We offer automated install script which will install binary rpm and deb packages relevant for following Linux distributions (x86_64 only):
- Ubuntu 14.04, 16.04, 18.04, 20.04
- Debian 8, 9, 10
- CentOS 6, 7, 8
You need to install perl and wget tools before starting this script.
wget https://raw.githubusercontent.com/pavel-odintsov/fastnetmon/master/src/fastnetmon_install.pl -Ofastnetmon_install.pl sudo perl fastnetmon_install.pl
As next step it’s required to add all of your networks in CIDR notation (126.96.36.199/24) to the file /etc/networks_list in the form of one prefix per line. To ignore some network you may add them in /etc/networks_whitelist using the same format.
After that I recommend carefully reviewing each line in /etc/fastnetmon.conf and changing them according to your needs. To enable Netflow, sFlow, SPAN support you will need to enable options netflow, sflow, mirror_afpacket accordingly.
By default, FastNetMon will block any your host which exceed 1000 Mbits or 20.000 packets per second, you may change these values in “Limits for DoS/DDoS attacks” section of configuration file.
To apply changes, you need to restart FastNetMon:
sudo service fastnetmon restart
To monitor FastNetMon’s performance you can use client:
If something goes wrong, please check logs:
tail -n 1000 /var/log/fastnetmon.log
When an incoming or outgoing attack occurs, the program calls a bash script twice (if it exists):
The first time when threshold exceed (at this step we know IP, direction and power of attack). Second when we collect 100 packets for detailed audit of what happened.
A sample script is provided and can be installed as follows:
wget https://raw.githubusercontent.com/pavel-odintsov/fastnetmon/master/src/notify_about_attack.sh -O/usr/local/bin/notify_about_attack.sh chmod 755 /usr/local/bin/notify_about_attack.sh
After downloading the file, you need to open it and configure the ’email_notify’ option as required. You can use an alternative python script from here.
To be in touch with our project, we recommend checking our GitHub page and subscribing to our community support channels: