-
-
Save jjsantanna/f2ee2f1fe23208299f4a2ca392f8b23f to your computer and use it in GitHub Desktop.
| OS: Linux ubuntu 4.10.0-28-generic #32~16.04.2-Ubuntu | |
| Instructions: | |
| 1)Uncomment lines from /etc/apt/sources.list(needs root): | |
| deb-src http://us.archive.ubuntu.com/ubuntu/ xenial universe | |
| deb-src http://us.archive.ubuntu.com/ubuntu/ xenial-updates universe | |
| 2)Run: | |
| sudo apt-get update && sudo apt-get upgrade | |
| 3)Download the source files of nfdump and dependencies: | |
| sudo apt-get source nfdump | |
| sudo apt-get install libtool | |
| sudo apt-get install dh-autoreconf | |
| sudo apt-get install libpcap-dev | |
| sudo apt-get install libghc-bzlib-dev | |
| sudo apt-get install flex | |
| 4)Navigate into the directory and run autogen.sh | |
| cd nfdump | |
| chmod u+x autogen.sh && ./autogen.sh | |
| 5)Run: | |
| ./configure --enable-sflow --enable-readpcap --enable-nfpcapd | |
| 6)Run: | |
| make | |
| sudo make install | |
| sudo ldconfig | |
| 7)You can now convert pcaps to nflow by running: | |
| nfpcapd -r <path_to_pcap_file> -l <output_directory> | |
| 8)Then you can use nfdump to export the netflows: | |
| cd <output_directory> | |
| nfdump -r <nflow_file> -o extended -o csv > <output_file> |
This is a very helpful tutorial, however one last command was missing in my case to resolve the nfdump: error while loading shared libraries: libnfdump-1.6.23.so: cannot open shared object file: No such file or directory error:
After sudo make install run: sudo ldconfig
Also, after step 7), you might end up with a folder of .nfcapd files. If you want to merge them to a single .csv output you can:
nfdump -R <directory_with_nfcapds> > merged_nfcapd.csv
sudo apt-get install libtool dh-autoreconf libpcap-dev libghc-bzlib-dev flex -y
In WSL:
autogen.sh: configure nfdump-1.6.18
autogen.sh: could not find PKG_CHECK_MODULES macro.
Either pkg-config is not installed on your system or
`pkg.m4' is missing or not found by aclocal.
If pkg.m4' is installed at an unusual location, re-run autogen.sh' by setting `ACLOCAL_FLAGS':
ACLOCAL_FLAGS="-I <prefix>/share/aclocal" ./autogen.sh
solution:
sudo apt-get install autoconf pkgconf -y
ensure you have bison as well otherwise you will get make errors when failing to find yacc
sudo apt-get install bison -y
i try to run : "nfpcapd -r path_to_pcap_file; -l output_directory" and it doesn't seem like it converting my test.pcap to a netflow file (Nfdump) Example: nfpcapd -r test.pcap -l output_folder/
Any advice?