Install NetoFlow (container)
Installing NetoFlow is part of the steps to Ingest NetFlow/sFlow via the NetoFlow Connector.
If you want to run the container without going through all the details and options, see: 🏁 Quickstart: Running the NetoFlow container.
Deployment Options
NetoFlow is available as a Docker-compatible container or a Linux software package. To deploy the Linux software package, see: Install NetoFlow (Linux package).
Supported Platforms
Docker-compatible container built for linux/amd64
hosted on Netography's public container registry
The container can be run on other platforms using Docker's cross-platform compatibility (e.g. to run it locally on a Mac with Apple silicon). However, this has a significant performance impact, so it is not recommended for production deployments.
Selecting a deployment option
Netography recommends deploying the container for most customers. Containers provide isolation that ensures NetoFlow will operate properly and simplifies the deployment process. The software package is best suited for organizations with a standard Linux build that meets your internal security and compliance requirements.
Installing the NetoFlow Container
Documentation is specific to Docker, but the container image is portable
For simplicity, all instructions in the NetoFlow documentation are specific to using Docker to pull and run the NetoFlow container. However, the container is portable across container orchestration systems. Follow the standard instructions for the container orchestration platform you are using to pull, configure, and execute in this case.
Container Image
The container image is hosted on Netography's public container registry.
For a specific version:
public.ecr.aws/netography/netoflow:VERSION_NUMBER
For the most recently released version:
public.ecr.aws/netography/netoflow:latest
To get a listing of the available versions (tags) for this container image, go to:
https://gallery.ecr.aws/netography/netoflow
Step 1. Pull the container image (optional)
You don't need to pull the container image with docker pull unless you want to ensure it is downloaded or validate the container before running it.
For a production deployment, you should use a specific version instead of latest
. This ensures consistency and stability, as latest
may change over time, while a versioned image guarantees the same environment across deployments.
Step 2. Configure NetoFlow (optional)
You can run NetoFlow with the default configuration, which should be sufficient for most deployments, and skip this step.
NetoFlow uses a layered configuration that will read configuration from the /etc/netoflow.conf
file, if it exists, and from environment variables next (environment variables take precedence).
Refer to Configuring NetoFlow for details on configuration options.
Option A: Setting configuration in netoflow.conf
netoflow.conf
1. Download the default configuration file: netoflow.conf.example
netoflow.conf.example
The default configuration file for the latest version of NetoFlow is available at:
https://neto-downloads.s3.amazonaws.com/netoflow/netoflow.conf.example
To download:
curl -O https://neto-downloads.s3.amazonaws.com/netoflow/netoflow.conf.example
2. Make a copy of the example conf file
cp netoflow.conf.example netoflow.conf
3. Modify netoflow.conf
netoflow.conf
Edit configuration settings as appropriate. See Configure NetoFlow for more details on configuration settings.
4. Map local netoflow.conf
file to /etc/netoflow.conf
in the container when running
netoflow.conf
file to /etc/netoflow.conf
in the container when runningThe docker run
command provided in step 4 includes this argument to map the conf file into your container:
--mount type=bind,source=$(pwd)/netoflow.conf,target=/etc/netoflow.conf $(pwd)/netoflow.conf:/etc/netoflow.conf
Option B: Setting configuration in environment variables
You can not set the
tees
targets
,flowfilter
, ordevice
sections in environment variables todayThese settings involve a list or array (ie multiple values), which is not parsed from environment variables today. If you are modifying these configuration settings, you must modify the
netoflow.conf
file.
Environment variable naming convention
Use this format for environment variables:
NETO__SECTION__KEY=value
NETO
is the prefix for all configuration environment variables- Replace
SECTION
with the configuration section name. This is the value in square brackets[]
in the conf file above the setting. Valid section names are:general, flow, syslog, api, sflow, tees, endpoint, proxy, filter, flowfilter, device
. - Replace
KEY
with the name of the configuration setting.
The separator used is two underscores
__
. If you use one underscore_
it won't work.
Environment variables mapping
The correct environment variable names to set for each configuration item in the netoflow.conf.example
file is shown below. You can copy these values into a local filenetoflow.env
, or pass these environment variables directly to the container when running it.
