Wosonkhanitsa wa Xenoeye Netflow tsopano akupezeka. Zimakupatsani mwayi wosonkhanitsa ziwerengero zamagalimoto kuchokera pazida zosiyanasiyana zapaintaneti pogwiritsa ntchito ma protocol a Netflow v9 ndi IPFIX, kukonza deta, kupanga malipoti, ndikupanga ma graph. Kuphatikiza apo, wokhometsayo amatha kugwiritsa ntchito zolemba zachikhalidwe pamene ziwombankhanga zadutsa. Cholinga cha polojekitiyi chalembedwa mu C, ndipo code imagawidwa pansi pa layisensi ya ISC.
Zochita za otolera:
- Deta yophatikizidwa ndi magawo ofunikira a Netflow imatumizidwa ku PostgreSQL. Pre-aggregation imachitika mkati mwa osonkhanitsa.
- Ndi magawo oyambira a Netflow omwe amathandizidwa kunja kwa bokosilo, koma mutha kuwonjezera pafupifupi gawo lililonse.
- Kutengera momwe magalimoto amayendera ndi malipoti, magwiridwe antchito a osonkhanitsa amatha kufikira mazana angapo akuyenda pamphindikati pa CPU imodzi. Njira yogawa katundu ndi chipangizo (rauta) pakuyenda.
- Wosonkhanitsa amagwiritsa ntchito ma avareji osuntha kuti awerengere kuthamanga kwa magalimoto.
- Wosonkhanitsa angagwiritsidwe ntchito kufunafuna omwe ali ndi kachilombo (kutumiza sipamu ya imelo, kusefukira kwa HTTP(S), ma scanner a SSH), kuti azindikire ma spikes akuthwa pakuwukira kwa DoS/DDoS.
- Malipoti apakompyuta amatha kuwonedwa pogwiritsa ntchito zida zosiyanasiyana: gnuplot, Python scripts + Matplotlib, pogwiritsa ntchito Grafana.
- Mosiyana ndi osonkhanitsa ambiri amakono, polojekitiyi sigwiritsa ntchito Apache Kafka, Elastic, etc.; kuwerengera kwakukulu kumachitika mkati mwa wosonkhanitsa yekha.
Source: opennet.ru
