Posting this for anyone interested in using a Raspberry PI as a flow collector for Stealthwatch. We created a very lightweight version of our software. It can create flows if the eth port is attached to a SPAN or you can forward NetFlow/IPFIX to it. I would recommend keeping device counts under 100.
If you use the image from dropbox, the username I set is "pi", the password is "stealthwatch". More instructions are in the attached word doc.
Cisco Employees get to keep their SWC account as long as it is being used - https://www.cisco.com/c/en/us/products/security/stealthwatch/stealthwatch-cloud-free-offer.html
Cheers - John
Package Install on existing PI (not a full image)
sudo apt-get install tcpdump
sudo apt-get update && sudo apt-get install -y libglib2.0-0 liblzo2-2 libltdl7 libpcap0.8 zlib1g
sudo dpkg -i ona-service_RaspbianJessie_armhf.deb
sudo dpkg -i netsa-pkg_raspbian.deb
Image for a PI3
Image for a PI4
... View more