homer seven setup

HOMER 7

Overview of Components

There are quite a few components which make up a complete Homer 7 stack. Below is the list for this guide.

• HEPlify Capture Agent
• HEPlify Server
• PostgreSQL 10+
• Homer-app
• Prometheus
• VictoriaMetrics
• Grafana
• Loki and Promtail

Operating System Note

A quick note regarding the other components used in this guide. My operating system of choice is CentOS 7 for this guide. As such, I have referenced and used RPM and YUM repos wherever possible to make updating components easier in the future. This should work fine for most RedHat distributions. If you prefer to use a different Linux distribution, please adjust accordingly and/or feel free to suggest the required edits so as to make this guide as complete as possible.

---

The HEPlify Capture Agent

As anyone knows, you can't gather information without someone and/or something listening for it. The HEPlify Capture Agent does just that, then sends the data to the HEPlify-Server to be ingested and sent out to the other components of the stack.

OS and Hardware Requirements

Hardware: I built this on a physical 1U Supermicro mini server with an Atom processor and a 16GB SSD and it is running just fine. You'll need 2 NICs, one for management, and one for the mirrored port from the switch.

OS Packages:

• EPEL-Release
• The Go programming Language.
• PCAP Libraries

Install

1. Install your prerequisites.
   yum install epel-release -y
yum install go -y
yum install -y libpcap-devel

2. Clone the github repo
   git clone https://github.com/sipcapture/heplify

3. Run the make file in the cloned location with the make command.

4. Move the files to /opt/heplify path.

5. Note: Heplify capture requires root permissions to run.

Testing
You should now be able to start the heplify capture by running the heplify executable file. Output should be sent to the screen, and the heplify.log file should show the most recent information.

Service Installation

• Copy the example service file to the proper spot in the file system.
  cp /opt/heplify/example/heplify.service /etc/systemd/system/

• Modify the executable path in the file to match what you want to be capturing. This is where you would modify it to specify which physical interface to listen on, as well as what server to send the captured packets to.

• This is what the production hep capture service file looks like. Note that [interface_name] is the system name of the interface which will be listening and will be the monitor destination below.

    [Unit]
    Description=Captures packets from wire and sends them to Homer
    After=network.target
    
    [Service]
    WorkingDirectory=/opt/heplify
    ExecStart=/opt/heplify/heplify -i [interface_name] -hs [ip_of_heplify_server]:9060 -m SIPRTCP
    ExecStop=/bin/kill ${MAINPID}
    Restart=on-failure
    RestartSec=10s
    Type=simple
    
    [Install]
    WantedBy=multi-user.target
  

• Enable the service.
  systemctl daemon-reload
systemctl enable heplify
systemctl start heplify

• Validate that the service is running by using systemctl status heplify

• The log is written to /opt/heplify/heplify.log

Setting up the Mirror Port on the Switch

For this guide I used a Cisco switch to connect everything. In order for the HEPlify Capture Agent to receive the data from the VoIP services the traffic needs to be mirrored into the agent. Here are the commands for most Cisco switches.

• Configure the source for the monitor session. This is the interface or interfaces from which you would like to capture the data. You can add multiples to this list if needed.

monitor session 1 source interface GigabitEthernet 0/0/x

• Configure the destination for the monitor session. This should be the 2nd NIC port connected to the HEPlify Capture Agent hardware.

monitor session 1 destination interface GigabitEthernet 0/0/y

Here is Cisco's SPAN Guide for reference: SPAN Command Reference