ElastiFlow is a great open source NetFlow analyzer that works with Elastic Stack (formerly ELK Stack). Of all the netflow tools I’ve tested it has, by far, the best visualizations. However, if like me you aren’t familiar with Elastic Stack the setup can be rather intimidating. In this tutorial, I hope to make it easier for you and everyone who wants to use this awesome tool.
This tutorial is broken up into 4 parts. One for installing the Ubuntu server. One for installing and configuring Elastic Stack. One on how to implement ElastiFlow on top of it all. And finally one on how to properly maintain the solution.
Part 1: Installing Ubuntu
Part 2: Installing Elastic Stack
Part 3: Install ElastiFlow
Part 4: Solution Maintenance (coming soon)
Install and Setup of Ubuntu Server 18.04
I performed my installation of Ubuntu Sever using the latest version of 18.04 on a Hyper-V virtual machine (VM), but the instructions will be the same regardless of what hypervisor you are using. The VM had 40GB hard drive and 4GB of RAM.
Install Ubuntu 18.04
- Download Ubuntu server https://www.ubuntu.com/download/server
Note: I found downloading the BitTorrent was actually much faster than downloading directly from the Ubuntu servers. https://www.ubuntu.com/download/alternative-downloads - Create a new VM with a 40GB hard disk and at least 4GB of RAM.
- Insert the install media and start the VM.
- Select your preferred language
Image may be NSFW.
Clik here to view.
- Select your keyboard layout
Image may be NSFW.
Clik here to view. - Choose Install Ubuntu
Image may be NSFW.
Clik here to view. - At this set you have the choose to stick with DHCP or use a static address. If you choose to use a static address it is best to set it up now, as it provides a nice easy interface to set it here.
Image may be NSFW.
Clik here to view. Image may be NSFW.
Clik here to view. Image may be NSFW.
Clik here to view. - Configure a proxy address if required
Image may be NSFW.
Clik here to view. - On the Filesystem setup screen select Use An Entire Disk
Image may be NSFW.
Clik here to view. - Press Enter to accept the default disk
Image may be NSFW.
Clik here to view. - Select Done
Image may be NSFW.
Clik here to view. - Select Continue
Image may be NSFW.
Clik here to view. - Create a name for your server and setup the username and password for the root user
Image may be NSFW.
Clik here to view. - Wait for the installation to complete
Image may be NSFW.
Clik here to view. - When prompted select Reboot Now
Image may be NSFW.
Clik here to view. - If prompted eject the installation media from the VM and press Enter to continue booting
Image may be NSFW.
Clik here to view.
Setup Ubuntu for ElastiFlow
If you set your IP address during the installation process the only remaining setup action is to install and configure SSH. This will allow you to use a tool like Putty to connect to the server and more easily configure the items in part 2 and 3. (copy and paste FTW!)
- Log into the VM using the username and password you created during the setup process
- Install SSH using the command below:
sudo add-apt-repository -y ssh
- Start the SSH service so you can connect to the server
service ssh status
- On another computer open your preferred SSH client. I recommend PuTTY if you don’t have one. (https://www.putty.org/)
- Enter the IP address of your server, set the port to 22, select SSH connection type, and click OK
Image may be NSFW.
Clik here to view.![]()
- If you receive a Security Warning click Yes
Image may be NSFW.
Clik here to view.![]()
You are now all set to start the installation process.