Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-Text | 148.29 KB |
Overview
For network devices that cannot send traffic logs, you can use NTA probes to collect traffic from them via port mirroring. The NTA component will provide analysis on the collected data.
The U-Center NTA software package provides the probe installation program. This document describes the procedure for installing an NTA probe.
Installing the NTA probe
Installation preparations
Hardware requirements
Install the NTA probe on a separate server. Table 1 and Table 2 list the basic server minimum hardware requirements to run the NTA probe for various CPUs.
Hardware requirements x86 architecture servers
Table 1 Hardware requirements x86 architecture servers
|
Item |
Requirement |
|
CPU |
Type: x86 Frequency: 3.0 GHz Number of processors: 1 or 2 NOTE: To process traffic less than 300 Mbps, use one single-core CPU. To process traffic greater than 300 Mbps, use two single-core CPUs or one dual-core CPU. |
|
Memory |
2 GB |
|
Hard disk drive |
80 GB |
|
Network adapter card |
Type: Built-in Gigabit NIC Number of cards: 2 |
Hardware requirements ARM architecture servers
Table 2 Hardware requirements ARM architecture servers
|
Item |
Requirement |
|
CPU |
Type: ARM Frequency: 3.0 GHz Number of processors: 1 or 2 NOTE: To process traffic less than 300 Mbps, use one single-core CPU. To process traffic greater than 300 Mbps, use two single-core CPUs or one dual-core CPU. |
|
Memory |
2 GB |
|
Hard disk drive |
80 GB |
|
Network adapter card |
Type: Built-in Gigabit NIC Number of cards: 2 |
|
|
NOTE: As a best practice, install the NTA probe on a physical sever for stability. |
Software requirements
The NTA probe supports the following operating systems:
· For x86 architecture servers, the NTA probe supports the CentOS 8.1 (64-bit) operating system.
· For ARM architecture servers, the NTA probe supports the CentOS 8.3 (64-bit) operating system.
Installation environment verification
Before installing the NTA probe, verify that all requirements listed in Table 3 are met.
Table 3 Installation environment checklist
|
Item |
Requirement |
|
Hardware |
Verify that the hardware requirements stated in the contract are met. The requirements include CPU, memory size, and hard disk size. |
|
Software |
Verify that the software requirements stated in the contract are met. The NTA probe version and the operating system must be correct. Before installing the operating system, check its boot options. If the firmware in the boot options is EFI, you must disable UEFI secure boot. |
Prerequisites
Before installing a NTA probe on a server, disable firewall on U-Center and open database ports.
At the same time, the time for the server where the NTA probe is located and the time of the U-Center operating environment must be consistent.
To open database ports:
1. Access the U-Center NTA installation directory ntam/k8s-resources.
2. Execute the kubectl apply -f clickhouse-nodeport.yml command to open the ClickHouse database port.
Figure 1 Opening the ClickHouse database port
3. The database port is open, and you can install the NTA probe on the server
Installation
Preparing for installation
|
|
CAUTION: Before installing the probe, make sure you have root permission and are authorized to execute the installation program. |
Before installing the NTA probe, perform the following tasks:
1. Copy the probe directory in the installation package of the NTA component to the CentOS operating system.
2. Access the directory of the probe and verify that the probe_installer_linux.sh script is in the directory.
Installing the NTA probe
1. Execute the chmod +x ./probe_installer_linux.sh command, which grants the execution permission to the probe_installer_linux.sh script.
2. Run the probe_installer_linux.sh script.
3. Specify the installation path.
You can specify an absolute path, or press Enter to use the default path /usr/local/ for installation.
Figure 2 Specifying a directory to install the NTA probe
4. Specify a monitoring network adapter (enter the name of a network adapter of the server where the NTA probe is to be installed).
Figure 3 Specifying a monitoring network adapter
|
|
NOTE: · The monitoring network adapter is used to receive mirrored traffic from the network devices. · You can use the ifconfig command to obtain the names of the network adapters. |
5. Add another network adapter as needed. If you decline to add additional network adapters, enter n.
Figure 4 Setting whether to specify another monitor network adapter card
6. When the installation is complete, restart the server.
Figure 5 Restarting the server
|
|
NOTE: You must restart the server before the NTA probe can work normally. The NTA probe runs automatically after the server is restarted. You can use the ps -ax | grep probe command to confirm that the probe and probe_flow processes are running. |
Uninstallation
You can use either of the following methods to uninstall the probe:
Method 1
1. Delete the unba directory under the directory where the NTA probe is installed.
# cd /usr/local/unba
# rm -rf *
2. Delete the /opt/unba_data directory.
# rm -rf /opt/unba_data
3. Delete the /data directory.
# unlink /data
4. Delete the probe services.
# chkconfig --del probed
5. Delete the /etc/probed file.
# cd /etc/init.d
# rm -rf probed
6. Open the /etc/profile file with the vi command and delete information about the probe.
# vi /etc/profile
Method 2
1. Enter the unba directory under the directory where the NTA probe is installed.
2. Enter the bin subdirectory.
3. Execute the ./probe_uninstall.sh command.
4. Restart the server after removing the NTA probe.
FAQ
How can I launch the NTA probe manually after installation?
To launch the NTA probe manually, perform the following operations:
1. Enter the unba directory under the directory where the NTA probe is installed.
2. Enter the bin subdirectory.
3. Execute the ./startProbe.sh command.
How can I manually stop the NTA probe?
To manually stop the NTA probe, perform the following operations:
1. Enter the unba directory under the directory where the NTA probe is installed.
2. Enter the bin subdirectory.
3. Execute the ./stopProbe.sh command.
How do I change or add a new monitoring network adapter?
First stop the probe manually, and then use one of the following solutions to reconfigure the monitoring network adapter:
Solution 1: Modifying the sysprobe.xml file manually
1. Enter the unba directory under the directory where the NTA probe is installed.
2. Enter the conf subdirectory.
3. Open the sysprobe.xml file, add or change network adapter information in the IFNameAndIndexs tags.
<IFNameAndIndexs>
<IFNameAndIndex>
<IFName>eth2</IFName>
<IFIndex>1</IFIndex>
</IFNameAndIndex>
</IFNameAndIndexs>
4. Restart the server.
Solution 2: Reconfiguring the monitoring network adapter
1. Reconfigure network adapter information when reinstalling the probe or running the probe installation strip to override the original one.
2. (Optional.) For the NTA component, if the interface index for a network adapter is changed or a new network adapter is added, delete and re-add the probe on the Web page and then re-add related traffic analysis tasks.
3. Restart the server.
How to resolve traffic data anomaly on the probe?
1. Verify that the port mirroring settings on the devices are correct.
2. Execute the lsmod | grep prbkern command on the server where the probe is installed to check whether the probe has loaded the kernel module successfully.
3. If no result is returned, the traffic data anomaly might be caused by failure to load the kernel module. Reboot the server.
4. Execute the lsmod | grep prbkern command again.
5. If information as follows is displayed, the probe has loaded the kernel module successfully.
Figure 6 Displaying kernel information
6. Observe one to two data collecting cycles to be sure that the traffic data on the probe gets normal.