Hortonworks Cybersecurity Platform
Also available as:
PDF
loading table of contents...

Set up pycapa

You can use the pycapa tool to capture low-volume data flow.

This installation assumes the following environment variables:

PYCAPA_HOME=/opt/pycapa
PYTHON27_HOME =/opt/rh/python27/root
  1. Install the following packages:
    epel-release
    centos-release-scl
    "@Development tools"
    python27
    python27-scldevel
    python27-python-virtualenv
    libpcap-devel
    libselinux-python
    For example:
    yum -y install epel-release centos-release-scl 
    yum -y install "@Development tools" python27 python27-scldevel python27-python-virtualenv libpcap-devel libselinux-python
  2. Set up the following directory:
    mkdir $PYCAPA_HOME && chmod 755 $PYCAPA_HOME
  3. Create the following virtual environment:
    export LD_LIBRARY_PATH="/opt/rh/python27/root/usr/lib64"
    ${PYTHON27_HOME}/usr/bin/virtualenv pycapa-venv
  4. Copy incubator-metron/metron-sensors/pycapa from the Metron source tree into $PYCAPA_HOME on the node on which you want to install pycapa.
  5. Build pycapa:
    cd ${PYCAPA_HOME}/pycapa
    activate the virtualenv
    source ${PYCAPA_HOME}/pycapa-venv/bin/activate
    pip install -r requirements.txt
    python setup.py install
  6. Start the pycapa packet capture producer:
    cd ${PYCAPA_HOME}/pycapa-venv/bin
    pycapa --producer --topic pcap -i $ETH_INTERFACE -k $KAFKA_HOST:6667