The ipfixer from folkertvanheusden

ipfixer's Introduction

what it is

ipfixer is a collector for IPFIX, NetFlow v9 and NetFlow v5 data. This data is captured and then stored in a MongoDB, MariaDB/MySQL, PostgreSQL or InfluxDB database.

compiling

The following package is required:

libjansson-dev
libyaml-cpp-dev
pkg-config for cmake

Optional packages:

libmongocxx-dev at moment of writing (March 2024) this package is in Debian in the 'experimental' branch, you can also use the one from https://mongocxx.org/mongocxx-v3/installation/linux/ )
libpqxx-dev PostgreSQL support
libmariadb-dev MariaDB (MySQL) support

Then:

mkdir build
cd build
cmake ..
make

usage

Invoke 'ipfixer'. It requires a configuration-file for which an example (ipfixer.yaml) is included.

InfluxDB requires a host/port of a 'graphite endpoint'.

Note: if you get strange "out of range"-errors, make sure you correclty configured IPFIX or NetFlow depending on what the emitter is producing.

Note: you probably don't want "debug" log-level as that uses a lot of CPU.

tested with

EdgeMAX EdgeRouter Lite v1.10.0
softflowd - https://github.com/irino/softflowd
ipt_NETFLOW - https://github.com/aabc/ipt-netflow

Written by Folkert van Heusden [email protected]

Released under MIT license.

ipfixer's People

Contributors

Stargazers

Watchers

ipfixer's Issues

What does it mean: data for "destinationIPv6Address" missing (json)

Hi!
I was looking for a Netflow visualizer and came acrosss your project. I thought it would be nice to see if it works. It does seem to work. (Y)
In the log i see messages about "data missing". What do those messages indicate?
Is it as-expected, because the given package was sent through IPv4?

2024-04-02 11:05:58.714501 |828] debug   process_ipfix_packet: set id    : 259
2024-04-02 11:05:58.714528 |828] debug   process_ipfix_packet: set length: 76
2024-04-02 11:05:58.714543 |828] debug   process_ipfix_packet: template 259 has 23 elements
2024-04-02 11:05:58.714562 |828] debug   process_ipfix_packet: information element sourceIPv4Address of type 18: "192.168.178.10"
2024-04-02 11:05:58.714578 |828] debug   process_ipfix_packet: information element destinationIPv4Address of type 18: "192.168.178.4"
2024-04-02 11:05:58.714594 |828] debug   process_ipfix_packet: information element ipNextHopIPv4Address of type 18: "0.0.0.0"
2024-04-02 11:05:58.714610 |828] debug   process_ipfix_packet: information element ipVersion of type 1: "4"
2024-04-02 11:05:58.714625 |828] debug   process_ipfix_packet: information element sourceTransportPort of type 2: "33648"
2024-04-02 11:05:58.714640 |828] debug   process_ipfix_packet: information element destinationTransportPort of type 2: "10050"
2024-04-02 11:05:58.714656 |828] debug   process_ipfix_packet: information element tcpControlBits of type 2: "27"
2024-04-02 11:05:58.714669 |828] debug   process_ipfix_packet: information element ingressInterface of type 3: "38"
2024-04-02 11:05:58.714684 |828] debug   process_ipfix_packet: information element egressInterface of type 3: "38"
2024-04-02 11:05:58.714699 |828] debug   process_ipfix_packet: information element ingressPhysicalInterface of type 3: "37"
2024-04-02 11:05:58.714714 |828] debug   process_ipfix_packet: information element egressPhysicalInterface of type 3: "40"
2024-04-02 11:05:58.714729 |828] debug   process_ipfix_packet: information element packetDeltaCount of type 4: "5"
2024-04-02 11:05:58.714747 |828] debug   process_ipfix_packet: information element octetDeltaCount of type 4: "310"
2024-04-02 11:05:58.714766 |828] debug   process_ipfix_packet: information element flowStartMilliseconds of type 15: "1712055943520"
2024-04-02 11:05:58.714782 |828] debug   process_ipfix_packet: information element flowEndMilliseconds of type 15: "1712055943552"
2024-04-02 11:05:58.714804 |828] debug   process_ipfix_packet: information element protocolIdentifier of type 1: "6"
2024-04-02 11:05:58.714821 |828] debug   process_ipfix_packet: information element ipClassOfService of type 1: "0"
2024-04-02 11:05:58.714840 |828] debug   process_ipfix_packet: information element flowEndReason of type 1: "3"
2024-04-02 11:05:58.714859 |828] debug   process_ipfix_packet: information element tcpOptions of type 4: "4043309056"
2024-04-02 11:05:58.714879 |828] debug   process_ipfix_packet: information element destinationMacAddress of type 12: "d4:1a:d1:18:6b:fc"
2024-04-02 11:05:58.714899 |828] debug   process_ipfix_packet: information element sourceMacAddress of type 12: "bc:24:11:6f:d2:6d"
2024-04-02 11:05:58.714919 |828] debug   process_ipfix_packet: information element ethernetType of type 2: "2048"
2024-04-02 11:05:58.714997 |828] debug   process_ipfix_packet: information element flowDirection of type 1: "255"
2024-04-02 11:05:58.715071 |828] info    db_sql::insert: data for "destinationIPv6Address" missing (json)
2024-04-02 11:05:58.715096 |828] info    db_sql::insert: data for "sourceIPv6Address" missing (json)
2024-04-02 11:05:58.715135 |828] info    db_sql::insert: data for "flowEndSysUpTime" missing (non-json)
2024-04-02 11:05:58.715153 |828] info    db_sql::insert: data for "flowStartSysUpTime" missing (non-json)

Recommend Projects

folkertvanheusden / ipfixer Goto Github PK

ipfixer's Introduction

what it is

compiling

usage

tested with

ipfixer's People

Contributors

Stargazers

Watchers

ipfixer's Issues

What does it mean: data for "destinationIPv6Address" missing (json)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent