How to set up the nfdump (nfcapd) service?

N

Nikolai Karlov2022-03-11 06:42:26

linux

Nikolai Karlov, 2022-03-11 06:42:26

Installed nfdump 1.6.18-2 on Ubuntu 20.04 (don't remember if it was out of the box or manually). The nfcapd utility included in it for collecting netflow traffic is launched automatically at the behest of systemd.

Contents of /etc/systemd/system/multi-user.target.wants/nfdump.service :

[Unit]
Description=netflow capture daemon
Documentation=man:nfcapd(1)
Documentation=man:softflowd(8)

[Service]
Type=oneshot
ExecStart=/bin/true
ExecReload=/bin/true
RemainAfterExit=on

[Install]
WantedBy=multi-user.target

I can't figure out how to configure the startup parameters in this service.
Before that, I set up nfsen (also based on nfdump) on centos7, where nfcapd files were placed in /yyyy/mm/dd folders, and now they are all in one heap in /var/cache/nfdump.

I put up with the default port, which I cannot change, but I would like to change the file allocation hierarchy (run with the -S 1 flag), where can I configure this?
I don’t understand at all what side / bin / true is there. Moreover, nfcapd starts up, writes a dump, works properly...

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

N

Nikolai Karlov, 2022-03-11
@BaldUser

The issue was resolved. I called systemctl status nfdump , in the output I saw the line
Loaded: loaded (/lib/systemd/system/nfdump.service; enabled; vendor preset: enabled) .
I followed this path, found the file /usr/lib/systemd/system/[email protected] , there is a line EnvironmentFile=/etc/nfdump/%I.conf .
The /etc/nfdump/default.conf file contains the line options='-l /var/cache/nfdump -p 2055' , and wrote down the necessary parameters there.