Linux
This section provides the installation steps for NetObserv Flow. Many users get started using ElastiFlow with the Elastic Stack (Elasticsearch and Kibana). To install and configure both the Elastic Stack and NetObserv Flow, step-by-step instructions are provided for both Ubuntu/Debian and RedHat/AlmaLinux.
NetObserv Flow can be installed natively on Linux. Packages are currently provided for and supported on the Linux distributions and versions listed in the following table.
Distribution | Versions |
---|---|
Ubuntu/Debian | 18.04 LTS, 20.04 LTS, 22.04 LTS |
RHEL/AlmaLinux | 8.x, 9.x |
Ubuntu/Debian Installation (deb)
The Debian package for the NetObserv Flow can be downloaded from here. It can be used for installation on most Debian-based systems such as Debian and Ubuntu.
Download the .deb
Package
The package can be downloaded using either the wget
or curl
command:
wget https://elastiflow-releases.s3.us-east-2.amazonaws.com/flow-collector/flow-collector_7.4.0_linux_amd64.deb
curl https://elastiflow-releases.s3.us-east-2.amazonaws.com/flow-collector/flow-collector_7.4.0_linux_amd64.deb --output flow-collector_7.4.0_linux_amd64.deb
Verify the Package
Checksum Verification
To ensure the downloaded file was fully downloaded and wasn't corrupted or tampered with, you can verify the provided checksum matches.
# get checksum of the downloaded file:
sha256sum flow-collector_7.4.0_linux_amd64.deb
# verify the checksum provided from the previous command matches the checksum here:
https://elastiflow-releases.s3.us-east-2.amazonaws.com/flow-collector/flow-collector_7.4.0_linux_amd64.deb.sha256
GPG Verification
ElastiFlow signs the Debian package with a GNU Privacy Guard (GPG) key. To verify the Debian package, download and import the ElastiFlow GPG public key:
# import public key into gpg keychain
curl -o- https://elastiflow-releases.s3.us-east-2.amazonaws.com/elastiflow.pgp | gpg --import -
# trust the public key
echo "6A2E26EFDE24AA7A634A442ED5C0572E5D212F6B:6:" | gpg --import-ownertrust
Next, download the signature file:
curl -SLO https://elastiflow-releases.s3.us-east-2.amazonaws.com/flow-collector/flow-collector_7.4.0_linux_amd64.deb.sig
Finally, verify the file with the signature:
gpg --verify flow-collector_7.4.0_linux_amd64.deb.sig flow-collector_7.4.0_linux_amd64.deb
Ensure that libpcap-dev
and ca-certificates
are Installed
The collector requires libpcap-dev
and ca-certificates
. Check if the packages are installed:
sudo dpkg-query -l | grep libpcap-dev
sudo dpkg-query -l | grep ca-certificates
If installed, the output will look similar to the following:
ii libpcap-dev:amd64 1.10.1-4build1 amd64 development library for libpcap (transitional package)
ii ca-certificates 20230311ubuntu0.22.04.1 all Common CA certificates
If the packages are not present, install them:
apt install libpcap-dev ca-certificates
Install the .deb
Package
There are two methods to install the NetObserv Flow package, apt
or dpkg
.
Install with apt
sudo apt install ./flow-collector_7.4.0_linux_amd64.deb
Install with dpkg
sudo dpkg -i flow-collector_7.4.0_linux_amd64.deb
RedHat/AlmaLinux Installation (rpm)
The RPM package for the NetObserv Flow can be downloaded from here. It can be used for installation on most RedHat-based systems such as RHEL and CentOS.
Download the .rpm
Package
The package can be easily downloaded using wget
or curl
:
wget https://elastiflow-releases.s3.us-east-2.amazonaws.com/flow-collector/flow-collector-7.4.0-1.x86_64.rpm
curl https://elastiflow-releases.s3.us-east-2.amazonaws.com/flow-collector/flow-collector-7.4.0-1.x86_64.rpm --output flow-collector-7.4.0-1.x86_64.rpm
Verify the Package
Checksum Verification
To ensure the downloaded file was fully downloaded and wasn't corrupted or tampered with, you can verify the provided checksum matches.
# get checksum of the downloaded file:
sha256sum flow-collector-7.4.0-1.x86_64.rpm
# verify the checksum provided from the previous command matches the checksum here:
https://elastiflow-releases.s3.us-east-2.amazonaws.com/flow-collector/flow-collector-7.4.0-1.x86_64.rpm.sha256
GPG Verification
ElastiFlow signs the RPM package with a GNU Privacy Guard (GPG) key. To verify the RPM package, download and import the ElastiFlow GPG public key:
# import public key into gpg keychain
curl -o- https://elastiflow-releases.s3.us-east-2.amazonaws.com/elastiflow.pgp | gpg --import -
# trust the public key
echo "6A2E26EFDE24AA7A634A442ED5C0572E5D212F6B:6:" | gpg --import-ownertrust
# import public key into rpm trust store
rpm --import https://elastiflow-releases.s3.us-east-2.amazonaws.com/elastiflow.pgp
Next, download the signature file:
curl -SLO https://elastiflow-releases.s3.us-east-2.amazonaws.com/flow-collector/flow-collector-7.4.0-1.x86_64.rpm.sig
Finally, verify the file with the signature:
gpg --verify flow-collector-7.4.0-1.x86_64.rpm.sig flow-collector-7.4.0-1.x86_64.rpm
Ensure that libpcap
, libpcap-devel
and ca-certificates
are Installed
The collector requires libpcap
, libpcap-devel
and ca-certificates
. Check if the packages are installed:
rpm -q libpcap libpcap-devel ca-certificates
If installed, the output will look similar to the following:
libpcap-1.9.1-5.el8.x86_64
libpcap-devel-1.9.1-5.el8.x86_64
ca-certificates-2023.2.60_v7.0.306-80.0.el8_8.noarch
If the packages are not present, install them:
RHEL 8.x based Distributions
sudo dnf --enablerepo=powertools install libpcap libpcap-devel ca-certificates -y
RHEL 9.x based Distributions
sudo dnf --enablerepo=crb install libpcap libpcap-devel ca-certificates -y