cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Using a Raspberry PI as a Stealthwatch Cloud flow collector

1930
Views
25
Helpful
1
Comments
Cisco Employee

Posting this for anyone interested in using a Raspberry PI as a flow collector for Stealthwatch.  We created a very lightweight version of our software.  It can create flows if the eth port is attached to a SPAN or you can forward NetFlow/IPFIX to it.  I would recommend keeping device counts under 100.

 

If you use the image from dropbox, the username I set is "pi", the password is "stealthwatch".  More instructions are in the attached word doc.  

 

Cisco Employees get to keep their SWC account as long as it is being usedhttps://www.cisco.com/c/en/us/products/security/stealthwatch/stealthwatch-cloud-free-offer.html

 

Cheers - John

pi.PNG

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Package Install on existing PI (not a full image)

 

sudo apt-get install tcpdump

sudo apt-get update && sudo apt-get install -y libglib2.0-0 liblzo2-2 libltdl7 libpcap0.8 zlib1g

wget https://onstatic.s3.amazonaws.com/ona/master/ona-service_RaspbianJessie_armhf.deb

sudo dpkg -i ona-service_RaspbianJessie_armhf.deb

wget https://github.com/bbayles/netsa-pkg/releases/download/v0.1.18/netsa-pkg_raspbian.deb

sudo dpkg -i netsa-pkg_raspbian.deb

 

 

Image for a PI3

https://www.dropbox.com/s/d4v0wrtoeut2o1u/pi.img?dl=0

 

Image for a PI4

https://www.dropbox.com/s/n9lag6cs7lhzr1g/pi4.img?dl=0

 

 

1 Comment
Cisco Employee

It was easy to send NetFlow from my Meraki MX to the Pi running the sensor code!  Thanks for sharing! 11_14_47.jpg