In this article, NetFlow Collector feel the superiority, it was decided to adopt a Pandora FMS as Analyzer.
Pandora FMS NetFlow analyze and IP address management - designetwork(EN)
I have tried to install and use the Pandora FMS to CentOS6.5, introduced because the weak part of the NetFlow traffic analysis feature has been seen forgo.
I can not recommend Pandora FMS as Flow Collector.
Excluded from evaluation for integrated monitoring function for which was confirmed specializes in NetFlow function
Enterprise version is unconfirmed
- CANNOT do with Pandora FMS
- What you can do with Pandora FMS
- Installation Pandora FMS 6.0SP1-1 to CentOS
- Conclusion
CANNOT do with Pandora FMS
All communication list of the source / destination
The image can not generate the following table.
| Protocol | Src IP | Src Port | Dst IP | Dst Port | Traffic |
|---|---|---|---|---|---|
| TCP | 192.168.1.1 | 60000 | 10.1.1.1 | 80 | 60MB |
| UDP | 192.168.1.1 | 50000 | 10.1.2.1 | 53 | 10MB |
| TCP | 192.168.2.1 | 60000 | 10.1.1.1 | 80 | 5MB |
Split of multiple Exporter
It originally we use nfcapd and nfdump mechanism, for generating data from a single file can not be aware of the Exporter.
You can not see the traffic situation at a plurality of points individually.
From the above, it was decided to postpone the adoption.
It had been well seen as a net flow collector of open source, but not the current situation recommended.
Do I make a plug-in on your own, it is believed that it is reasonable to consider other products.
What you can do with Pandora FMS
Aggregations one any was the key
Contents of which are described in the manual.
Output image is as follows. All conditions are the same.
- Area chart: An area chart, either aggregated or unaggregated.
- Pie chart: An aggregated pie chart.
- Data table: A text representation of the area chart.
- Statistics table: A text representation of the pie chart.
Two from here without described in the document.
- Circular Mesh:Src/Dst Circular Graph
This graph is made well in clean.
However, no practical use as a communication section increases.
This example draws a Src / Dst Port.
- Detailed host traffic
Communication destination (IP address, Port) draw.
Color changes in the protocol port number.
Blue: HTTP, Orange: HTTPS
Installation Pandora FMS 6.0SP1-1 to CentOS
Partial notes stumbled such as an error in the installation
Although advances in essentially as described in official documents, and the description of the multiple OS are mixed, there is a little hard to see part.
Install to CentOS6
Before in the manual,
yum install pandorafms_console pandorafms_server mysql-server
you have to do below
yum install epel-release
If you didn't do, this error occurs.
ERROR: Package: pandorafms_server-6.0SP1-1.noarch (artica_pandorafms)
Require: perl-Encode-Locale
Default User/Password is Admin/pandora
The NetFlow use may need to install the nfdump. (There described the document)
If you do not the Timezone set to Japan, graph generation is in the time zone of the unexpected.
Install to CentOS7
I could not installPandoraFMS 6.1 to CentOS7 with this error.
libsasl2.so.2 is NOT be supported in CentOS7.There no workaroud? (support from libsasl2.so.3)
ERROR: Package: wmic-4.0.0SVN-2.1.noarch (artica_pandorafms)
Require: libsasl2.so.2
Conclusion
There was also what can be seen in advance by manual, also NetFlow Collector (net flow collector) is often part that can not be evaluated and not try to use.
Unfortunately adoption collector candidate of open source is decreased one...
NetFlow might be difficult in the OSS ready-made...
