• Stars
    star
    119
  • Rank 297,930 (Top 6 %)
  • Language
    C
  • License
    Other
  • Created about 6 years ago
  • Updated 5 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

High-performance NetFlow v5/v9 and IPFIX collector (RFC7011)
Master branch BuildMaster
Devel branch BuildDevel

IPFIXcol2

IPFIXcol2 is a flexible, high-performance NetFlow v5/v9 and IPFIX flow data collector designed to be extensible by plugins. The second generation of the collector includes many design and performance enhancements compared to the original IPFIXcol.

The collector allows you to choose combination of input, intermediate and output plugins that best suit your needs. Do you need to receive data over UDP/TCP and store them for long term preservation? Or, do you prefer conversion to JSON and processing by other systems? No problem, pick any combination of plugins.

Features:

  • Input, intermediate and output plugins with various options
  • Parallelized design for high-performance
  • Support for bidirectional flows (biflow)
  • Support for structured data types (i.e. lists)
  • Built-in support for many Enterprise-Specific Information Elements (Cisco, Netscaler, etc.)

Available plugins

Input plugins - receive NetFlow/IPFIX data. Each can be configured to listen on a specific network interface and a port. Multiple instances of these plugins can run concurrently.

  • UDP - receive NetFlow v5/v9 and IPFIX over UDP
  • TCP - receive IPFIX over TCP
  • FDS File - read flow data from FDS File (efficient long-term storage)
  • IPFIX File - read flow data from IPFIX File

Intermediate plugins - modify, enrich and filter flow records.

  • Anonymization - anonymize IP addresses (in flow records) with Crypto-PAn algorithm

Output plugins - store or forward your flows.

  • FDS File - store all flows in FDS file format (efficient long-term storage)
  • Forwarder - forward flows as IPFIX to one or mode subcollectors
  • IPFIX File - store all flows in IPFIX File format
  • JSON - convert flow records to JSON and send/store them
  • JSON-Kafka - convert flow records to JSON and send them to Apache Kafka
  • Viewer - convert IPFIX into plain text and print it on standard output
  • Time Check - flow timestamp check
  • Dummy - simple output module example
  • lnfstore (*) - store all flows in nfdump compatible format for long-term preservation
  • UniRec (*) - send flow records in UniRec format via TRAP communication interface (into Nemea modules)

* Must be installed individually due to extra dependencies

How to build

IPFIXcol is based on libfds library that provides functions for IPFIX parsing and manipulation. First of all, install the library. For more information visit the project website and follow installation instructions.

However, you have to typically do following steps: (extra dependencies may be required)

$ git clone https://github.com/CESNET/libfds.git
$ cd libfds
$ mkdir build && cd build && cmake .. -DCMAKE_INSTALL_PREFIX=/usr
$ make
# make install

Second, install build dependencies of the collector

RHEL/CentOS:

yum install gcc gcc-c++ cmake make python3-docutils zlib-devel librdkafka-devel
# Optionally: doxygen pkgconfig
  • Note: latest systems (e.g. Fedora/CentOS Stream 8) use dnf instead of yum.
  • Note: package python3-docutils may by also named as python-docutils or python2-docutils
  • Note: package pkgconfig may by also named as pkg-config
  • Note: CentOS Stream 8 usually requires additional system repositories to be enabled:
dnf -y install epel-release
dnf config-manager --set-enabled appstream powertools
  • Note: Oracle Linux 8 usually requires additional system repositories to be enabled:
dnf -y install oracle-epel-release-el8
dnf config-manager --set-enabled ol8_appstream ol8_codeready_builder

Debian/Ubuntu:

apt-get install gcc g++ cmake make python3-docutils zlib1g-dev librdkafka-dev
# Optionally: doxygen pkg-config

Finally, build and install the collector:

$ git clone https://github.com/CESNET/ipfixcol2.git
$ cd ipfixcol2
$ mkdir build && cd build && cmake ..
$ make
# make install

How to configure and start IPFIXcol

Before you can start IPFIXcol, you have to prepare a configuration file. The file describes how IPFIXcol is configured at startup, which plugins are used and, for example, where flow data will be stored. The structure of the configuration is described here. Several configuration examples that demonstrate features of the collector are given in the section "Example configuration files".

Coming soon

  • Runtime reconfiguration (improved compared to the previous generation)
  • Input plugins for files (IPFIX, fds, etc.)
  • Flow filtration and flow profiling
  • Flow aggregation
  • RPM/DEB packages

FAQ

Do you have any troubles? Unable to build and run the collector? Feel free to submit a new issue.

We are open to new ideas! For example, are you missing a specific plugin that could be useful also for other users? Please, share your experiences and thoughts.


