ElastiFlow is a great open source NetFlow analyzer that works with Elastic Stack (formerly ELK Stack). Of all the netflow tools I’ve tested it has, by far, the best visualizations. However, if like me you aren’t familiar with Elastic Stack the setup can be rather intimidating. In this tutorial, I hope to make it easier for you and everyone who wants to use this awesome tool.
This tutorial is broken up into 4 parts. One for installing the Ubuntu server. One for installing and configuring Elastic Stack. One on how to implement ElastiFlow on top of it all. And finally one on how to properly maintain the solution.
Part 1: Installing Ubuntu
Part 2: Installing Elastic Stack
Part 3: Install ElastiFlow
Part 4: Solution Maintenance (coming soon)
Install and Setup of Ubuntu Server 18.04
I performed my installation of Ubuntu Sever using the latest version of 18.04 on a Hyper-V virtual machine (VM), but the instructions will be the same regardless of what hypervisor you are using. The VM had 40GB hard drive and 4GB of RAM.
Install Ubuntu 18.04
- Download Ubuntu server https://www.ubuntu.com/download/server
Note: I found downloading the BitTorrent was actually much faster than downloading directly from the Ubuntu servers. https://www.ubuntu.com/download/alternative-downloads - Create a new VM with a 40GB hard disk and at least 4GB of RAM.
- Insert the install media and start the VM.
- Select your preferred language
![]()
- Select your keyboard layout
![]()
- Choose Install Ubuntu
![]()
- At this set you have the choose to stick with DHCP or use a static address. If you choose to use a static address it is best to set it up now, as it provides a nice easy interface to set it here.
![]()
![]()
![]()
- Configure a proxy address if required
![]()
- On the Filesystem setup screen select Use An Entire Disk
![]()
- Press Enter to accept the default disk
![]()
- Select Done
![]()
- Select Continue
![]()
- Create a name for your server and setup the username and password for the root user
![]()
- Wait for the installation to complete
![]()
- When prompted select Reboot Now
![]()
- If prompted eject the installation media from the VM and press Enter to continue booting
![]()
Setup Ubuntu for ElastiFlow
If you set your IP address during the installation process the only remaining setup action is to install and configure SSH. This will allow you to use a tool like Putty to connect to the server and more easily configure the items in part 2 and 3. (copy and paste FTW!)
- Log into the VM using the username and password you created during the setup process
- Install SSH using the command below:
sudo add-apt-repository -y ssh
- Start the SSH service so you can connect to the server
service ssh status
- On another computer open your preferred SSH client. I recommend PuTTY if you don’t have one. (https://www.putty.org/)
- Enter the IP address of your server, set the port to 22, select SSH connection type, and click OK
![]()
- If you receive a Security Warning click Yes
![]()
You are now all set to start the installation process.