Install NetoFlow (Linux package)
Installing NetoFlow is part of the steps to Ingest NetFlow/sFlow via the NetoFlow Connector.
Deployment Options
NetoFlow is available as a Docker-compatible container or a Linux software package. To deploy the container, see: Install NetoFlow (container)
Supported Platforms
NetoFlow software packages are provided in these formats:
- x86_64 EL7 and EL8 RPM packages available via yum
- EL7 packages are compatible with CentOS 7, RHEL 7, and Amazon Linux 2
- EL8 packages are compatible with CentOS 8 and RHEL 8
- Most other Linux distributions that use EL7 or EL8 packages will also work
- x86_64 Debian package available via apt-get
- Debian, Ubuntu, and other Linux distributions using Debian package management
Selecting a deployment option
Netography recommends deploying the container for most customers. Containers provide isolation that ensures NetoFlow will operate properly and simplifies the deployment process. The software package is best suited for organizations with a standard Linux build that meets your internal security and compliance requirements.
Installing the Linux Software Package
Step 1. Setup Package Repository
CentOS 8 / RHEL 8 / EL8 - RPM / yum Instructions
rpm --import https://netography-repo.s3.amazonaws.com/RPM-GPG-KEY-netography
sudo wget -O /etc/yum.repos.d/netography.repo https://netography-repo.s3.amazonaws.com/yum/el/8/x86\_64/yum.repo
CentOS 7 / RHEL 7 / EL8 - RPM / yum Instructions
rpm --import https://netography-repo.s3.amazonaws.com/RPM-GPG-KEY-netography
sudo wget -O /etc/yum.repos.d/netography.repo https://netography-repo.s3.amazonaws.com/yum/el/7/x86\_64/yum.repo
Debian / Ubuntu - apt-get Instructions
sudo sh -c '/bin/echo "deb [arch=amd64] https://netography-repo.s3.amazonaws.com/apt/ stable main" > /etc/apt/sources.list.d/netography.list'
cd /etc/apt/trusted.gpg.d/
wget https://netography-repo.s3.amazonaws.com/DEB-GPG-KEY-netography.gpg
apt-get update
Step 2. Install the package
yum install
yum install netoflow
apt-get install
apt-get install netoflow
The installation will write the following files:
/etc/systemd/system/netoflow.service
/usr/local/bin/netoflow
/etc/netoflow.conf.example
The installation will pull in libpcap
as a dependency.
Installation will enable the service to run at boot, but it will not start the service.
Step 3. Configure NetoFlow
You can run NetoFlow with the default configuration, which should be sufficient for most deployments, or modify the configuration following these steps.
NetoFlow uses a layered configuration that will read configuration from the /etc/netoflow.conf
file, if it exists, and from environment variables next (environment variables take precedence).
Refer to Configuring NetoFlow for details on configuration options.
3a. Copy /etc/netoflow.conf.example
to /etc/netoflow.conf
/etc/netoflow.conf.example
to /etc/netoflow.conf
cp /etc/netoflow.conf.example /etc/netoflow.conf
3b. Create a Fusion API key
You will need to Create a Netography API Key in the Fusion Portal, using the neto_flow
role. Copy the netosecret
value provided when creating the key.
Using a secrets vault is the most secure approach for storing this secret
For production deployments, you should store this value in a secrets vault and have it set the value to this environment variable: NETO__ENDPOINT__NETOSECRET
Setting the secret in your local environment
You can also set it directly in your local environment to the variable: NETO__ENDPOINT__NETOSECRET
NETO__ENDPOINT__NETOSECRET="REPLACEME"
export NETO__ENDPOINT__NETOSECRET
Setting the secret in the /etc/netoflow.conf
file
/etc/netoflow.conf
fileFor testing purposes or where the system itself is a single-purpose dedicated and secured system, you can also set the netosecret
value in the /etc/netoflow.conf
file, in the [endpoint]
section:
[endpoint]
netosecret = "" # API key encoded as netosecret
Step 4. Syslog configuration
Syslog in netoflow uses the socket, so if you’re using rsyslog, make sure it’s enabled and has the appropriate log levels going where you want in /etc/rsyslog.conf
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
Also, if you would like debug level logging, on most enterprise Linux distributions that will not be sent anywhere by default, so add kern.debug
file to the appropriate log settings:
kern.debug;\*.info;mail.none;authpriv.none;cron.none /var/log/messages
Then restart:
sudo systemctl restart rsyslog.service
Step 5. Start the NetoFlow Connector
systemctl start netoflow.service
Step 6. Set the NetoFlow Connector to start at boot
If you would like the NetoFlow Connector to run at boot time, you must run the following command:
systemctl enable netoflow.service
Updated about 2 months ago