Ubuntu
Netify for Ubuntu
Requirements
You will need to install Ubuntu on a system with at least 2 network cards:
- Network Interface #1: used to access the operating system and Netify
- Network Interface #2: used to ingest port mirror traffic from LAN segment 1
- Network Interface #N: used to ingest port mirror traffic from LAN segment N (optional)
Netify should have a route to the Internet in order to send metadata to our Netify cloud engine.
Installation
Up-to-date Netify packages are maintained in our Ubuntu repository.
lsb_release -a
Ubuntu 20.04 LTS
sudo apt-get update
sudo apt-get install curl gnupg2
curl http://download.netify.ai/netify/ubuntu/apt-gpg-key-netify.asc -o Netify.gpg
sudo apt-key add - < Netify.gpg
echo 'deb http://download.netify.ai/netify/ubuntu/focal/ /' > /tmp/netify.list
sudo mv /tmp/netify.list /etc/apt/sources.list.d/netify.list
sudo apt-get update
sudo apt-get -y install netifyd
Ubuntu 22.04 LTS
sudo apt-get update
sudo apt-get install curl gnupg2
curl http://download.netify.ai/netify/ubuntu/apt-gpg-key-netify.asc -o Netify.gpg
sudo apt-key add - < Netify.gpg
echo 'deb http://download.netify.ai/netify/ubuntu/jammy/ /' > /tmp/netify.list
sudo mv /tmp/netify.list /etc/apt/sources.list.d/netify.list
sudo apt-get update
sudo apt-get -y install netifyd
Configuration
Network Configuration
You will need at least two network cards configured. Unfortunately, Netplan has a limitation at the current time which prevents interfaces from coming up without an assigned IP. Since the mirror port requires exactly this state, Netplan is not currently supported. Instead, install the legacy ifupdown package.
sudo apt install ifupdownEdit /etc/network/interfaces. A sample configuration is provided below for a server having 4 physical network cards. ens32 is being used as the control/reporting port while ens33, ens34 and ens35 are configured to ingest mirrored flows from the switch on any of three LAN segments.
auto ens32
iface ens32 inet dhcp
auto ens33
iface ens33 inet manual
up ifconfig ens33 up
auto ens34
iface ens34 inet manual
up ifconfig ens34 up
auto ens35
iface ens35 inet manual
up ifconfig ens35 upReboot the server to test your configuration/network settings.
Next, edit /etc/default/netifyd to disable auto-detect of the interface roles and manually configure the interfaces to run DPI through. Again, an example is provided below.
# Netify Agent command-line options
# Copyright (C) 2016-2019 eGloo, Incorporated
#
# This is free software, licensed under the GNU General Public License v3.
#
# See the netifyd(8) manual for common options.
# Auto-detect (when possible) network interface roles (yes/no)?
NETIFYD_AUTODETECT="no"
# Set desired custom options here:
# NETIFYD_EXTRA_OPTS=""
# Define internal network interfaces and if needed, corresponding network
# addresses. Normally network addresses are discovered via Netlink but for
# cases where Netlink is unavailable or when capturing from a mirrored port,
# they should be specified as a comma-delimited list as shown below:
# NETIFYD_INTNET="eth1 eth2 eth3,192.168.0.0/24,10.0.0.0/16"
NETIFYD_INTNET="ens33 ens34 ens35"
# Define external network interfaces. For PPPoE interfaces, you can optionally
# specify the associated physical ethernet interface to set the MAC address.
# NETIFYD_EXTNET="eth4 ppp0,eth5"The final step is to enable the Netify daemon to report metadata back to the Netify Informatics cloud sink, restart the daemon and configure it to start on boot.
sudo /usr/sbin/netifyd --enable-sink
sudo systemctl restart netifyd
sudo systemctl enable netifydProvisioning
With the Netify service installed, configured and running, it is time to provision your unique install. You will first need to fetch the provision code from your Netify Agent install using the following command:
# netifyd -p
Agent UUID: AA-BB-CC-DD
Once you have the provisioning code, you will need to create a Netify account (if you don't have one already) and run through the simple provisioning wizard. Once complete, metadata and analysis will start to be available in under a minute.