GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Graylog2 → graylog-plugin-netflow

Graylog2 / graylog-plugin-netflow

Licence: Apache-2.0 license
[DEPRECATED] Graylog NetFlow plugin

Programming Languages

java
68154 projects - #9 most used programming language

Labels

netflowmonitoringgrayloginputnetwork-monitoringnetwork-analysisgraylog-pluginnetflow-data

Projects that are alternatives of or similar to graylog-plugin-netflow

Nfstream
NFStream: a Flexible Network Data Analysis Framework.
Stars: ✭ 622 (+1677.14%)
Mutual labels:  netflow, network-monitoring, network-analysis
Nload
Real-time network traffic monitor
Stars: ✭ 121 (+245.71%)
Mutual labels:  network-monitoring, network-analysis
Ios Sdk
AppSpector is a debugging service for mobile apps
Stars: ✭ 56 (+60%)
Mutual labels:  network-monitoring, network-analysis
graylog-plugin-collector
Collector plugin for Graylog
Stars: ✭ 13 (-62.86%)
Mutual labels:  graylog, graylog-plugin
Cocoadebug
iOS Debugging Tool 🚀
Stars: ✭ 3,769 (+10668.57%)
Mutual labels:  network-monitoring, network-analysis
Bmon
bandwidth monitor and rate estimator
Stars: ✭ 787 (+2148.57%)
Mutual labels:  network-monitoring, network-analysis
Ivre
Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!
Stars: ✭ 2,331 (+6560%)
Mutual labels:  network-monitoring, network-analysis
arpwitch
A modern arpwatch replacement with JSON formatted outputs and easy options to exec commands when network changes are observed.
Stars: ✭ 20 (-42.86%)
Mutual labels:  network-monitoring, network-analysis
Dynamite Nsm
DynamiteNSM is a free Network Security Monitor developed by Dynamite Analytics to enable network visibility and advanced cyber threat detection
Stars: ✭ 92 (+162.86%)
Mutual labels:  netflow, network-analysis
graylog-plugin-aws
Several bundled Graylog plugins to integrate with different AWS services like CloudTrail and FlowLogs.
Stars: ✭ 88 (+151.43%)
Mutual labels:  graylog, graylog-plugin
Poseidon
Poseidon is a python-based application that leverages software defined networks (SDN) to acquire and then feed network traffic to a number of machine learning techniques. The machine learning algorithms classify and predict the type of device.
Stars: ✭ 310 (+785.71%)
Mutual labels:  network-monitoring, network-analysis
Graylog-Plugin-AlertManager-Callback
A plugin for Graylog which provides the possibility to send alerts to the Prometheus AlertManager API.
Stars: ✭ 23 (-34.29%)
Mutual labels:  graylog, graylog-plugin
Chucker
🔎 An HTTP inspector for Android & OkHTTP (like Charles but on device)
Stars: ✭ 2,169 (+6097.14%)
Mutual labels:  network-monitoring, network-analysis
Netgraph
A cross platform http sniffer with a web UI
Stars: ✭ 852 (+2334.29%)
Mutual labels:  network-monitoring, network-analysis
Zeek-Network-Security-Monitor
A Zeek Network Security Monitor tutorial that will cover the basics of creating a Zeek instance on your network in addition to all of the necessary hardware and setup and finally provide some examples of how you can use the power of Zeek to have absolute control over your network.
Stars: ✭ 38 (+8.57%)
Mutual labels:  network-monitoring, network-analysis
Docker Bro
Bro IDS Dockerfile
Stars: ✭ 126 (+260%)
Mutual labels:  network-monitoring, network-analysis
awesome-networking
A curated inexhaustive list of network utilities
Stars: ✭ 36 (+2.86%)
Mutual labels:  network-monitoring, network-analysis
opensnitch
OpenSnitch is a GNU/Linux application firewall
Stars: ✭ 398 (+1037.14%)
Mutual labels:  network-monitoring, network-analysis
graylog-plugin-logging-alert
Alert notification plugin for Graylog to generate log messages from alerts
Stars: ✭ 16 (-54.29%)
Mutual labels:  graylog, graylog-plugin
Nfsen Ng
Responsive NetFlow visualizer built on top of nfdump tools.
Stars: ✭ 112 (+220%)
Mutual labels:  netflow, network-analysis
View All Similar Projects ➔

DEPRECATION NOTICE

This project has been merged into graylog2-server, see #26

Please use the issue tracker in the graylog2-server repository for any feature requests or bug reports.

NetFlow Plugin for Graylog

Build Status

This plugin provides a NetFlow UDP input to act as a Flow collector that receives data from Flow exporters. Each received Flow will be converted to a Graylog message.

Required Graylog version: 2.3.0 and later

Supported NetFlow Versions

The version of the plugin now supports NetFlow V9. It can support IPv6 addresses without conversion and handles all of the fields from the fixed V5 format. In addition this plugin supports events from a CISCO ASA 5500, including firewall and routing events. Beware, there is significant duplication of typical syslog reporting in the v9 reporting.

Installation

Since Graylog Version 2.4.0 this plugin is already included in the Graylog server installation package as default plugin.

Download the plugin and place the .jar file in your Graylog plugin directory. The plugin directory is the plugins/ folder relative from your graylog-server directory by default and can be configured in your graylog.conf file.

Restart graylog-server and you are done.

Setup

In the Graylog web interface, go to System/Inputs and create a new NetFlow input like this:

NetFlow input creation dialog

Example Message

This is an example NetFlow message in Graylog:

NetFlow example fields screenshot

Example Dashboard

This is an example of a dashboard with NetFlow data:

NetFlow example dashboard screenshot

Credits

The NetFlow parsing code is based on the https://github.com/wasted/netflow project and has been ported from Scala to Java.

Plugin Development

Testing

To generate some NetFlow data for debugging and testing you can use softflowd.

Example command and output:

# softflowd -D -i eth0 -v 5 -t maxlife=1 -n 10.0.2.2:2055

Using eth0 (idx: 0)
softflowd v0.9.9 starting data collection
Exporting flows to [10.0.2.2]:2055
ADD FLOW seq:1 [10.0.2.2]:48164 <> [10.0.2.15]:22 proto:6
ADD FLOW seq:2 [10.0.2.2]:51428 <> [10.0.2.15]:22 proto:6
Starting expiry scan: mode 0
Queuing flow seq:1 (0x7fef0318bc70) for expiry reason 6
Finished scan 1 flow(s) to be evicted
Sending v5 flow packet len = 120
sent 1 netflow packets
EXPIRED: seq:1 [10.0.2.2]:48164 <> [10.0.2.15]:22 proto:6 octets>:322 packets>:7 octets<:596 packets<:7 start:2015-07-21T13:18:01.236 finish:2015-07-21T13:18:27.718 tcp>:10 tcp<:18 flowlabel>:00000000 flo
wlabel<:00000000  (0x7fef0318bc70)
ADD FLOW seq:3 [10.0.2.2]:2055 <> [10.0.2.15]:48363 proto:17
ADD FLOW seq:4 [10.0.2.2]:48164 <> [10.0.2.15]:22 proto:6

Plugin Release

We are using the Maven release plugin:

$ mvn release:prepare
[...]
$ mvn release:perform

This sets the version numbers, creates a tag and pushes to GitHub. Travis CI will build the release artifacts and upload to GitHub automatically.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].