Set up pycapa

You can use the pycapa tool to capture low-volume data flow.

  • Ensure you have installed Python 2.7
  • This installation assumes the following environment variables:
    PYTHON27_HOME =/opt/rh/python27/root
  1. Install system dependencies including the core development tools, Python libraries and header files, and Libpcap libraries and header files.
    yum -y install "@Development tools" python-devel libpcap-devel
  2. Install Librdkafka at your chosen $PREFIX:
    export PREFIX=/usr
    wget   -O - | tar -xz
    cd librdkafka-0.11.5/
    ./configure --prefix=$PREFIX
    make install
  3. Add Librdkafka to the dynamic library load path.
    echo "$PREFIX/lib" >> /etc/
    ldconfig -v
  4. Install Pycapa.
    This step assumes that you already have the CCP source code installed on the host.
    cd metron/metron-sensors/pycapa
    pip install -r requirements.txt
    python install
  5. Start the pycapa packet capture producer:
    cd ${PYCAPA_HOME}/pycapa-venv/bin
    pycapa --producer --topic pcap -i $ETH_INTERFACE -k $KAFKA_HOST:6667