Q:My exporter sends flow data over UDP, however, the IPFIXcol doesn't process/store any data immediately after start.
A:This is normal behaviour caused by UDP transport protocol. It may take up few minutes until the first record is processed based on template refresh interval on the exporter. For more information, see documentation of UDP plugin.
Q:The collector is not able to find a plugin. What should I do?
A:First of all, make sure that the plugin is installed. Some plugins (e.g. Unirec) are optional and must be installed separately. Therefore, list all available plugins using ipfixcol2 -L and check if the plugin is on the list. If not, see the plugin page for help. If the problem still persists, check if the plugin is installed in the correct directory. Since plugins might be placed in different locations on different platforms, show help using ipfixcol2 -h and see the default value of -p PATH parameter. In some situations, it is also possible that the plugin cannot be loaded (even when it is properly installed) due to additional dependencies (e.g. missing library etc.). If this is the issue, use ipfixcol2 -L -v and there might be a message like this WARNING: Configurator (plugin manager): Failed to open file... (some reason) on the first line that might help you.
Q:How can I add more IPFIX fields into records?
A:The collector receives flow records captured and prepared by an exporter. IPFIX is an unidirectional protocol which means that the collector is not able to instruct the exporter what to measure or how to behave. If you want to enhance your records, please, check configuration of your exporter.
Q:After manual build and installation the collector is unable to start and a message similar to error while loading shared libraries: libfds.so.0: cannot open shared object file: No such file or directory is given.
A:Make sure that libfds is installed properly and your system is able to locate it. Some systems (e.g. RHEL/CentOS/Fedora) for historical reason doesn't search for shared libraries in the default installation directory where the libfds is installed. You can permanently include this directory. For example, if the library is located in /usr/local/lib64, use as administrator "echo "/usr/local/lib64" > /etc/ld.so.conf.d/local64.conf && ldconfig" or temporarily change an environment variable "export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib64/"

More Repositories

1

UltraGrid

UltraGrid low-latency audio and video network transmission system
C
499
star
2

libyang

YANG data modeling language library
C
367
star
3

netopeer2

NETCONF toolset
C
301
star
4

GPUJPEG

JPEG encoder and decoder library and console application for NVIDIA GPUs from CESNET and SITOLA of Faculty of Informatics at Masaryk University.
C
240
star
5

libnetconf2

C NETCONF library
C
203
star
6

netopeer

NETCONF Protocol Toolset
Shell
116
star
7

libnetconf

C NETCONF library
C
110
star
8

Nemea

System for network traffic analysis and anomaly detection.
Shell
79
star
9

ipfixcol

IPFIXcol is an implementation of an IPFIX (RFC 7011) collector
C++
64
star
10

libyang-python

Python bindings for the libyang library
Python
62
star
11

perun

Perun Identity and Access Management System
Java
57
star
12

pakiti-server

Pakiti provides a monitoring mechanism to check the patching status of Linux systems.
PHP
49
star
13

Netopeer-GUI

Graphical user interface for NETCONF client
PHP
35
star
14

NERD

Network Entity Reputation Database
Python
31
star
15

ipfixprobe

C++
30
star
16

FlowTest

Testbed for testing NetFlow/IPFIX network monitoring probes. Includes tools for PCAP generation and replay of 1/10/100G network traffic.
C++
29
star
17

Netopeer2GUI

Web-based NETCONF management center
TypeScript
25
star
18

ndk-app-minimal

Minimal Application based on Network Development Kit (NDK) for FPGA cards
VHDL
24
star
19

ofm

Open FPGA Modules
VHDL
22
star
20

Nemea-Detectors

Detection modules of the Nemea system.
C++
21
star
21

sphinx-vhdl

Python
20
star
22

fake-oidc-server

A simple OpenID Connect Authorization Server that provides a single user
Java
19
star
23

cesnet-datazoo

CESNET DataZoo: A toolset for large network traffic datasets
Python
17
star
24

netconf-cli

A NETCONF-talking CLI
C++
15
star
25

Nemea-Modules

Base modules of the Nemea system. This repository contains modules for export, replay, filtering, merging etc.
C++
14
star
26

rad_eap_test

Nagios compatible shell script used for testing RADIUS servers by EAP
Shell
14
star
27

secant

Security Cloud Assessment Tool
Shell
11
star
28

torque

MetaCentrum fork of Torque batch system used on the Czech National Grid
C
11
star
29

libyang-cpp

C++ bindings for the libyang library
C++
10
star
30

Nemea-Framework

Nemea framework is the heart of the Nemea system. It contains implementation of common communication interfaces, UniRec data format and useful datastructures and algorithms.
C
10
star
31

perun-services

Scripts used by Perun to (de)provision services with authorization data
Perl
9
star
32

velia

YANG System management for embedded devices running Linux
C++
9
star
33

libfds

Flow Data Storage library
C++
9
star
34

pbspro.hooks

Python
8
star
35

ALF

Active Learning Framework
Python
8
star
36

cesnet-models

CESNET Models: Neural networks for network traffic classification
Python
8
star
37

rousette

An almost-RESTCONF server
C++
7
star
38

wayf

The CESNET WAYF service
JavaScript
7
star
39

cesnet-tcexamples

Jupyter notebooks with traffic classification examples using CESNET DataZoo and CESNET Models packages
Jupyter Notebook
7
star
40

