1、簡介
yaf是Yet Another Flowmeter的縮寫。
2、安裝過程
1)首先安裝編譯工具
$ sudo apt-get install make gcc
2)安裝libglib, libpcap, libpcre
$ sudo apt-get install libglib2.0-dev libpcap-dev libpcre3-dev
3)下載libfixbuf
$ sudo mkdir /usr/local/src/netsa
$ sudo chown USER.USER /usr/local/src/netsa
$ cd /usr/local/src/netsa
$ wget http://tools.netsa.cert.org/releases/libfixbuf-1.2.0.tar.gz
4)安裝libfixbuf
$ tar zxvf libfixbuf-1.2.0.tar.gz
$ cd libfixbuf-1.2.0
$ ./configure
$ make
$ sudo make install
5)下載yaf
$ cd /usr/local/src/netsa
$ wget http://tools.netsa.cert.org/releases/yaf-2.3.2.tar.gz
6)安裝yaf
$ tar zxvf yaf-2.3.2.tar.gz
$ cd yaf-2.3.2
$ ./configure --enable-applabel
$ make
$ sudo make install
7)配置yaf
$ sudo cp /usr/local/src/netsa/yaf-2.3.2/etc/yaf.conf /usr/local/etc/
修改yaf.conf的如下內容:
ENABLED=TRUE
YAF_CAP_IF=eth1
$sudo ldconfig
參考文獻:http://davelowe.com.au/network-security-monitoring/installing-yaf-on-ubuntu-server-12-10/
$ cd libfixbuf-1.2.0
$ ./configure
$ make
$ sudo make install