You can use the pycapa tool to capture low-volume data flow.
-
Install system dependencies including the core development tools, Python libraries
and header files, and Libpcap libraries and header files.
yum -y install "@Development tools" python-devel libpcap-devel
-
Install Librdkafka at your chosen $PREFIX:
export PREFIX=/usr
wget https://github.com/edenhill/librdkafka/archive/v0.11.5.tar.gz -O - | tar -xz
cd librdkafka-0.11.5/
./configure --prefix=$PREFIX
make
make install
-
Add Librdkafka to the dynamic library load path.
echo "$PREFIX/lib" >> /etc/ld.so.conf.d/pycapa.conf
ldconfig -v
-
Install Pycapa.
This step assumes that you already have the CCP source code installed on the
host.
cd metron/metron-sensors/pycapa
pip install -r requirements.txt
python setup.py install
- Start the pycapa packet capture producer:
cd ${PYCAPA_HOME}/pycapa-venv/bin
pycapa --producer --topic pcap -i $ETH_INTERFACE -k $KAFKA_HOST:6667