You can use the pycapa tool to capture low-volume data flow.
-
Install system dependencies including the core development tools, Python libraries
and header files, and Libpcap libraries and header files.
On CentOS 7+, you can install these requirements using the following
command:
yum -y install "@Development tools" python-devel libpcap-devel
*** In a previous version of these installation instructions, we installed the
following packages: epel-release, centos-release-scl, "@Development tools", python
27, python27-scldevel, python27-python-virtualenv libpcap-devel, and
libselinux-python. The current installation lists much fewer packages. Are the
rest of the packages no longer necessary? ***
-
Install Librdkafka at your chosen $PREFIX:
export PREFIX=/usr
wget https://github.com/edenhill/librdkafka/archive/v0.11.5.tar.gz -O - | tar -xz
cd librdkafka-0.11.5/
./configure --prefix=$PREFIX
make
make install
-
Add Librdkafka to the dynamic library load path.
echo "$PREFIX/lib" >> /etc/ld.so.conf.d/pycapa.conf
ldconfig -v
-
Install Pycapa.
This step assumes that you already have the HCP source code installed on the
host.
cd metron/metron-sensors/pycapa
pip install -r requirements.txt
python setup.py install
- Start the pycapa packet capture producer:
cd ${PYCAPA_HOME}/pycapa-venv/bin
pycapa --producer --topic pcap -i $ETH_INTERFACE -k $KAFKA_HOST:6667