Flow Collector

This package provides means for the Opsview web to get netflow and sflow data for viewing the UI via the dashboard. It processes netflow and sflow data and pushes messages on the message queues to be stored in the database via results-flow. The various dashlets send a command via the Orchestrator API to the relevant Collector where the netflow data is being stored to get Top 10 Host and Port, Transmitters and Receivers information. Results flow stores data which dashlets use to show sources summary and sources history.

Dependencies Copied

Please make sure opsview-messagequeue is installed configured and running before attempting to run the flowcollector.

On the Orchestrator server please make sure you install opsview-results-flow package. This package reads the data sent from flow collector and adds into the database to be shown in the dashboards.

Installation Copied

To install Flow Collector, you need to edit /opt/opsview/deploy/etc/user_vars.yml file and append the following:

opsview_module_netflow: True

Then, run the following command as root:

cd /opt/opsview/deploy
./bin/opsview-deploy lib/playbooks/setup-opsview.yml

Configuration Copied

Flow collector Copied

No configuration is required if the flow-collector is installed on the same machine as the orchestrator and messagequeue. In any other setup the collector needs to know where the opsview-messagequeue is installed. Flow collector will then determine the correct flow-results queue, flow-request and flow-response queue. There are two possible scenarios here:

  1. The user edits the component yaml file path /opt/opsview/flowcollector/etc/flowcollector.yaml (on the collector) and edits /opt/opsview/resultsflow/etc/resultsflow.yaml (on the orchestrator) to point to the correct messagequeue as below.
  2. The user edits the loadbalancer messagequeue.cfg to point to the correct message queue server. Examples of which are further below.
---
flowcollector:
    messagequeue:
        host: <provide your messagequeue host ip address>
        port: 35672

Results flow Copied 

---
resultsflow:
    messagequeue:
        host: <provide your messagequeue host ip address>
        port: 35672

Load Balancer Copied 

#The forwarding ports need to be the same
listen messagequeue
        bind            <LOCALHOST or IP ADDRESS OF THE COLLECTOR SERVER>:35672
        mode            tcp
        timeout client  3h
        timeout server  3h
        option          clitcpka
        server          messagequeue <IP ADDRESS OF THE MESSAGEQUEUE HOST>:35672 check inter 5s
listen messagequeue-management
        bind            0.0.0.0:45672
        mode            tcp
        timeout client  3h
        timeout server  3h
        option          clitcpka
        server          messagequeue 127.0.0.1:15672 check inter 5s

Advanced flow collector options Copied

The following advanced options may be set in the flowcollector.yaml configuration file:

Flow collector housekeeping Copied

Flow collector housekeeping performs cleanup tasks based on the user-defined retention period. The process is triggered by a cron job under the opsview user account, which is configured to run daily at 3:11 AM (local time zone of the collector).

To set the schedule of your crontab, do the following steps:

  1. In the crontab.opsview.netflow.collector file, update the cron expression to 11 3 * * *.
# OPSVIEW-NETFLOW-COLLECTOR-START
# Do not remove comment above. Everything between 
# OPSVIEW-NETFLOW-COLLECTOR-START and OPSVIEW-NETFLOW-COLLECTOR-END
# will be automatically installed as part of an Opsview NetFlow Collector
11 3 * * * /opt/opsview/flowcollector/bin/netflow_housekeeping
# OPSVIEW-NETFLOW-COLLECTOR-END
  1. Remove the existing crontab for the flow-collector.
/opt/opsview/flowcollector/installer/remove_crontab
  1. Create the crontab for the flow-collector.
/opt/opsview/flowcollector/installer/setup_crontab

Management Copied

Configuration Copied

DPKGs Copied

Watchdog service configuration files are now managed by the package, doing a remove would leave the watchdog service file behind with a .save extension. Purging the package will remove it. Any modifications to the files will be saved at upgrade and removal of the package.

RPMs Copied

Watchdog service files are now managed by the package. Any modifications will be saved at upgrade and remove processes with the .rpmnew and .rpmsave extensions correspondingly.

Service Administration Copied

As root, start, stop and restart the service using:

/opt/opsview/watchdog/bin/opsview-monit <start|stop|restart> opsview-flowcollector 
/opt/opsview/watchdog/bin/opsview-monit <start|stop|restart> opsview-resultsflow
["Opsview On-Premises"] ["User Guide"]

Was this topic helpful?