Netflow/IPFIX collector xenoeye 23.11 has been released. This collector allows users to collect traffic flows from various network devices transmitted using the Netflow V5, V9, and IPFIX protocols. It also provides functionality to process data, generate reports, and build graphics. The project is primarily written in the C language and is distributed under the ISC license.
The collector aggregates network traffic by selected fields and exports the data to PostgreSQL. This data can then be used to build reports, graphs (using GNUPLOT, scripts on Python + MatPlotlib), or a dashboard in Grafana. Additionally, the collector can run user scripts when certain thresholds are exceeded. The speed of traffic is calculated using a sliding average. The collector also includes an example script for a Telegram Robot that can notify users through the messenger about speeds exceeding certain thresholds.
The new version of xenoeye introduces several changes, including:
- Added the ability to use GeoIP using the ipapi database. This allows users to create geo-objects for monitoring and export data with GEOIP. The collector supports details by countries, regions, and cities. Additionally, longitude and latitude can be obtained from an IP address, although it should be noted that this information is approximate.
- For routers that cannot export the numbers of autonomous systems in Netflow/IPFIX, users can obtain these numbers and their text descriptions using the IP-location-DB database. This feature allows for the creation of separate monitoring objects that include traffic from selected autonomous systems or the export of autonomous system names in the DBMS.
- Traffic classification by NETFLOW has been added. The collector can classify monitoring objects based on fields such as TCP flags, ports, and packet sizes.
- The XegeoQ console utility has been added, which provides users with GEOIP and autonomous system information for IP addresses using local databases.