Skip to content
/ netflow Public

Scripts and queries to support the deployment of netflow data collection and analysis

License

GPL-2.0 license
11 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kravp00L/netflow

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
LICENSE
LICENSE
 
 
README
README
 
 
configure.py
configure.py
 
 
log_cleanup.py
log_cleanup.py
 
 
log_dump.py
log_dump.py
 
 
netflow.py
netflow.py
 
 
read_params.py
read_params.py
 
 

Repository files navigation

Netflow
=======

This project is a set of python scripts and queries to support the deployment
of netflow data collection and analysis.  Netflow collection is handled by
nfcapd from the nfdump tools [http://nfdump.sourceforge.net/].  The scripts
handle the management of the listener, the data export from binary netflow
to ascii, and the cleanup of binary and ascii log files.

The ascii output is intended for consumption by Splunk.  The required stanzas
for Splunk are created in the conf directory in the inputs.conf file.  This
script will NOT automatically update an existing Splunk confiuration, so
the input stanzas will need to be transcribed to the appropriate Splunk
config file.

The Python scripts were developed using Python 2.7 and have not been tested
against Python 3.x

Prequisites
nfdump tools, notably nfcapd and nfdump, compiled locally and installed in
/usr/local/bin - this is the default location for installation

Splunk forwarder or Splunk Enterprise installation on the local system

The configure.py script needs to run as root or with sudo since it needs to
write to /opt

About

Scripts and queries to support the deployment of netflow data collection and analysis

Resources

Readme

License

GPL-2.0 license
Activity

Stars

11 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages