Flow data is a critical piece of understanding how your network works what what it is actively doing. It also provides a great baseline and capacity planning tool. However, some of the more feature rich NetFlow and/or sFlow collectors can be quite daunting in their cost and/or complexity to install. ElastiFlow is a great alternative for flow analytics and is built on the well traveled and robust ElasticStack, meaning, its back end is well documented, well supported, and scales exceptionally well. For those that would like to play around with this but don’t want to take the time to install it (see below for the instruction set I used), I have provided a simple VM to toy around with.
Included here is a vanilla Ubuntu 18 LTS VM with a basic Elastiflow install. This includes all of the components of an ElasticStack plus the front end pieces of the ElastiFlow project. Most of the install is based on this how-to.
Included in the image is also a base install of NGINX and certbot so that you can reverse proxy the access and have a valid SSL certificate. There are a plethora of guides on how to accomplish that task on the internet.
This was build and validated on Proxmox 6.0.6 but should be able to run on VMWare as well with a bit of qemu-img conversion. As expected, ElastiFlow (and ElasticStack) are fairly resource hungry. 16G of Memory and a handful of CPU cores is the bare minimum to run this with any real efficiency. Additionally, Ubuntu 18 has changed how the networking is setup - it is all located in /etc/netplan/ now.
Login Information:
User Name: root Password: elastiflow Privileged user: elastiflow Password: elastiflow
Default IP addresses:
10.255.255.5⁄27 2001:db8:ffff:2::5⁄64
Download the image here.