform info. I assume this precludes me from loading on the mac mini. However, I still do not see "install" instructions. There is no "Configure" or "Make" files in any of the unzipped folders.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...