Loaʻa ka Xenoeye Netflow collector, kahi e hiki ai iā ʻoe ke hōʻiliʻili i nā ʻikepili e pili ana i nā kahe o nā kaʻa mai nā ʻenehana pūnaewele like ʻole, i hoʻouna ʻia me ka hoʻohana ʻana i nā protocols Netflow v9 a me IPFIX, kaʻina hana ʻikepili, hana i nā hōʻike a kūkulu i nā kiʻi. Eia hou, hiki i ka mea hōʻiliʻili ke holo i nā palapala maʻamau ke ʻoi aku ka paepae. Ua kākau ʻia ke kumu o ka papahana ma C, ua māhele ʻia ke code ma lalo o ka laikini ISC.
Nā hiʻohiʻona ʻohi:
- Lawe ʻia ka ʻikepili i hōʻuluʻulu ʻia e nā kahua Netflow i makemake ʻia i PostgreSQL. Hana ʻia ka pre-aggregation i loko o ka waihona.
- Ma waho o ka pahu, kākoʻo wale ʻia kahi hoʻonohonoho kumu o nā kahua Netflow, akā hiki iā ʻoe ke hoʻohui i nā pā āpau.
- ʻO ka hana a ka mea ʻohi, e pili ana i ke ʻano o ke kaʻa a me nā hōʻike, hiki ke hōʻea i mau haneli kaukani "kaha i kēlā me kēia kekona" ma hoʻokahi CPU. ʻO ke kumu hoʻohālike hoʻoili ukana no kēlā me kēia mea (router) no kēlā me kēia kahe.
- Hoʻohana ka mea ʻohi i nā awelika neʻe e helu i ka wikiwiki o ke kaʻa.
- Hiki ke hoʻohana ʻia ka mea ʻohi e ʻimi i nā pūʻali maʻi (ka hoʻouna ʻana i ka leka uila spam, HTTP(S)-flood, SSH scanners), e ʻike i nā pohā koke i ka wā o ka hoʻouka ʻana o DoS/DDoS.
- Hiki ke ʻike ʻia nā hōʻike pūnaewele me ka hoʻohana ʻana i nā pono like ʻole: gnuplot, Python scripts + Matplotlib, me ka hoʻohana ʻana iā Grafana
- ʻAʻole like me nā ʻohi ʻohi hou, ʻaʻole hoʻohana ka papahana iā Apache Kafka, Elastic, a me nā mea ʻē aʻe, aia nā helu nui i loko o ka ʻohi ponoʻī.
Source: opennet.ru