Netify for CentOS

Requirements

If you have network switches with port mirroring capabilities, you can connect the port to a standalone Netify agent. You can install the agent on CentOS on a baremetal appliance or inside a virtual machine.
Netify with Port Mirroring

You will need to install CentOS on a system with at least 2 network cards:

  • Network Interface #1: used to access the operating system and Netify
  • Network Interface #2: used to ingest port mirror traffic from LAN segment 1
  • Network Interface #N: used to ingest port mirror traffic from LAN segment N (optional)

Netify should have a route to the Internet in order to send metadata to our Netify cloud engine.

Installation

CentOS 7

Up-to-date Netify packages are maintained in our CentOS repository. To install the package, run:

sudo rpm --import http://download.netify.ai/netify/centos/`rpm --eval '%{centos_ver}'`/stable/RPM-GPG-KEY-netify
sudo wget -O /etc/yum.repos.d/netify.repo http://download.netify.ai/netify/centos/`rpm --eval '%{centos_ver}'`/netify.repo
sudo yum install netifyd

CentOS 6

Sorry, we no longer support CentOS 6

Configuration

Network Configuration

You will need two network cards configured. Feel free to configure the network in CentOS using your preferred tools and methods. In our lab, we use the following /etc/sysconfig/network-scripts network configuration for eth0 and eth1:

# Network configuration for accessing CentOS and Netify 
DEVICE=eth0
TYPE="Ethernet"
ONBOOT="yes"
BOOTPROTO="static"
IPADDR="192.168.55.50"
NETMASK="255.255.255.0"
GATEWAY="192.168.55.1"
DNS1="8.8.8.8"
DNS2="8.8.4.4"
# Network configuration for ingesting port mirror traffic
DEVICE=eth1
ONBOOT="yes"
BOOTPROTO="none"

Netify Configuration

Netify needs to distinguish between internal and external network traffic. In CentOS, you can define your network in the /etc/sysconfig/netifyd file. Please don't forget to set NETIFYD_AUTODETECT to "no"!

# Disable auto-detect.
NETIFYD_AUTODETECT="no"

# Disable NAT detection - not needed for mirror port mode.
NETIFYD_EXTRA_OPTS="-t"

# Define internal network interfaces and networks.
# For example, eth1 receives mirror port traffic for local network 192.168.55.0.24 and 10.0.0.0/16:
NETIFYD_INTNET="eth1,192.168.55.0/24,10.0.0.0/16"

Start

With the installation and setup completed, you can now start and enable Netify:

sudo netifyd --enable-sink
sudo systemctl start netifyd
sudo systemctl enable netifyd

Provisioning

With the Netify service installed, configured and running, it is time to provision your unique install. You will first need to fetch the provision code from your Netify Agent install using the following command:

# netifyd -p
Agent UUID: AA-BB-CC-DD

Once you have the provisioning code, you will need to create a Netify account (if you don't have one already) and run through the simple provisioning wizard. Once complete, metadata and analysis will start to be available in under a minute.

Provision Agent