# Install NetoFlow (Linux package)

Installing NetoFlow is part of the steps to [Ingest NetFlow/sFlow via the NetoFlow Connector](/ingest-network-traffic-logs/netflow-sflow/traffic-source-netoflow.md).

## Deployment Options <a href="#deployment-options" id="deployment-options"></a>

NetoFlow is available as a Docker-compatible container or a Linux software package. To deploy the container, see: [Install NetoFlow (container)](/netoflow-connector/install-container.md)

### Supported Platforms <a href="#supported-platforms" id="supported-platforms"></a>

NetoFlow software packages are provided in these formats:

* x86\_64 EL7 and EL8 RPM packages available via **yum**
  * EL7 packages are compatible with CentOS 7, RHEL 7, and Amazon Linux 2
  * EL8 packages are compatible with CentOS 8 and RHEL 8
  * Most other Linux distributions that use EL7 or EL8 packages will also work
* x86\_64 Debian package available via **apt-get**
  * Debian, Ubuntu, and other Linux distributions using Debian package management

{% hint style="info" %}
**⚖️Selecting a deployment option**

Netography recommends deploying the container for most customers. Containers provide isolation that ensures NetoFlow will operate properly and simplifies the deployment process. The software package is best suited for organizations with a standard Linux build that meets your internal security and compliance requirements.
{% endhint %}

## Installing the Linux Software Package <a href="#installing-the-linux-software-package" id="installing-the-linux-software-package"></a>

### Step 1. Setup Package Repository <a href="#step-1--setup-package-repository" id="step-1--setup-package-repository"></a>

**CentOS 8 / RHEL 8 / EL8 - RPM / yum Instructions**

{% tabs %}
{% tab title="Shell" %}

```
rpm --import https://netography-repo.s3.amazonaws.com/RPM-GPG-KEY-netography
sudo wget -O /etc/yum.repos.d/netography.repo https://netography-repo.s3.amazonaws.com/yum/el/8/x86\_64/yum.repo
```

{% endtab %}
{% endtabs %}

**CentOS 7 / RHEL 7 / EL8 - RPM / yum Instructions**

{% tabs %}
{% tab title="Shell" %}

```
rpm --import https://netography-repo.s3.amazonaws.com/RPM-GPG-KEY-netography
sudo wget -O /etc/yum.repos.d/netography.repo https://netography-repo.s3.amazonaws.com/yum/el/7/x86\_64/yum.repo
```

{% endtab %}
{% endtabs %}

**Debian / Ubuntu - apt-get Instructions**

{% tabs %}
{% tab title="Shell" %}

```
sudo sh -c '/bin/echo "deb [arch=amd64] https://netography-repo.s3.amazonaws.com/apt/ stable main" > /etc/apt/sources.list.d/netography.list'
cd /etc/apt/trusted.gpg.d/
wget https://netography-repo.s3.amazonaws.com/DEB-GPG-KEY-netography.gpg
apt-get update
```

{% endtab %}
{% endtabs %}

### Step 2. Install the package <a href="#step-2--install-the-package" id="step-2--install-the-package"></a>

#### yum install <a href="#yum-install" id="yum-install"></a>

{% tabs %}
{% tab title="Shell" %}

```
yum install netoflow
```

{% endtab %}
{% endtabs %}

#### apt-get install <a href="#apt-get-install" id="apt-get-install"></a>

{% tabs %}
{% tab title="Shell" %}

```
apt-get install netoflow
```

{% endtab %}
{% endtabs %}

The installation will write the following files:

* `/etc/systemd/system/netoflow.service`
* `/usr/local/bin/netoflow`
* `/etc/netoflow.conf.example`

The installation will pull in `libpcap` as a dependency.

Installation will enable the service to run at boot, but it will not start the service.

### Step 3. Configure NetoFlow <a href="#step-3--configure-netoflow" id="step-3--configure-netoflow"></a>

You can run NetoFlow with the default configuration, which should be sufficient for most deployments, or modify the configuration following these steps.

NetoFlow uses a layered configuration that will read configuration from the `/etc/netoflow.conf` file, if it exists, and from environment variables next (environment variables take precedence).

Refer to [Configuring NetoFlow](https://docs.netography.com/netoflow-connector/configure) for details on configuration options.

#### 3a. Copy `/etc/netoflow.conf.example` to `/etc/netoflow.conf` <a href="#id-3a-copy--etcnetoflowconfexample-to--etcnetoflowconf" id="id-3a-copy--etcnetoflowconfexample-to--etcnetoflowconf"></a>

`cp /etc/netoflow.conf.example /etc/netoflow.conf`

#### 3b. Create a Fusion API key <a href="#id-3b-create-a-fusion-api-key" id="id-3b-create-a-fusion-api-key"></a>

You will need to [Create a Netography API Key](https://docs.netography.com/settings/user-management/index/add-api-key) in the Fusion Portal, using the `neto_flow`role. Copy the `netosecret` value provided when creating the key.

**Using a secrets vault is the most secure approach for storing this secret**

For production deployments, you should store this value in a secrets vault and have it set the value to this environment variable: `NETO__ENDPOINT__NETOSECRET`

**Setting the secret in your local environment**

You can also set it directly in your local environment to the variable: `NETO__ENDPOINT__NETOSECRET`

```
NETO__ENDPOINT__NETOSECRET="REPLACEME"
export NETO__ENDPOINT__NETOSECRET
```

**Setting the secret in the `/etc/netoflow.conf` file**

For testing purposes or where the system itself is a single-purpose dedicated and secured system, you can also set the `netosecret` value in the `/etc/netoflow.conf` file, in the `[endpoint]` section:

{% tabs %}
{% tab title="Shell" %}

```
[endpoint]
netosecret       = ""  # API key encoded as netosecret
```

{% endtab %}
{% endtabs %}

### Step 4. Syslog configuration <a href="#step-4--syslog-configuration" id="step-4--syslog-configuration"></a>

Syslog in netoflow uses the socket, so if you’re using rsyslog, make sure it’s enabled and has the appropriate log levels going where you want in `/etc/rsyslog.conf`

{% tabs %}
{% tab title="Shell" %}

```
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
```

{% endtab %}
{% endtabs %}

Also, if you would like debug level logging, on most enterprise Linux distributions that will not be sent anywhere by default, so add `kern.debug` file to the appropriate log settings:

`kern.debug;\*.info;mail.none;authpriv.none;cron.none /var/log/messages`

Then restart:

`sudo systemctl restart rsyslog.service`

### Step 5. Start the NetoFlow Connector <a href="#step-5--start-the-netoflow-connector" id="step-5--start-the-netoflow-connector"></a>

`systemctl start netoflow.service`

### Step 6. Set the NetoFlow Connector to start at boot <a href="#step-6--set-the-netoflow-connector-to-start-at-boot" id="step-6--set-the-netoflow-connector-to-start-at-boot"></a>

If you would like the NetoFlow Connector to run at boot time, you must run the following command:

`systemctl enable netoflow.service`

### Step 7. Confirm NetoFlow is Running <a href="#step-7-confirm-netoflow-is-running" id="step-7-confirm-netoflow-is-running"></a>

`curl localhost:8080/api/v1/stats/rate`


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.fusion.vectra.ai/netoflow-connector/install-linux.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.