TorqueFastSched

High performance scheduler for Torque resource manager. Optimized for highly heterogeneous environments.
C++
6
star
41

liberouter-gui

Python
6
star
42

pOCCI

OCCI Compliance Tests
Python
6
star
43

libfastbit

Clone of FastBit repository
C++
6
star
44

NEMEA-SIoT

NEMEA modules for securing IoT networks.
C
6
star
45

exafs

ExaFS is a tool for creation, validation, and execution of ExaBGP messages.
Python
6
star
46

eduroam-icinga

new ermon (eduroam monitoring)
Shell
6
star
47

ansible-freeradius

Ansible role to install FreeRADIUS v3 for eduroam.cz
Shell
6
star
48

etlog

eduroam traffic log analysis
JavaScript
5
star
49

gridsite

Grid Security for the Web.
C
5
star
50

php-perun-ws

PHP
5
star
51

lighterwall

LighterWall is an iptables/ip6tables wrapper to ease writing of corresponding IPv4/IPv6 firewalls
Shell
5
star
52

connector-kerberos

Native MIT Kerberos Polygon+ConnId connector
Java
4
star
53

ndk-core

Common CORE of Network Development Kit (NDK)
VHDL
4
star
54

eInfra-docs

Python
4
star
55

perun-ansible

Ansible scripts for Perun installation
4
star
56

389ds-plugin-ssm

Server Side Modification plugin
C
4
star
57

LiST

Security Tools as a Service
Python
4
star
58

perun-ansible-roles

repo with git submodules for Ansible roles
4
star
59

Nemea-OpenWRT

The NEMEA packages feed
Makefile
4
star
60

dp3

Dynamic Profile Processing Platform (DP³), the base platform for ADiCT project
Python
4
star
61

ndk-sw

Linux driver and SW tools for Network Development Kit (NDK)
C
4
star
62

libnetconf2-cpp

C++ bindings for the libnetconf2 library
C++
4
star
63

satosa-module-webauthn

WebAuthn module for SaToSa
Python
3
star
64

shongo

Shongo Resource Management System
Java
3
star
65

DHuSTools

Small tools developed to accompany ESA DHuS instances
Shell
3
star
66

metacentrum-accounting

Accounting for MetaCentrum
Java
3
star
67

lgbm2vhdl

LGBM2VHDL: Tool for converting LightGBM models into VHDL implementation.
Python
3
star
68

IndigoVR

Virtual Router Appliance for virtual networks
3
star
69

perun-mitreid

OpenID Connect Provider for Perun
Java
3
star
70

occi-schemas

OCCI (Open Cloud Computing Interface) Rendering Schemas
Makefile
3
star
71

ndk-cards-open

FPGA cards files for the NDK
VHDL
3
star
72

php-authz-ws

Authorization web service
PHP
3
star
73

canl-c

Common Authentication library - bindings for C.
C
3
star
74

shongo-authn-server

Authentication server for the Shongo project
PHP
3
star
75

pakiti-client

Client for Pakiti patching status monitoring system
Perl
3
star
76

glite-lb

gLite Logging and Bookkeeping.
C
3
star
77

fdistdump

Tool for distributed quering of flow data.
C
3
star
78

sysrepo-ietf-alarms

Alarm management (ietf-alarms) YANG module for sysrepo
C++
3
star
79

ansible-role-yubikeys

Ansible Galaxy role cesnet.yubikeys
2
star
80

simplesamlphp-module-authswitcher

PHP
2
star
81

theme-cesnet

Custom CESNET theme for ownCloud
PHP
2
star
82

ansible-role-apache-tls

Ansible Galaxy role cesnet.apache_tls
2
star
83

user_openidc

ownCloud user backend app providing OpenID Connect authentication
PHP
2
star
84

perun-simplesamlphp-module

Module which allows simpleSAMLphp to get data from Perun
PHP
2
star
85

proxyrenewal

Proxyrenewal renews existing proxy certificates for grid users.
C
2
star
86

NOW

Component to extend OpenNebula network orchestration capabilities
Ruby
2
star
87

Nemea-Supervisor

Management and monitoring module for the Nemea system.
Shell
2
star
88

glite-testsuites

Testsuites for gLite middleware and EMI products - canl-c, L&B, Proxyrenewal and Gridsite.
Shell
2
star
89

metaman-helpers

Client-side and server-side Git hooks along with other possible helpers for MetaMan.
Shell
2
star
90

eduroam-db

tools for management of eduroam database data
JavaScript
2
star
91

eduroam-live

live demonstration of eduroam service in action
JavaScript
2
star
92

netopeerguid

Netopeer-GUI backend
C
2
star
93

Phishingator

Phishingator – Phishing Training System (Systém pro rozesílání cvičných phishingových zpráv)
PHP
2
star
94

lbr-testsuite

Python
2
star
95

google-group-connector

Tool for provisioning users and groups in your domain in G Suite
Java
2
star
96

shibboleth-sp-access-control

Shibboleth service provider access control
PHP
2
star
97

PerQoDA

1
star
98

satosa-microservice-webauthn

WebAuthn microservice for SaToSa
Python
1
star
99

ansible-role-postgresql

Ansible Galaxy role cesnet.postgresql
1
star
100

metacentrum-hands-on

Repository for MetaCentrum hands-on courses
1
star