Umqoqi we-Xenoeye Netflow uyatholakala, okuvumela ukuthi uqoqe izibalo zokugeleza kwethrafikhi kusuka kumadivayisi enethiwekhi ahlukahlukene, asakazwa kusetshenziswa i-Netflow v9 ne-IPFIX protocol, ukucubungula idatha, ukukhiqiza imibiko nokwakha amagrafu. Ngaphezu kwalokho, umqoqi angakwazi ukusebenzisa imibhalo yangokwezifiso lapho imingcele yeqiwe. Umnyombo wephrojekthi ubhalwe ngo-C, ikhodi isatshalaliswa ngaphansi kwelayisensi ye-ISC.
Izici Zomqoqi:
- Idatha ehlanganiswe yizinkambu ezidingekayo ze-Netflow ithunyelwa ku-PostgreSQL. Ukuhlanganiswa kwangaphambili kwenzeka ngaphakathi kwe-reservoir.
- Ngaphandle kwebhokisi, kusekelwa kuphela isethi eyisisekelo yezinkambu ze-Netflow, kodwa ungakwazi ukwengeza cishe noma iyiphi inkambu.
- Ukusebenza komqoqi, kuye ngohlobo lwethrafikhi nemibiko, kungafinyelela "ukugeleza kwezinkulungwane ezingamakhulu ambalwa ngomzuzwana" ku-CPU eyodwa. Imodeli yokusabalalisa umthwalo ngedivayisi ngayinye (umzila) ngokugeleza ngakunye.
- Umqoqi usebenzisa izilinganiso ezihambayo ukuze abale isivinini sethrafikhi.
- Umqoqi angasetshenziselwa ukucinga ababungazi abathelelekile (ukuthumela ugaxekile we-imeyili, i-HTTP(S)-flood, izikena ze-SSH), ukuthola ukuqhuma okungazelelwe ngesikhathi sokuhlasela kwe-DoS/DDoS.
- Imibiko yenethiwekhi ingabonwa kusetshenziswa izinsiza ezahlukahlukene: i-gnuplot, imibhalo yePython + Matplotlib, kusetshenziswa iGrafana
- Ngokungafani nabaqoqi abaningi besimanje, iphrojekthi ayisebenzisi i-Apache Kafka, Elastic, njll., izibalo eziyinhloko zenzeka ngaphakathi komqoqi uqobo.
Source: opennet.ru