Docs

Install NetoFlow (Linux package)

Suggest Edits

Installing NetoFlow is part of the steps to Ingest NetFlow/sFlow via the NetoFlow Connector.

Deployment Options

NetoFlow is available as a Docker-compatible container or a Linux software package. To deploy the container, see: Install NetoFlow (container)

Supported Platforms

NetoFlow software packages are provided in these formats:

  • x86_64 EL7 and EL8 RPM packages available via yum
    • EL7 packages are compatible with CentOS 7, RHEL 7, and Amazon Linux 2
    • EL8 packages are compatible with CentOS 8 and RHEL 8
    • Most other Linux distributions that use EL7 or EL8 packages will also work
  • x86_64 Debian package available via apt-get
    • Debian, Ubuntu, and other Linux distributions using Debian package management

⚖️

Selecting a deployment option

Netography recommends deploying the container for most customers. Containers provide isolation that ensures NetoFlow will operate properly and simplifies the deployment process. The software package is best suited for organizations with a standard Linux build that meets your internal security and compliance requirements.

Installing the Linux Software Package

Step 1.  Setup Package Repository

CentOS 8 / RHEL 8 / EL8 - RPM / yum Instructions

rpm --import https://netography-repo.s3.amazonaws.com/RPM-GPG-KEY-netography
sudo wget -O /etc/yum.repos.d/netography.repo https://netography-repo.s3.amazonaws.com/yum/el/8/x86\_64/yum.repo

CentOS 7 / RHEL 7 / EL8 - RPM / yum Instructions

rpm --import https://netography-repo.s3.amazonaws.com/RPM-GPG-KEY-netography
sudo wget -O /etc/yum.repos.d/netography.repo https://netography-repo.s3.amazonaws.com/yum/el/7/x86\_64/yum.repo

Debian / Ubuntu - apt-get Instructions

sudo sh -c '/bin/echo "deb [arch=amd64] https://netography-repo.s3.amazonaws.com/apt/ stable main" > /etc/apt/sources.list.d/netography.list'
cd /etc/apt/trusted.gpg.d/
wget https://netography-repo.s3.amazonaws.com/DEB-GPG-KEY-netography.gpg
apt-get update

Step 2.  Install the package

yum install

yum install netoflow

apt-get install

apt-get install netoflow

The installation will write the following files:

  • /etc/systemd/system/netoflow.service
  • /usr/local/bin/netoflow
  • /etc/netoflow.conf.example

The installation will pull in libpcap as a dependency.

Installation will enable the service to run at boot, but it will not start the service.

Step 3.  Configure NetoFlow

You can run NetoFlow with the default configuration, which should be sufficient for most deployments, or modify the configuration following these steps.

NetoFlow uses a layered configuration that will read configuration from the /etc/netoflow.conf file, if it exists, and from environment variables next (environment variables take precedence).

Refer to Configuring NetoFlow for details on configuration options.

3a. Copy /etc/netoflow.conf.example to /etc/netoflow.conf

cp /etc/netoflow.conf.example /etc/netoflow.conf

3b. Create a Fusion API key

You will need to Create a Netography API Key in the Fusion Portal, using the neto_flowrole. Copy the netosecret value provided when creating the key.

Using a secrets vault is the most secure approach for storing this secret

For production deployments, you should store this value in a secrets vault and have it set the value to this environment variable: NETO__ENDPOINT__NETOSECRET

Setting the secret in your local environment

You can also set it directly in your local environment to the variable: NETO__ENDPOINT__NETOSECRET

NETO_ENDPOINT_NETOSECRET="REPLACEME"
export NETO_ENDPOINT_NETOSECRET

Setting the secret in the /etc/netoflow.conf file

For testing purposes or where the system itself is a single-purpose dedicated and secured system, you can also set the netosecret value in the /etc/netoflow.conf file, in the [endpoint] section:

[endpoint]
netosecret       = ""  # API key encoded as netosecret

Step 4.  Syslog configuration

Syslog in netoflow uses the socket, so if you’re using rsyslog, make sure it’s enabled and has the appropriate log levels going where you want in /etc/rsyslog.conf

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

Also, if you would like debug level logging, on most enterprise Linux distributions that will not be sent anywhere by default, so add kern.debug file to the appropriate log settings:

kern.debug;\*.info;mail.none;authpriv.none;cron.none /var/log/messages

Then restart:

sudo systemctl restart rsyslog.service

Step 5.  Start the NetoFlow Connector

systemctl start netoflow.service

Step 6.  Set the NetoFlow Connector to start at boot

If you would like the NetoFlow Connector to run at boot time, you must run the following command:

systemctl enable netoflow.service

Updated 5 days ago