In our continuing series of HOWTOs, today we are getting some data into our Gravwell instance setup in Getting Gravwell Installed in 2 Minutes
As with install, setting up your data ingesters is quick and easy.
Part 2: Data Ingest Setup
(Collect all the things)
We'll be downloading and configuring our first data ingest today! A current list can always be found here: Quickstart-Downloads
Today we'll be looking at Netflow and PCAP. These processes are thoroughly documented at Netflow_Ingester.
Netflow Ingester Install
The process is simple and breaks down into the following steps:
-
apt install gravwell-netflow-capture
- Point netflow to the Gravwell IP and Port in network_capture.conf
And that's really it. I have an Ubiquiti EdgeRouterX at home; here's a quick setup of netflow pointing to Gravwell if needed: Quick Setup
Network Capture (PCAP) Ingester Install
This process is also easy and breaks down as follows:
-
apt install gravwell-network-capture
- Check out network_capture.conf
In my lab I have a whole bunch of Internet of Sh!t traffic SPAN'd to ens192. Which makes for some fun queries and dashboards!
Here's a quick video tying it all together:
In Part 3, we'll do a quick walk-through and check out all that sweet sweet data. If you'd like to follow along and see how Gravwell can empower you on your analytical journey, It's as easy as signing up for a free trial and giving it a try.
If you ever need help or want to talk use cases click the button below:
Loves ICS, brewing and dissecting data.