It was easy to send NetFlow from my Meraki MX to the Pi running the sensor code!  Thanks for sharing!

Just tried this and it works like a charm! thank you Steven for making this image available. I just ran into a small issue with the priority of the interfaces. The raspberry will default to the Eth0 interface which in my case will be used to connect to a SPAN port so when I connect Eth0 it loses internet connectivity. This can be easily solved by modifying the interface metric parameter on this file:

 /etc/dhcpcd.conf

just add the following configuration and reboot

interface eth0 metric 300

interface wlan0 metric 200

Cheers

Randall Vega

Are there any ports for Buster, Buster 64, and Ubuntu?

the commands in the dhcpcd.conf file need to be on separate lines to work correctly

interface eth0

metric 300

interface wlan0

metric 200

If image link is broken use this as alternative: 

Raspberry Pi Custom Buster Image (ONA) 

Just had to reinstall and setup my Raspberry Pi sensor - SSD card went bad with all the power hits from the weather last week - the new v3 directions worked well and the image link from stmarin that was posted also worked great - thanks! 

I got this set up very quickly thanks to your help!

I had a few questions and Stealthwatch / SWA support helped with a few more pieces of information:

Details on how to configure and manage the SWC sensor via CLI can be found here:
https://ebooks.cisco.com/story/swc-sensor-install/page/1

In particular, if you have a dynamic IP and prefer to have the sensor tied to your account directly you can edit (requires sudo):
/opt/obsrvbl-ona/config.local

And add these two lines:
OBSRVBL_HOST="https://sensor.obsrvbl.obsrvbl.com"
OBSRVBL_SERVICE_KEY="<key>"

The <key> is found in your SWC / SWA dashboard under Settings > Sensors.

After saving the file, restart the service with:
sudo service obsrvbl-ona restart

2023 Update - many of the files listed here are no longer available.  I have the .deb files and an image available internally to Cisco at the box link below.  

The .deb files should be good, as they were still sitting in the home directory from when they were downloaded when I originally followed the install instructions in 2020.  If you create a new Pi from scratch and leverage the deb files, it will be important to tweak the /etc/dhcpcd.conf and optionally the /opt/obsrvbl-ona/config.local files to get the sensor working correctly.

I attempted to create the image file from my running sensor.  It may not work as expected.  Please test it and let me know your results.  The username and password are the default pi/raspberry.

https://cisco.box.com/s/j6f918qgqa26kaabbnqbygbod7893zkl

Ona service packages have been removed from direct S3 access and have been moved behind CloudFront for better visibility.

Here are the updated commands to install:

The only change being the location of the RaspbianJessie_armhf.deb.

sudo apt-get install tcpdump

sudo apt-get update && sudo apt-get install -y libglib2.0-0 liblzo2-2 libltdl7 libpcap0.8 zlib1g

wget https://assets-production.obsrvbl.com/ona-packages/obsrvbl-ona/v5.1.1/ona-service_RaspbianJessie_armhf.deb

sudo dpkg -i ona-service_RaspbianJessie_armhf.deb

wget https://github.com/bbayles/netsa-pkg/releases/download/v0.1.18/netsa-pkg_raspbian.deb

sudo dpkg -i netsa-pkg_raspbian.deb

Is it possible for anyone to post an updated built image? Having issues.