{"id":22747997,"url":"https://github.com/githubfoam/silk-sandbox","last_synced_at":"2025-03-30T05:42:26.621Z","repository":{"id":58700603,"uuid":"225356924","full_name":"githubfoam/silk-sandbox","owner":"githubfoam","description":"network security monitoring NIDS HIDS  CTI DFIR","archived":false,"fork":false,"pushed_at":"2019-12-02T17:16:40.000Z","size":28,"stargazers_count":0,"open_issues_count":2,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-05T07:49:38.283Z","etag":null,"topics":["hids","network-monitoring","nids","silk"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/githubfoam.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-12-02T11:19:13.000Z","updated_at":"2020-06-25T17:24:39.000Z","dependencies_parsed_at":"2022-09-06T15:10:26.720Z","dependency_job_id":null,"html_url":"https://github.com/githubfoam/silk-sandbox","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/githubfoam%2Fsilk-sandbox","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/githubfoam%2Fsilk-sandbox/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/githubfoam%2Fsilk-sandbox/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/githubfoam%2Fsilk-sandbox/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/githubfoam","download_url":"https://codeload.github.com/githubfoam/silk-sandbox/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246281216,"owners_count":20752207,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hids","network-monitoring","nids","silk"],"created_at":"2024-12-11T03:18:57.645Z","updated_at":"2025-03-30T05:42:26.606Z","avatar_url":"https://github.com/githubfoam.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# silk-sandbox\n\ncan not be ansibleable\n~~~~\nsudo systemctl enable rwflowpack\nsudo systemctl start rwflowpack.service\nsudo systemctl enable yaf\nsudo systemctl start yaf.service\n\nsudo systemctl restart rwflowpack.service\nsudo systemctl status rwflowpack.service\nsudo systemctl restart yaf.service\nsudo systemctl status yaf.service\n\nCheck the rwflowpack log file again to ensure that it received a connection from yaf. There should be a message similar to the following (the port number will likely differ):\n'S0': accepted connection from 127.0.0.1:36734\ntail -n 40 /var/log/rwflowpack-XXX.log\n\nLook at the yaf log file, /var/log/yaf.log to ensure that it is running.\ntail -n 40 /var/log/yaf.log\n\nGenerate traffic\nping -c 5 8.8.8.8\n\nRun a test query\n/usr/local/bin/rwfilter --sensor=S0 --type=all --all=stdout | rwcut --tail-recs=10\n\n\u003chttps://tools.netsa.cert.org/silk/silk-on-box-deb.html\u003e\n~~~~\nupgrade\n~~~~\nsilk-sandbox\\provisioning\\roles\\silk\\vars\\main.yml\n\u003chttps://tools.netsa.cert.org/silk/download.html\u003e\n\u003chttps://tools.netsa.cert.org/yaf/download.html\u003e\n\u003chttps://tools.netsa.cert.org/fixbuf/download.html\u003e\n\ndebian-10.1\nsilk_version: 3.19.0\nlibfixbuf_version: 2.4.0\nyaf_version: 2.11.0\n~~~~\nsmoketesting silk\n~~~~\nGenerate traffic\n\n$ ping -c 5 8.8.8.8\nPING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.\n64 bytes from 8.8.8.8: icmp_seq=1 ttl=47 time=62.3 ms\n64 bytes from 8.8.8.8: icmp_seq=2 ttl=47 time=62.4 ms\n64 bytes from 8.8.8.8: icmp_seq=3 ttl=47 time=66.4 ms\n64 bytes from 8.8.8.8: icmp_seq=4 ttl=47 time=61.6 ms\n64 bytes from 8.8.8.8: icmp_seq=5 ttl=47 time=62.1 ms\n\n$ sudo systemctl status yaf.service\n● yaf.service - SYSV: Control yaf as a live capture daemon\n   Loaded: loaded (/etc/init.d/yaf; generated)\n   Active: active (running) since Mon 2019-12-02 10:17:46 UTC; 5min ago\n     Docs: man:systemd-sysv-generator(8)\n  Process: 10372 ExecStart=/etc/init.d/yaf start (code=exited, status=0/SUCCESS)\n    Tasks: 1 (limit: 542)\n   Memory: 1.8M\n   CGroup: /system.slice/yaf.service\n           └─10384 /usr/local/bin/yaf -d --live pcap --in eth1 --ipfix tcp --out localhost --ipfix-port 18001 --log /var/log/yaf.log --verbose --silk --applabel --max-payload=512 --pidfile /var/run/yaf.pid\n\nDec 02 10:17:44 vg-mokapot-03 systemd[1]: Starting SYSV: Control yaf as a live capture daemon...\nDec 02 10:17:46 vg-mokapot-03 yaf[10372]: Starting yaf:        [OK]\nDec 02 10:17:46 vg-mokapot-03 systemd[1]: Started SYSV: Control yaf as a live capture daemon.