NETO__GENERAL__UDPBUFFER=1048576
NETO__GENERAL__STATSINTERVAL=60
NETO__GENERAL__FLUSHINTERVAL=5
NETO__GENERAL__FLUSHCOUNT=2000
NETO__GENERAL__RETRIES=5
NETO__GENERAL__RETRYINTERVAL=5
NETO__GENERAL__DUMPRECORDS=false
NETO__GENERAL__TEMPLATEDB="/var/tmp/netoflow.db"
NETO__GENERAL__DOWNSAMPLE=10
NETO__GENERAL__APIHOST="https://api-ingest.netography.com"
NETO__GENERAL__DEVICECREATIONURL="/api/v1/device"
NETO__GENERAL__AUDITHOST="https://api.netography.com"
NETO__GENERAL__AUDITURL="/api/v1/audit"
NETO__FLOW__LISTEN="0.0.0.0:2055"
NETO__FLOW__WORKERS=4
NETO__FLOW__QUEUE=100000
NETO__SYSLOG__LEVEL="info"
NETO__SYSLOG__SERVER="localhost:514"
NETO__API__ENABLED=true
NETO__API__PORT=8080
NETO__SFLOW__PAYLOAD=false
NETO__TEES__ENABLED=false
NETO__TEES__UPDATEINTERVAL=300
NETO__ENDPOINT__NETOSECRET=""
NETO__PROXY__ENABLED=false
NETO__PROXY__URL="http://10.0.0.1:3121"
NETO__FILTER__DEFAULT="allow"
NETO__FILTER__LOGDENY=false
Use an env file containing your settings
Use this docker run
argument to read a file netoflow.env
containing your environment variable settings (the complete docker run
command to use is in step 4 below):
--env-file netoflow.env
Set environment variables in the container when running
Instead of using an env-file, you can individually pass each environment variable using the -e
argument to docker run
. Step 4 below contains examples of the complete docker run
command to use.
-e NETO__GENERAL__RETRIES=3 -e NETO__API__ENABLED=false
If you have set these in your local environment:
-e NETO__GENERAL__RETRIES=$NETO__GENERAL__RETRIES -e NETO__API__ENABLED=$NETO__API__ENABLED
Step 3. Create a Fusion API key
You will need to Create a Netography API Key in the Fusion Portal, using the neto_flow
role.
Using a secrets vault is the most secure approach for storing this secret
For production deployments, you should store this value in a secrets vault and pass it to the NETO__ENDPOINT__NETOSECRET
environment variable for your container.
Setting the secret in your local environment
You can also set it to a local environment variable and then pass it to your running container.
NETOSECRET="REPLACEME"
export NETOSECRET
In your docker run
command, pass this to the container environment using -e NETO__ENDPOINT__NETOSECRET=$NETOSECRET
Setting the secret in the /etc/netoflow.conf
file
/etc/netoflow.conf
fileIf you are running the container on a local system or for testing purposes, you can also set the netosecret value in the /etc/netoflow.conf
file, in the [endpoint]
section:
[endpoint]
netosecret = "" # API key encoded as netosecret
Step 4. Run the container
The following configuration options are commonly used when running the container with docker run
:
-p 2055:2055
- This maps the default port netoflow listens for NetFlow and sFlow from your container to your host so you can direct netflow to the host IP.-p 8080:8080
- This maps the default port netoflow hosts the statistics API on for retrieving stats from netoflow. If you do not need anyone outside your host to access these statistics, you can omit this.-e NETO__ENDPOINT__NETOSECRET=$NETOSECRET
- Assuming you have set the netosecret API secret on your host in theNETOSECRET
environment variable, this will pass that value to the configuration setting it is read from by netoflow.--mount type=bind,source=$(pwd)/netoflow.conf,target=/etc/netoflow.conf
- If you have modified thenetoflow.conf
file on your host, this will map that file in your current working directory to/etc/netoflow.conf
in the container where it will be read for configuration.--platform linux/amd64
- This can be used to run the container on non-x86 systems (eg to test it locally on a Mac with Apple silicon). Using platform emulation in Docker can significantly impact performance, so this is not recommended for production usage.--name netoflow
- Gives the container a more easily accessible name. If you are initially configuringnetoflow
, you need to remove the container usingdocker rm netoflow
after it exits before re-running it, or you can add the--rm
argument to your docker run to have it automatically removed after it exits.-e NETO__SECTION__KEY=value
- Sets the environment variable to a value, for passing individual configuration settings to the container via environment variables.--env-file netoflow.conf
- Reads all the environment variables in the filenetoflow.conf
and sets them in the container.
docker run
example: default configuration, pass secret from host NETOSECRET
environment variable
docker run
example: default configuration, pass secret from host NETOSECRET
environment variabledocker run -e NETO__ENDPOINT__NETOSECRET="$NETOSECRET" \
-p 2055:2055 -p 8080:8080 \
--name netoflow \
--platform linux/amd64 \
public.ecr.aws/netography/netoflow:latest
docker run
example: use netoflow.conf
in current dir on host, pass secret from host NETOSECRET
environment variable
docker run
example: use netoflow.conf
in current dir on host, pass secret from host NETOSECRET
environment variabledocker run -e NETO__ENDPOINT__NETOSECRET="$NETOSECRET" \
-p 2055:2055 -p 8080:8080 \
--platform linux/amd64 \
--name netoflow \
--mount type=bind,source=$(pwd)/netoflow.conf,target=/etc/netoflow.conf \
public.ecr.aws/netography/netoflow:latest
docker run
example: all configuration is set in netoflow.env
in your local directory
docker run
example: all configuration is set in netoflow.env
in your local directorydocker run \
-p 2055:2055 -p 8080:8080 \
--platform linux/amd64 \
--name netoflow \
--env-file netoflow.conf
public.ecr.aws/netography/netoflow:latest
Updated 2 months ago