NetoFlow Installation
Overview
NetoFlow Connector is software that customers can run on premises which accepts all supported versions of flow on a single configurable UDP port and delivers the parsed flow data to the Netography cloud via HTTPS. It currently supports Netflow versions 5, 9 and 10(IPFIX) and Sflow version 5. Optionally, flow can be tee’d to other flow collection platforms.
Installation
Step 1. Device Setup in
Log into the Netography portal and add your devices first. You will need to know the devices’ flow sending IP addresses.
Step 2. NetoFlow Connector Authentication
The NetoFlow Connector supports two authentication methods: API keys or username/password.
Using API Keys
You can create a Netography API key to use API keys for NetoFlow Connector authentication.
Using a NetoFlow User Account:
We recommend creating a dedicated user using the "NetoFlow" role in your Netography portal account specifically for use with the NetoFlow Connector. These credentials will be required to configure the NetoFlow Connector.
Step 3. Setup Package Repository
These packages have not been tested in containers.
OS Support
EL7 yum packages have been tested with Centos 7, RHEL7 and AWS Linux2. Since the only external requirement is pcap, these packages may work on other flavors but have not been tested.
EL7 Instructions
rpm --import https://netography-repo.s3.amazonaws.com/RPM-GPG-KEY-netography
#sudo wget -O /etc/yum.repos.d/netography.repo https://netography-repo.s3.amazonaws.com/yum/el/7/x86\_64/yum.repo
Debian / Ubuntu Instructions
# sudo sh -c '/bin/echo "deb [arch=amd64] https://netography-repo.s3.amazonaws.com/apt/ stable main" > /etc/apt/sources.list.d/netography.list'
# cd /etc/apt/trusted.gpg.d/
# wget https://netography-repo.s3.amazonaws.com/DEB-GPG-KEY-netography.gpg
# apt-get update
Step 4. Install the package
The package can be installed via yum on EL/RH variants like such:
# yum install netoflow
or Debian/Ubuntu with apt-get:
#apt-get install netoflow
The following files will be installed:
/etc/systemd/system/netoflow.service
/usr/local/bin/netoflow
/etc/netoflow.conf.example
**package will pull in libpcap as a dependency
**Installation will enable the service to run at boot but it will not start the service.
Step 5. Setup configuration
The defaults in the sample config provided with the RPM (/etc/netoflow.conf.example) should be sufficient for most deployments. Remember to update the configuration lines below with the credentials created in step 2.
Refer to the Netoflow User Guide for additional configuration options/recommendations.
API Keys:
[endpoint]
customer = “PortalShortName”
appname = “APINameFromPortal”
appkey = “APIKeyFromPortal”
sharedsecret = “xxxxYourSecretxxxx”
Netoflow User Account:
[endpoint]
user = “[email protected]”
pass = “xxxxYourSecretxxxx”
Copy the sample configuration over to /etc/netoflow.conf
#cp /etc/netoflow.conf.example /etc/netoflow.conf
Step 6. Syslog configuration
Syslog in netoflow uses the socket so if you’re using rsyslog, make sure it’s enabled and has the appropriate log levels going where you want in /etc/rsyslog.conf
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
Also, if you would like debug level logging, on most enterprise linux distros that will not be sent anywhere by default so add kern.debug to the appropriate log file like such:
kern.debug;\*.info;mail.none;authpriv.none;cron.none /var/log/messages
Then restart:
# sudo systemctl restart rsyslog.service
Step 7. Start the NetoFlow Connector
# systemctl start netoflow.service
Step 8. Set the NetoFlow Connector to start at boot (optional)
If you would like the NetoFlow Connector to run at boot time, you must run the following command:
# systemctl enable netoflow.service
Updated about 1 month ago