Ana samun mai karɓar Xenoeye Netflow, wanda ke ba ku damar tattara ƙididdiga akan zirga-zirgar ababen hawa daga na'urorin cibiyar sadarwa daban-daban, ana watsa su ta amfani da ka'idojin Netflow v9 da IPFIX, bayanan aiwatar da bayanai, samar da rahotanni da gina hotuna. Bugu da kari, mai tarawa zai iya gudanar da rubutun al'ada lokacin da aka wuce iyakar. An rubuta ainihin aikin a cikin C, an rarraba lambar a ƙarƙashin lasisin ISC.
Siffofin Mai Tari:
- Ana fitar da bayanan da aka tara ta filayen Netflow da ake buƙata zuwa PostgreSQL. Pre-aggregation faruwa a cikin tafki.
- Daga cikin akwatin, saitin asali na filayen Netflow ne kawai ake tallafawa, amma kuna iya ƙara kusan kowane filin.
- Ayyukan mai tarawa, dangane da yanayin zirga-zirga da rahotanni, na iya kaiwa dubu ɗari da yawa "gudanarwa a sakan daya" akan CPU ɗaya. Samfurin rarraba kaya yana kowace na'ura (na'ura mai ba da hanya tsakanin hanyoyin sadarwa) kowace kwarara.
- Mai tarawa yana amfani da matsakaicin motsi don ƙididdige saurin zirga-zirga.
- Ana iya amfani da mai tarawa don nemo masu kamuwa da cuta (aika spam na imel, HTTP(S) - ambaliyar ruwa, SSH scanners), don gano fashe kwatsam yayin harin DoS/DDoS.
- Ana iya ganin rahotannin hanyar sadarwa ta amfani da kayan aiki daban-daban: gnuplot, rubutun Python + Matplotlib, ta amfani da Grafana
- Ba kamar yawancin masu tarawa na zamani ba, aikin ba ya amfani da Apache Kafka, Elastic, da dai sauransu, babban lissafin yana faruwa a cikin mai tarawa kanta.
source: budenet.ru