Documentation ¶
Overview ¶
The flowpipeline utility unifies all bwNetFlow functionality and provides configurable pipelines to process flows in any manner.
The main entrypoint accepts command line flags to point to a configuration file and to establish the log level.
Directories ¶
Path | Synopsis |
---|---|
examples
|
|
plugin
TODO: Compile this using: `go build -buildmode=plugin ./examples/plugin/printcustom.go`
|
TODO: Compile this using: `go build -buildmode=plugin ./examples/plugin/printcustom.go` |
The pipeline package manages segments in Pipeline objects.
|
The pipeline package manages segments in Pipeline objects. |
This package is home to all pipeline segment implementations.
|
This package is home to all pipeline segment implementations. |
alert/http
This segment is used to alert on flows using webhooks - WIP, but basically usable.
|
This segment is used to alert on flows using webhooks - WIP, but basically usable. |
export/clickhouse
Dumps all incoming flow messages to a clickhouse database.
|
Dumps all incoming flow messages to a clickhouse database. |
export/influx
Collects and exports all flows to influxdb for long term storage.
|
Collects and exports all flows to influxdb for long term storage. |
export/prometheus
Collects and serves statistics about flows.
|
Collects and serves statistics about flows. |
filter/elephant
Filters out the bulky average of flows.
|
Filters out the bulky average of flows. |
filter/flowfilter
Runs flows through a filter and forwards only matching flows.
|
Runs flows through a filter and forwards only matching flows. |
input/goflow
Captures Netflow v9 and feeds flows to the following segments.
|
Captures Netflow v9 and feeds flows to the following segments. |
input/kafkaconsumer
Consumes flows from a Kafka instance and passes them to the following segments.
|
Consumes flows from a Kafka instance and passes them to the following segments. |
input/stdin
Receives flows from stdin in JSON format, as exported by the json segment.
|
Receives flows from stdin in JSON format, as exported by the json segment. |
modify/addcid
Enriches any passing flow message with a customer id field based on a CIDR match.
|
Enriches any passing flow message with a customer id field based on a CIDR match. |
modify/anonymize
Anonymize uses the CryptoPan prefix-preserving IP address sanitization as specified by J. Fan, J. Xu, M. Ammar, and S. Moon.
|
Anonymize uses the CryptoPan prefix-preserving IP address sanitization as specified by J. Fan, J. Xu, M. Ammar, and S. Moon. |
modify/bgp
Enriches flows with infos from BGP.
|
Enriches flows with infos from BGP. |
modify/dropfields
Drops fields from any passing flow.
|
Drops fields from any passing flow. |
modify/geolocation
Enriches flows with a geolocation.
|
Enriches flows with a geolocation. |
modify/normalize
Rewrites passing flows with all sampling rate affected fields normalized.
|
Rewrites passing flows with all sampling rate affected fields normalized. |
modify/protomap
Enriches any passing flow message with the human readable protocol.
|
Enriches any passing flow message with the human readable protocol. |
modify/remoteaddress
Determines the remote address of flows based on different criteria.
|
Determines the remote address of flows based on different criteria. |
modify/reversedns
Rewrites the Note field of passing flows to the remote addresses reverse DNS entry.
|
Rewrites the Note field of passing flows to the remote addresses reverse DNS entry. |
modify/snmp
Enriches passing flows with human-readable versions of interface ids, sourced from SNMP.
|
Enriches passing flows with human-readable versions of interface ids, sourced from SNMP. |
output/csv
Package csv processes all flows from it's In channel and converts them into CSV format.
|
Package csv processes all flows from it's In channel and converts them into CSV format. |
output/json
Prints all flows to stdout or a given file in json format, for consumption by the stdin segment or for debugging.
|
Prints all flows to stdout or a given file in json format, for consumption by the stdin segment or for debugging. |
output/kafkaproducer
Produces all received flows to Kafka instance.
|
Produces all received flows to Kafka instance. |
output/sqlite
Dumps all incoming flow messages to a local sqlite database.
|
Dumps all incoming flow messages to a local sqlite database. |
pass
Serves as a template for new segments and forwards flows, otherwise does nothing.
|
Serves as a template for new segments and forwards flows, otherwise does nothing. |
print/count
Counts the number of passing flows and prints the result on termination.
|
Counts the number of passing flows and prints the result on termination. |
print/printdots
Prints a dot every n flows.
|
Prints a dot every n flows. |
print/printflowdump
Prints all incoming flows in a specific flowdump format.
|
Prints all incoming flows in a specific flowdump format. |
Click to show internal directories.
Click to hide internal directories.