# Installation on Linux {% hint style="info" %} This section provides the installation steps for NetObserv Flow. Many users get started using ElastiFlow with the Elastic Stack (Elasticsearch and Kibana). To install and configure **both** the Elastic Stack and NetObserv Flow, step-by-step instructions are provided for both [**Ubuntu/Debian**](/data_platforms/elastic/install_ubuntu.md) and [**RedHat/AlmaLinux**](/data_platforms/elastic/install_redhat.md). {% endhint %} NetObserv Flow can be installed natively on Linux. Packages are currently provided for and supported on the Linux distributions and versions listed in the following table. | Distribution | Versions | | ------------------------- | -------------------- | | Ubuntu | 22.04 LTS, 24.04 LTS | | Debian | 12 | | RHEL/RockyLinux/AlmaLinux | 8.x, 9.x | ### Ubuntu/Debian Installation (deb) The Debian package for the NetObserv Flow can be downloaded from [here](https://elastiflow-releases.s3.us-east-2.amazonaws.com/flow-collector/flow-collector_7.25.0_linux_amd64.deb). It can be used for installation on most Debian-based systems such as Debian and Ubuntu. #### Download the `.deb` Package The package can be downloaded using either the `wget` or `curl` command:

wget https://elastiflow-releases.s3.us-east-2.amazonaws.com/flow-collector/flow-collector_space.vars.current_version_linux_amd64.deb

curl https://elastiflow-releases.s3.us-east-2.amazonaws.com/flow-collector/flow-collector_space.vars.current_version_linux_amd64.deb --output flow-collector_space.vars.current_version_linux_amd64.deb

#### Verify the Package **Checksum Verification** To ensure the downloaded file was fully downloaded and wasn't corrupted or tampered with, you can verify the provided checksum matches.

# get checksum of the downloaded file:
sha256sum flow-collector_space.vars.current_version_linux_amd64.deb

# verify the checksum provided from the previous command matches the checksum here:
https://elastiflow-releases.s3.us-east-2.amazonaws.com/flow-collector/flow-collector_space.vars.current_version_linux_amd64.deb.sha256

**GPG Verification** ElastiFlow signs the Debian package with a GNU Privacy Guard (GPG) key. To verify the Debian package, download and import the ElastiFlow GPG public key: ```shell # import public key into gpg keychain curl -o- https://elastiflow-releases.s3.us-east-2.amazonaws.com/elastiflow.pgp | gpg --import - # trust the public key echo "6A2E26EFDE24AA7A634A442ED5C0572E5D212F6B:6:" | gpg --import-ownertrust ``` Next, download the signature file:

curl -SLO https://elastiflow-releases.s3.us-east-2.amazonaws.com/flow-collector/flow-collector_space.vars.current_version_linux_amd64.deb.sig

Finally, verify the file with the signature:

gpg --verify flow-collector_space.vars.current_version_linux_amd64.deb.sig flow-collector_space.vars.current_version_linux_amd64.deb

#### Ensure that `libpcap-dev` and `ca-certificates` are Installed The collector requires `libpcap-dev` and `ca-certificates`. Check if the packages are installed: ```shell sudo dpkg-query -l | grep libpcap-dev sudo dpkg-query -l | grep ca-certificates ``` If installed, the output will look similar to the following: ```shell ii libpcap-dev:amd64 1.10.1-4build1 amd64 development library for libpcap (transitional package) ii ca-certificates 20230311ubuntu0.22.04.1 all Common CA certificates ``` If the packages are not present, install them: ```shell sudo apt install libpcap-dev ca-certificates ``` #### Install the `.deb` Package There are two methods to install the NetObserv Flow package, `apt` or `dpkg`. **Install with `apt`**

sudo apt install ./flow-collector_space.vars.current_version_linux_amd64.deb

**Install with `dpkg`**

sudo dpkg -i flow-collector_space.vars.current_version_linux_amd64.deb

### RedHat/AlmaLinux Installation (rpm) The RPM package for NetObserv Flow can be downloaded [here](https://elastiflow-releases.s3.us-east-2.amazonaws.com/flow-collector/flow-collector-7.25.0-1.x86_64.rpm). It can be used for installation on most RedHat-based systems such as RHEL and CentOS. #### Download the `.rpm` Package The package can be easily downloaded using `wget` or `curl`:

wget https://elastiflow-releases.s3.us-east-2.amazonaws.com/flow-collector/flow-collector-space.vars.current_version-1.x86_64.rpm

curl https://elastiflow-releases.s3.us-east-2.amazonaws.com/flow-collector/flow-collector-space.vars.current_version-1.x86_64.rpm --output flow-collector-space.vars.current_version-1.x86_64.rpm

#### Verify the Package **Checksum Verification** To ensure the downloaded file was fully downloaded and wasn't corrupted or tampered with, you can verify the provided checksum matches.

# get checksum of the downloaded file:
sha256sum flow-collector-space.vars.current_version-1.x86_64.rpm

# verify the checksum provided from the previous command matches the checksum here:
https://elastiflow-releases.s3.us-east-2.amazonaws.com/flow-collector/flow-collector-space.vars.current_version-1.x86_64.rpm.sha256

**GPG Verification** ElastiFlow signs the RPM package with a GNU Privacy Guard (GPG) key. To verify the RPM package, download and import the ElastiFlow GPG public key: ```shell # import public key into gpg keychain curl -o- https://elastiflow-releases.s3.us-east-2.amazonaws.com/elastiflow.pgp | gpg --import - # trust the public key echo "6A2E26EFDE24AA7A634A442ED5C0572E5D212F6B:6:" | gpg --import-ownertrust # import public key into rpm trust store rpm --import https://elastiflow-releases.s3.us-east-2.amazonaws.com/elastiflow.pgp ``` Next, download the signature file:

curl -SLO https://elastiflow-releases.s3.us-east-2.amazonaws.com/flow-collector/flow-collector-space.vars.current_version-1.x86_64.rpm.sig

Finally, verify the file with the signature:

gpg --verify flow-collector- space.vars.current_version-1.x86_64.rpm.sig flow-collector-space.vars.current_version-1.x86_64.rpm

#### Ensure that `libpcap`, `libpcap-devel` and `ca-certificates` are Installed The collector requires `libpcap`, `libpcap-devel` and `ca-certificates`. Check if the packages are installed: ```shell rpm -q libpcap libpcap-devel ca-certificates ``` If installed, the output will look similar to the following: ```shell libpcap-1.9.1-5.el8.x86_64 libpcap-devel-1.9.1-5.el8.x86_64 ca-certificates-2023.2.60_v7.0.306-80.0.el8_8.noarch ``` If the packages are not present, install them: **RHEL 8.x based Distributions** ```shell sudo dnf --enablerepo=powertools install libpcap libpcap-devel ca-certificates -y ``` **RHEL 9.x based Distributions** ```shell sudo dnf --enablerepo=crb install libpcap libpcap-devel ca-certificates -y ``` #### Install/Upgrade the `.rpm` Package If installing the NetObserv Flow package for the first time, i.e. NOT upgrading, run the following:

sudo yum install -y flow-collector-space.vars.current_version-1.x86_64.rpm

If upgrading from a previously installed NetObserv Flow package, run the following:

sudo rpm -Uhv flow-collector-space.vars.current_version-1.x86_64.rpm

### Configuration The NetObserv Flow will be installed to run as a daemon managed by `systemd`. Configuration of the collector is provided via environment variables and, depending on the enabled options, via various configuration files which by default are located within `/etc/elastiflow`. To configure the NetObserv Flow, edit the file `/etc/elastiflow/flowcoll.yml`. For details on the configuration options, please refer to the [Configuration Reference](/flowcoll/configuration.md). {% hint style="info" %} At a minimum the NetObserv Flow must point to a valid data store. Additionally, source flows need to be pointed to the NetObserv Flow so it can pass those along to the data store. The most common installation uses Elasticsearch and Kibana as the data store.\ To install and configure **both** the Elastic Stack and NetObserv Flow, step-by-step instructions are provided for both [**Ubuntu/Debian**](/data_platforms/elastic/install_ubuntu.md) and [**RedHat/AlmaLinux**](/data_platforms/elastic/install_redhat.md). {% endhint %} ### Running the Collector To start the collector, execute the follow commands: ```shell sudo systemctl daemon-reload && sudo systemctl start flowcoll.service ``` To ensure the collector has started and is running, execute: ```shell sudo systemctl status flowcoll.service ``` The collector can be stopped using: ```shell sudo systemctl stop flowcoll.service ``` If you want the collector to be started automatically when the system is booted, it must be enabled: ```shell sudo systemctl enable flowcoll.service ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.elastiflow.com/flowcoll/installation/install_linux.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.