NI Home
Documentation
Subscribers
Gadgets Software & Professional Services Ltd. banner

Collector installation tutorial

The Network Intelligence collector software runs on i386 GNU/Linux platforms, and forms part of the Network Intelligence software package. The collector component is responsible for collecting Netflow Exports, and for their subsequent filtering and aggregation.

The client software is distributed in an archive called ni-collector-x.y.z.tgz, where x, y, and z make up the version number. To extract it first create a new temporary directory. From within the newly created directory, chant the following command: 

gtar xvfz ni-collector-x.y.z.tgz

Be sure to read the copyright notice and readme.collector file that may contain any last minute notes of interest.

An installation script install.collector is provided to install the files into their correct locations. You should run this as the root user. The script will prompt you for a user to run the program as. If in doubt, a user nobody is usually available. Check your /etc/passwd file if in doubt. 

[root@butzi skynet]# ./install.collector 
Welcome to the Network Intelligence COLLECTOR installation script.

This script will create directories /opt/ni/bin and /etc/opt/ni and
populate both of these with files.  It will then create rc scripts to
start the software automatically.

For security reasons it is best if the software is owned and run by a
user other than root.  Most systems have a user called nobody that is
safe to use.  Note: if you are installing both the SERVER and
COLLECTOR software on the same machine, you should use the same user
for both.

Enter name of user the collector is to run as (eg. nobody): nobody

The installation is very fast, and all going well the software will be installed and scripts and links will be installed to run the software on startup.

Edit the configuration file /etc/opt/ni/collectord.conf and make sure that all the fields you will be using have some value specified.

  • You need to specify a secret for each collector. This should be the same on each collector, and on the central server.
  • The user you want the collector to run as should also be specified. This is the same as the name you gave to the installation script.
  • An export target can be specified. It is usually safe to leave this commented out. It is only used when a collector is required to re-export Netflow Exports to another machine, such as a CFLOWD collector. CFLOWD is an entirely different application to Network Intelligence however they both process the same statistics, Netflow Exports. Refer www.caida.org for more information on CFLOWD.

After saving the file you should be ok to start the collector software. The directory containing the script for starting and stopping the collector will vary from system to system. Typically either /etc/rc.d/init.d or /etc/init.d will be used. To start the collector you will need to chant something like: 

/etc/rc.d/init.d/colld start

Check your syslog to see if there are any unexpected messages. All going well the collector software will now be running. You can perform a basic test by using telnet to connect to the collector. The following command can be used: 

[root@drone1 skynet]# telnet localhost 6699

The response will be something like: 

Trying 127.0.0.1...
Connected to drone1 (127.0.0.1).
Escape character is '^]'.
AUTHENTICATION;CHALLENGE;puSyOq4U4EAmGmnq
Connection closed by foreign host.
[root@drone1 skynet]#

If you get the AUTHENTICATION;CHALLENGE line that is a good sign that everything is working properly.

Support application - bbnfc

A small application called bbnfc is distributed in the archive. bbnfc stands for Bare bones netflow collector. It can be used to check for the presence of incomming Netflow Export packets on port 2055, or any other UDP port. To run it, simply chant: 

./bbnfc

This small program can be very useful for debugging purposes. Particularly when you are not sure if a router is exporting Netflow Exports, or if you suspect the source IP address differs from what you expect. Network Intelligence only listens to traffic from IP addresses you configure so this small piece of information is vital to successfully gathering statistics.

© Gadgets Software 2001-2008