Skip to main content

Satellite AMI on AWS EC2

1. Open the EC2 Launch Wizard and select the Levo Satellite AMI

Levo provides pre-built AMIs for Satellite. You can launch an EC2 instance using the AMI in the AWS region you wish to install the satellite in.

2. EC2 Configuration

Pick the following appropriately for your instance. Make sure that this instance is reachable from the eBPF sensors running in your VPC.

  1. Instance Name & tags
  2. Key pair
  3. The security group
  • Make sure to add rules to allow https traffic.
  • Allow UDP port 4789 if you are using traffic mirroring.
  1. Disk storage. Choose at least 40GB

3. Add User Metadata to the EC2 instance

Under Advanced details > User Data, add the following (pick the appropriate value of levo_auth_key):

echo "LEVOAI_AUTH_KEY='Authorization Key'" > /opt/levoai/.levoenv
sudo /opt/levoai/ upgrade >> satellite-start.log 2>&1
# Uncomment the following line to enable the traffic mirroring listener
# sudo /opt/levoai/ start >> traffic-listener-start.log 2>&1

Depending on the region you are installing in, you may need to set a different Levo base URL for the satellite.

For example, if the satellite will be used with, add the following line to the /opt/levoai/.levoenv file as well.

echo "LEVOAI_BASE_URL=''" >> /opt/levoai/.levoenv

Traffic Mirroring

In order to use traffic mirroring setup uncomment the last line of the user data script. Check AWS Traffic Mirroring for configuring traffic mirroring using Levo CLI.

4. Launch the EC2 instance

Satellite services should start automatically once the EC2 instance is initialized

5. Verify the Satellite services

To check logs, debug and manage the Satellite services, you can SSH into the VM and use the following commands.

  1. Stop the Satellite: sudo /opt/levo/ stop
  2. Start the Satellite: sudo /opt/levo/ start
  3. Upgrade the Satellite: sudo /opt/levo/ upgrade
  4. Check the services: sudo docker ps

6. Verify connectivity with

a. Check Satellite health

The Satellite is comprised of four sub components 1) levoai-collector, 2) levoai-rabbitmq, 3)levoai-satellite, and 4) levoai-tagger.

Wait couple of minutes after the install, and check the health of the components by executing the following:

sudo docker ps -f name=levoai

If the Satellite is healthy, you should see output similar to below.

CONTAINER ID   IMAGE                     COMMAND                  CREATED             STATUS                  PORTS                                                                                                                                    NAMES
2b32cd6b9ced levoai/collector:stable "/usr/local/bin/levo…" 10 seconds ago Up 8 seconds>4317/tcp, 9411/tcp levoai-collector
06f3c597cad0 levoai/satellite:stable "gunicorn --capture-…" 10 seconds ago Up 9 seconds>9999/tcp levoai-satellite
89026034c567 levoai/satellite:stable "python -OO /opt/lev…" 10 seconds ago Up Less than a second levoai-tagger
f74524d02fbd bitnami/rabbitmq:3.10 "/opt/bitnami/script…" 10 seconds ago Up 9 seconds 5551-5552/tcp,>4369/tcp, 5671/tcp,>5672/tcp,>15672/tcp,>25672/tcp, 15671/tcp levoai-rabbitmq

b. Check connectivity

Execute the following to check for connectivity health:

sudo docker logs levoai-tagger  2>&1 | grep "Ready to process; waiting for messages."

If connectivity is healthy, you will see output similar to below.

{"level": "info", "time": "2022-06-07 08:07:22,439", "line": "", "version": "fc628b50354bf94e544eef46751d44945a2c55bc", "module": "/opt/levoai/e7s/src/python/levoai_e7s/satellite/", "message": "Ready to process; waiting for messages."}

7. Note down Host:Port information

The Collector now runs in a container, and is reachable on the host via port 4317 (on all the host's network interfaces).

Please note down the either the host's IP address or domain name. The Sensor will be configured to communicate with the Collector at <Host's IP|Domain-Name>:4317.

Please proceed to install Traffic Capture Sensors.