The release of Netflow/IPFIX collector Xenoeye 23.11 has been published, which allows you to collect statistics on traffic flows from various network devices, transmitted using the Netflow v5, v9 and IPFIX protocols, as well as process data, generate reports and build graphs. The core of the project is written in C, the code is distributed under the ISC license.
The collector aggregates network traffic by selected fields and exports the data to PostgreSQL. Using this data, you can build reports, graphs (using gnuplot, Python + Matplotlib scripts) or dashboards in Grafana. In addition, the collector can run custom scripts when thresholds are exceeded. Moving averages are used to calculate traffic speed. The collector comes with an example of a Telegram robot script that can notify the messenger about speeding above certain thresholds.
Changes in the new version:
- Added the ability to use GeoIP using ipapi databases. Using the GeoIP functions, you can create geo-monitoring objects (for example, allocate all traffic only to Russia into a separate monitoring object) and export data broken down by GeoIP. The collector supports granularity by country, region, and city. In addition, you can get longitude and latitude from an IP address (although you need to understand that all this works very approximately).
- For routers that cannot export autonomous system numbers to Netflow/IPFIX, it is possible to obtain these numbers and their text description using the ip-location-db databases. Just like for GeoIP, you can create separate monitoring objects, which include the traffic of selected ASs, or export the names of autonomous systems to the DBMS.
- Added traffic classification by netflow fields. The collector can classify monitoring objects using some fields (TCP flags, ports, packet sizes)
- The xegeoq console utility has been added, which allows you to obtain GeoIP information and AS information from IP addresses using local databases.
Source: opennet.ru