Netcap now supports exporting prometheus metrics about its go runtime, the collection process and the audit records itself. These data points can be used to gain insights about the collection performance or discover security related events.
​Prometheus is an open-source systems monitoring and alerting toolkit originally built at SoundCloud. Since its inception in 2012, many companies and organizations have adopted Prometheus, and the project has a very active developer and user community. It is now a standalone open source project and maintained independently of any company.
Prometheus - Monitoring system & time series database
Prometheus Homepage
To visualize the captured data I recomment the open source analytics and monitoring solution Grafana:
Grafana® Features
Grafana Labs
Grafana Homepage
This feature can be used with the export tool, which behaves similar to capture but is able to operate on pcaps, audit records and network interfaces.
Configuration
Metrics are served by default on 127.0.0.1:7777/metrics. Configure a prometheus instance to scrape it:
Run the export tool to capture live from an interface:
1
net export -iface en0
Copied!
Tip: Use $ net capture -interfaces to get a list of available interfaces to choose from
Go to http://localhost:9090 or to the port you configured alternatively, to check if your prometheus instance is scraping data correctly. Now that we have some data at hands, lets use Grafana to visualize it!
You can setup Grafana on macOS via brew:
1
$ brew install grafana
Copied!
Tip: On macOS, Grafanas default config is at /usr/local/etc/grafana/grafana.ini and installed plugins are stored at /usr/local/opt/grafana/share/grafana/data/plugins.
Start the prometheus server and pass the previously created config: