Hortonworks Cybersecurity Platform
Also available as:
PDF
loading table of contents...

Using Fastcapa

You can use the Fastcapa tool to capture high-volume data flow.

  1. Create a configuration file that, at a minimum, specifies your Kafka broker:
    [kafka-global]
    metadata.broker.list = kafka-broker1:9092
    
    You can view the example configuration file conf/fastcapa.conf to learn other useful parameters.
  2. If the capture device is not bound, bind it:
    ifdown enp9s0f0
    modprobe uio_pci_generic
    $DPDK_HOME/sbin/dpdk-devbind --bind=uio_pci_generic "09:00.0"
  3. Run Fastcapa:
    fastcapa -c 0x03 --huge-dir /mnt/huge_1GB -- -p 0x01 -t pcap -c /etc/fastcapa.conf
    
  4. Terminate Fastcapa and clear the queue by usingSIGINT or by typing CTRL-C.
    The probe will cleanly shut down all of the workers and allow the backlog of packets to drain.
    To terminate the process without clearing the queue, use SIGKILL or enterkillall -9 fastcapa.