diff --git a/LICENSE b/LICENSE index b0f7b3c..ca67085 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2016-2019 Dominik Pataky +Copyright (c) 2016-2020 Dominik Pataky Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 7377a5f..c134d37 100644 --- a/README.md +++ b/README.md @@ -5,13 +5,13 @@ Version 9 is the first NetFlow version using templates. Templates make dynamically sized and configured NetFlow data flowsets possible, which makes the collector's job harder. -Copyright 2016-2019 Dominik Pataky +Copyright 2016-2020 Dominik Pataky Licensed under MIT License. See LICENSE. ## Using the collector and analyzer -In this repo you also find `main.py` and `analyze_json.py`. +In this repo you also find `main.py` and `analyzer.py`. To start an example collector run `python3 main.py -p 9000 -D`. This will run a collector at port 9000 in debug mode. Point your flow exporter to this port on @@ -21,8 +21,9 @@ need to expire first). After you collected some data, `main.py` exports them into GZIP files, simply named `.gz`. -To analyze the saved traffic, run `analyze_json.py -f `. In my example -script this will look like the following, with resolved hostnames and services, transfered bytes and connection duration: +To analyze the saved traffic, run `analyzer.py -f `. In my example +script this will look like the following, with resolved hostnames and services, +transfered bytes and connection duration: 2017-10-28 23:17.01: SSH | 4.25M | 15:27 min | localmachine-2 () to localmachine-1 () 2017-10-28 23:17.01: SSH | 4.29M | 16:22 min | remotemachine () to localmachine-2 () @@ -31,8 +32,10 @@ script this will look like the following, with resolved hostnames and services, 2017-10-28 23:23.01: SSH | 93.79M | 21 sec | remotemachine () to localmachine-2 () 2017-10-28 23:51.01: SSH | 14.08M | 1:23.09 hours | remotemachine () to localmachine-2 () -Feel free to customize the analyzing script, e.g. make it print some -nice graphs or calculate broader statistics. +Feel free to customize the analyzing script, e.g. make it print some nice graphs or calculate broader statistics. + +**Please note that the analyzer is experimental and has some rough edges. Do not rely on it in monitoring use cases!** + ## Resources * [Cisco NetFlow v9 paper](http://www.cisco.com/en/US/technologies/tk648/tk362/technologies_white_paper09186a00800a3db9.html) @@ -43,7 +46,7 @@ I have specifically written this script in combination with NetFlow exports from [softflowd](https://github.com/djmdjm/softflowd) v0.9.9 - it should work with every correct NetFlow v9 implementation though. -### Running tests +### Running and creating tests The file `tests.py` contains some tests based on real softflowd export packets. To create the test packets try the following: diff --git a/analyzer.py b/analyzer.py index b11d07d..51c046c 100755 --- a/analyzer.py +++ b/analyzer.py @@ -4,7 +4,7 @@ Example analyzing script for saved exports (by main.py, as JSON). This file belongs to https://github.com/bitkeks/python-netflow-v9-softflowd. -Copyright 2017-2019 Dominik Pataky +Copyright 2017-2020 Dominik Pataky Licensed under MIT License. See LICENSE. """ diff --git a/main.py b/main.py index 0169c17..4604339 100755 --- a/main.py +++ b/main.py @@ -4,7 +4,7 @@ Example collector script for NetFlow v1, v5, and v9. This file belongs to https://github.com/bitkeks/python-netflow-v9-softflowd. -Copyright 2017-2019 Dominik Pataky +Copyright 2017-2020 Dominik Pataky Licensed under MIT License. See LICENSE. """ diff --git a/tests.py b/tests.py index dfc20c2..0d1711a 100755 --- a/tests.py +++ b/tests.py @@ -6,7 +6,7 @@ test packets (defined below as hex streams) were extracted from a "real" softflowd export based on a sample PCAP capture file. They consist of one export with the templates and three without. -Copyright 2017-2019 Dominik Pataky +Copyright 2017-2020 Dominik Pataky Licensed under MIT License. See LICENSE. """