Update to 2020 in file headers; update the analyzer file name in README
The analyzer is now found in analyzer.py and uses the '-f' flag for GZIPed input files. Bundled with the previous PR commit, this update should now be clearer.
This commit is contained in:
parent
52d357b111
commit
adb02eab24
2
LICENSE
2
LICENSE
|
@ -1,6 +1,6 @@
|
|||
MIT License
|
||||
|
||||
Copyright (c) 2016-2019 Dominik Pataky <dev@bitkeks.eu>
|
||||
Copyright (c) 2016-2020 Dominik Pataky <dev@bitkeks.eu>
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
|
|
17
README.md
17
README.md
|
@ -5,13 +5,13 @@ Version 9 is the first NetFlow version using templates.
|
|||
Templates make dynamically sized and configured NetFlow data flowsets possible,
|
||||
which makes the collector's job harder.
|
||||
|
||||
Copyright 2016-2019 Dominik Pataky <dev@bitkeks.eu>
|
||||
Copyright 2016-2020 Dominik Pataky <dev@bitkeks.eu>
|
||||
|
||||
Licensed under MIT License. See LICENSE.
|
||||
|
||||
|
||||
## Using the collector and analyzer
|
||||
In this repo you also find `main.py` and `analyze_json.py`.
|
||||
In this repo you also find `main.py` and `analyzer.py`.
|
||||
|
||||
To start an example collector run `python3 main.py -p 9000 -D`. This will run
|
||||
a collector at port 9000 in debug mode. Point your flow exporter to this port on
|
||||
|
@ -21,8 +21,9 @@ need to expire first).
|
|||
After you collected some data, `main.py` exports them into GZIP files, simply
|
||||
named `<timestamp>.gz`.
|
||||
|
||||
To analyze the saved traffic, run `analyze_json.py -f <gzip file>`. In my example
|
||||
script this will look like the following, with resolved hostnames and services, transfered bytes and connection duration:
|
||||
To analyze the saved traffic, run `analyzer.py -f <gzip file>`. In my example
|
||||
script this will look like the following, with resolved hostnames and services,
|
||||
transfered bytes and connection duration:
|
||||
|
||||
2017-10-28 23:17.01: SSH | 4.25M | 15:27 min | localmachine-2 (<IPv4>) to localmachine-1 (<IPv4>)
|
||||
2017-10-28 23:17.01: SSH | 4.29M | 16:22 min | remotemachine (<IPv4>) to localmachine-2 (<IPv4>)
|
||||
|
@ -31,8 +32,10 @@ script this will look like the following, with resolved hostnames and services,
|
|||
2017-10-28 23:23.01: SSH | 93.79M | 21 sec | remotemachine (<IPv4>) to localmachine-2 (<IPv4>)
|
||||
2017-10-28 23:51.01: SSH | 14.08M | 1:23.09 hours | remotemachine (<IPv4>) to localmachine-2 (<IPv4>)
|
||||
|
||||
Feel free to customize the analyzing script, e.g. make it print some
|
||||
nice graphs or calculate broader statistics.
|
||||
Feel free to customize the analyzing script, e.g. make it print some nice graphs or calculate broader statistics.
|
||||
|
||||
**Please note that the analyzer is experimental and has some rough edges. Do not rely on it in monitoring use cases!**
|
||||
|
||||
|
||||
## Resources
|
||||
* [Cisco NetFlow v9 paper](http://www.cisco.com/en/US/technologies/tk648/tk362/technologies_white_paper09186a00800a3db9.html)
|
||||
|
@ -43,7 +46,7 @@ I have specifically written this script in combination with NetFlow exports from
|
|||
[softflowd](https://github.com/djmdjm/softflowd) v0.9.9 - it should work with every
|
||||
correct NetFlow v9 implementation though.
|
||||
|
||||
### Running tests
|
||||
### Running and creating tests
|
||||
The file `tests.py` contains some tests based on real softflowd export packets.
|
||||
To create the test packets try the following:
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
Example analyzing script for saved exports (by main.py, as JSON).
|
||||
This file belongs to https://github.com/bitkeks/python-netflow-v9-softflowd.
|
||||
|
||||
Copyright 2017-2019 Dominik Pataky <dev@bitkeks.eu>
|
||||
Copyright 2017-2020 Dominik Pataky <dev@bitkeks.eu>
|
||||
Licensed under MIT License. See LICENSE.
|
||||
"""
|
||||
|
||||
|
|
2
main.py
2
main.py
|
@ -4,7 +4,7 @@
|
|||
Example collector script for NetFlow v1, v5, and v9.
|
||||
This file belongs to https://github.com/bitkeks/python-netflow-v9-softflowd.
|
||||
|
||||
Copyright 2017-2019 Dominik Pataky <dev@bitkeks.eu>
|
||||
Copyright 2017-2020 Dominik Pataky <dev@bitkeks.eu>
|
||||
Licensed under MIT License. See LICENSE.
|
||||
"""
|
||||
|
||||
|
|
2
tests.py
2
tests.py
|
@ -6,7 +6,7 @@ test packets (defined below as hex streams) were extracted from a "real"
|
|||
softflowd export based on a sample PCAP capture file. They consist of one
|
||||
export with the templates and three without.
|
||||
|
||||
Copyright 2017-2019 Dominik Pataky <dev@bitkeks.eu>
|
||||
Copyright 2017-2020 Dominik Pataky <dev@bitkeks.eu>
|
||||
Licensed under MIT License. See LICENSE.
|
||||
"""
|
||||
|
||||
|
|
Loading…
Reference in a new issue