Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/chrispassas/nfdump
NFDump File Reader
https://github.com/chrispassas/nfdump
flows netflow nfdump
Last synced: about 1 month ago
JSON representation
NFDump File Reader
- Host: GitHub
- URL: https://github.com/chrispassas/nfdump
- Owner: chrispassas
- License: mit
- Created: 2020-04-08T01:01:22.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2023-01-26T02:26:24.000Z (almost 2 years ago)
- Last Synced: 2024-06-19T06:48:06.069Z (6 months ago)
- Topics: flows, netflow, nfdump
- Language: Go
- Size: 14.7 MB
- Stars: 9
- Watchers: 3
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-go-extra - nfdump - 04-08T01:01:22Z|2022-02-22T14:33:22Z| (Utilities / Fail injection)
README
# nfdump
NFDump File Reader
This library allows Go programs to read file produced by nfdump.
https://github.com/phaag/nfdump
> nfdump is a toolset in order to collect and process netflow and sflow data, sent from netflow/sflow compatible devices. The toolset supports netflow v1, v5/v7,v9,IPFIX and SFLOW. nfdump supports IPv4 as well as IPv6.
## ParseReader Example
Read whole file and return struct with all meta data and records.
```go
package main
import (
"bufio"
"log"
"os"
"time"
"github.com/chrispassas/nfdump"
)
func main() {
var filePath = "testdata/nfcapd-small-lzo"
var nff *nfdump.NFFile
var err error
var f *os.File
f, err = os.Open(filePath)
if err != nil {
log.Fatalf("[ERROR] os.Open error:%#+v", err)
}
defer f.Close()
var reader = bufio.NewReader(f)
nff, err = nfdump.ParseReader(reader)
if err != nil {
log.Fatalf("[ERROR] nfdump.ParseReader error:%#+v", err)
}
for _, record := range nff.Records {
log.Printf("Received:%s routerIP:%s srcIP:%s dstIP:%s srcPort:%d dstPort:%d srcMask:%d dstMask:%d ipNextHop:%s srcAS:%d dstAS:%d",
record.ReceivedTime().Format(time.RFC3339),
record.RouterIP.String(),
record.DstIP.String(),
record.SrcIP.String(),
record.SrcPort,
record.DstPort,
record.SrcMask,
record.DstMask,
record.NextHopIP.String(),
record.SrcAS,
record.DstAS,
)
}
}
```
## StreamReader Example
Reads file one row at a time and returns records. This is generally faster and uses a lot less memory.
```go
package main
import (
"bufio"
"io"
"log"
"os"
"github.com/chrispassas/nfdump"
)
func main() {
var filePath = "testdata/nfcapd-large-lzo"
var err error
var nfs *nfdump.NFStream
var f *os.File
f, err = os.Open(filePath)
if err != nil {
log.Fatalf("[ERROR] os.Open error:%#+v", err)
}
defer f.Close()
var reader = bufio.NewReader(f)
nfs, err = nfdump.StreamReader(reader)
if err != nil {
log.Fatalf("[ERROR] nfdump.StreamReader error:%#+v", err)
}
var record *NFRecord
for {
if record, err = nfs.Row(); err == io.EOF {
goto Stop
} else if err != nil {
log.Printf("[ERROR] nfs.Row() error:%v", err)
goto Stop
}
log.Printf("Received:%s routerIP:%s srcIP:%s dstIP:%s srcPort:%d dstPort:%d srcMask:%d dstMask:%d ipNextHop:%s srcAS:%d dstAS:%d",
record.ReceivedTime().Format(time.RFC3339),
record.RouterIP.String(),
record.DstIP.String(),
record.SrcIP.String(),
record.SrcPort,
record.DstPort,
record.SrcMask,
record.DstMask,
record.NextHopIP.String(),
record.SrcAS,
record.DstAS,
)
}
Stop:
}
```