Skip to main content
Version: 2.12.0

Installing NFO on Linux

This guide provides step-by-step instructions for installing NetFlow Optimizer (NFO) on Linux systems using either the RPM package manager (recommended for RHEL-based systems) or a TAR archive. You can choose to run the installation as a root user or configure the system to run as a non-root user for enhanced security.

Prerequisites

  • Administrative Access: You must have root or sudo privileges to perform the installation.
  • System Requirements: Ensure your host meets the memory and CPU requirements outlined in the NFO Installation Guide: System Requirements & Sizing.
  • Java Dependencies: NFO package includes 64-bit Java Runtime Environment (JRE) and Tomcat.

Network & Security Settings

Ensure your firewall allows the following traffic from your trusted IP ranges:

  • TCP 22: SSH access for command-line management.
  • TCP 8443: Management UI access.
  • UDP 9995: Standard NetFlow/IPFIX ingestion (or your custom flow port).
  • UDP 161/162: If using SNMP polling or traps.

Option 1: RPM Installation

The RPM method is the standard approach for distributions such as RHEL, CentOS, and Rocky Linux.

  1. Download the Package: Obtain the nfo-<version>.x86_64.rpm file from the NetFlow Logic Downloads page.
  2. Install the Software: Execute the following command:
sudo rpm -ivh nfo-<version>.x86_64.rpm
  1. Verify Service Status: Once installed, ensure the NFO service is running:
systemctl status tomcat_nfo

If the service is not running, see the Troubleshooting Guide for diagnosis steps.

Hardened Systems: RPM digest verification error

On systems with strict security policies (e.g. FIPS mode or custom RPM digest restrictions), the installation may fail with a digest verification error. If this occurs, retry with:

sudo rpm -ivh --nodigest nfo-<version>.x86_64.rpm

--nodigest disables RPM package digest verification. Use only if required by your environment and consult your security policy before proceeding.

Option 2: TAR Archive Installation

Use this method if you are installing on a distribution that does not support RPM or if you prefer manual placement of files.

  1. Download the Archive: Obtain the nfo-<version>.x86_64.tar.gz file from the NetFlow Logic Downloads page.
  2. Extract Files: Create a directory (typically /opt/flowintegrator) and extract the archive:
mkdir -p /opt/flowintegrator
tar -xzvf nfo-<version>.x86_64.tar.gz -C /opt/
  1. Run Install Script: Navigate to the extracted directory and run the setup script:
cd /opt/flowintegrator
./setup.sh -i
note

The setup.sh script includes an optional --doNotStartServices parameter, which prevents the NFO and EDFN services from starting automatically after installation. This is useful if post-installation actions — such as updating TLS certificates or modifying the "run-as" user — are required before the services go live.

Security Hardening: Running as Non-Root

By default, NFO runs as the root user. Follow this procedure to change the "Run As" user to a non-root account (e.g., user nfo and group nfo-group).

Repeater Function Requirement

The NFO Repeater function and NFO Central require root privileges.

1. Create User and Group

sudo groupadd nfo-group
sudo useradd -g nfo-group nfo

2. Stop Services and Prepare Permissions

Switch to a root shell and stop the NFO and EDFN services:

sudo -i
systemctl stop nfi_updd.service
systemctl stop tomcat_nfo.service

Change ownership of the installation directories:

chown --recursive nfo:nfo-group /opt/flowintegrator
chown --recursive nfo:nfo-group /opt/nfi-updater

3. Modify Systemd Service Files

Update the User and Group lines in the following two files from root to nfo and nfo-group:

  • /etc/systemd/system/tomcat_nfo.service
  • /etc/systemd/system/nfi_updd.service
[Service]
User=nfo
Group=nfo-group

4. Update Daemon Scripts

Update the execution scripts to specify the new user:

  • In /opt/flowintegrator/nfi.sh: Change --tomcat-user root to --tomcat-user nfo.
  • In /opt/nfi-updater/bin/nfiu_daemon: Change -nfiu-user=root to -nfiu-user=nfo.

5. Start Services

systemctl start nfi_updd.service
systemctl start tomcat_nfo.service

Next Steps

Once the services are started, complete your setup in the web interface:

  1. Access the UI: Navigate to https://<nfo-host>:8443 in a supported browser.
  2. Apply your license: Go to Licensing and upload your license file. NFO will not ingest or process data without a valid license.
  3. Configure inputs, outputs, and modules: Set up data ingestion, destinations, and processing logic.
  4. Verify health: Use the Status page to confirm the engine is receiving and processing data.

For full administration reference, see Platform Admin.