\n\n$ sudo systemctl status rwflowpack.service\n● rwflowpack.service - LSB: start and stop SiLK rwflowpack daemon\n   Loaded: loaded (/etc/init.d/rwflowpack; generated)\n   Active: active (running) since Mon 2019-12-02 10:15:24 UTC; 8min ago\n     Docs: man:systemd-sysv-generator(8)\n  Process: 9431 ExecStart=/etc/init.d/rwflowpack start (code=exited, status=0/SUCCESS)\n    Tasks: 4 (limit: 542)\n   Memory: 2.4M\n   CGroup: /system.slice/rwflowpack.service\n           └─9450 /usr/local/sbin/rwflowpack --sensor-configuration=/var/silk/sensors.conf --output-mode=local-storage --root-directory=/var/silk/data --pidfile=/var/run/rwflowpack.pid --log-level=info --log-dir\n\nDec 02 10:15:23 vg-mokapot-03 systemd[1]: Starting LSB: start and stop SiLK rwflowpack daemon...\nDec 02 10:15:24 vg-mokapot-03 rwflowpack[9431]: Starting rwflowpack:        [OK]\nDec 02 10:15:24 vg-mokapot-03 systemd[1]: Started LSB: start and stop SiLK rwflowpack daemon.\n\n\n$ sudo systemctl status rwflowpack.service --no-pager\n● rwflowpack.service - LSB: start and stop SiLK rwflowpack daemon\n   Loaded: loaded (/etc/init.d/rwflowpack; generated)\n   Active: active (running) since Mon 2019-12-02 10:15:24 UTC; 8min ago\n     Docs: man:systemd-sysv-generator(8)\n  Process: 9431 ExecStart=/etc/init.d/rwflowpack start (code=exited, status=0/SUCCESS)\n    Tasks: 4 (limit: 542)\n   Memory: 2.4M\n   CGroup: /system.slice/rwflowpack.service\n           └─9450 /usr/local/sbin/rwflowpack --sensor-configuration=/var/silk/sensors.conf --output-mode=local-storage --root-directory=/var/silk/data --pidfile=/var/run/rwflowpack.pid --log-level=info --log-di…\n\nDec 02 10:15:23 vg-mokapot-03 systemd[1]: Starting LSB: start and stop SiLK rwflowpack daemon...\nDec 02 10:15:24 vg-mokapot-03 rwflowpack[9431]: Starting rwflowpack:        [OK]\nDec 02 10:15:24 vg-mokapot-03 systemd[1]: Started LSB: start and stop SiLK rwflowpack daemon.\n\n\n$ sudo systemctl status -l rwflowpack.service\n● rwflowpack.service - LSB: start and stop SiLK rwflowpack daemon\n   Loaded: loaded (/etc/init.d/rwflowpack; generated)\n   Active: active (running) since Mon 2019-12-02 10:15:24 UTC; 9min ago\n     Docs: man:systemd-sysv-generator(8)\n  Process: 9431 ExecStart=/etc/init.d/rwflowpack start (code=exited, status=0/SUCCESS)\n    Tasks: 4 (limit: 542)\n   Memory: 2.4M\n   CGroup: /system.slice/rwflowpack.service\n           └─9450 /usr/local/sbin/rwflowpack --sensor-configuration=/var/silk/sensors.conf --output-mode=local-storage --root-directory=/var/silk/data --pidfile=/var/run/rwflowpack.pid --log-level=info --log-dir\n\nDec 02 10:15:23 vg-mokapot-03 systemd[1]: Starting LSB: start and stop SiLK rwflowpack daemon...\nDec 02 10:15:24 vg-mokapot-03 rwflowpack[9431]: Starting rwflowpack:        [OK]\nDec 02 10:15:24 vg-mokapot-03 systemd[1]: Started LSB: start and stop SiLK rwflowpack daemon\n\nRun a test query\n$ sudo /usr/local/bin/rwfilter --sensor=S0 --type=all --all=stdout | rwcut --tail-recs=10\n                                    sIP|                                    dIP|sPort|dPort|pro|   packets|     bytes|   flags|                  sTime| duration|                  eTime|sen|\n                           192.168.20.1|                        239.255.255.250|50222| 1900| 17|         4|       808|        |2019/12/02T10:13:44.092|    3.005|2019/12/02T10:13:47.097| S0|\n                           192.168.20.1|                        239.255.255.250|57301| 1900| 17|         4|       808|        |2019/12/02T10:15:44.090|    3.004|2019/12/02T10:15:47.094| S0|\n                           192.168.20.1|                        239.255.255.250|59544| 1900| 17|         1|       202|        |2019/12/02T10:17:44.133|    0.000|2019/12/02T10:17:44.133| S0|\n                           192.168.20.1|                        239.255.255.250|59544| 1900| 17|         3|       606|        |2019/12/02T10:17:45.135|    2.003|2019/12/02T10:17:47.138| S0|\n                           192.168.20.1|                         192.168.20.255|  137|  137| 17|         6|       468|        |2019/12/02T10:14:21.559|  102.643|2019/12/02T10:16:04.202| S0|\n\n~~~\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgithubfoam%2Fsilk-sandbox","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgithubfoam%2Fsilk-sandbox","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgithubfoam%2Fsilk-sandbox/lists"}