Set up pycapa

You can use the pycapa tool to capture low-volume data flow.

PYCAPA_HOME=/opt/pycapa
PYTHON27_HOME =/opt/rh/python27/root

1. Install the following packages:

   epel-release
   centos-release-scl
   "@Development tools"
   python27
   python27-scldevel
   python27-python-virtualenv
   libpcap-devel
   libselinux-python

   For example:

   yum -y install epel-release centos-release-scl 
   yum -y install "@Development tools" python27 python27-scldevel python27-python-virtualenv libpcap-devel libselinux-python

2. Set up the following directory:

   mkdir $PYCAPA_HOME && chmod 755 $PYCAPA_HOME

3. Create the following virtual environment:

   export LD_LIBRARY_PATH="/opt/rh/python27/root/usr/lib64"
   ${PYTHON27_HOME}/usr/bin/virtualenv pycapa-venv

4. Copy incubator-metron/metron-sensors/pycapa from the Metron source tree into $PYCAPA_HOME on the node on which you want to install pycapa.
5. Build pycapa:

   cd ${PYCAPA_HOME}/pycapa
   activate the virtualenv
   source ${PYCAPA_HOME}/pycapa-venv/bin/activate
   pip install -r requirements.txt
   python setup.py install

6. Start the pycapa packet capture producer:

   cd ${PYCAPA_HOME}/pycapa-venv/bin
   pycapa --producer --topic pcap -i $ETH_INTERFACE -k $KAFKA_HOST:6667