Giter Site home page Giter Site logo

ipfix-receiver's People

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

indigo423 fredfav aqover

ipfix-receiver's Issues

Error: Ignoring flow, because not Layer 3 (IP).

Message: INFO@OpenSocketAggregator: Ignoring flow, because not Layer 3 (IP).

Currently Layer 2 flows (MAC-Src + Dst) can't be aggregated, because there is no aggregator available. So this L2-flows are ignored.

TODO:
--> Rewrite Aggregator, so that it handles L2, L3 and probably physical :-D

Idea:

  • Superclass FlowAggregator
  • L3Aggregator inherits from FlowAggregator
  • L2Aggregator inherits from FlowAggregator

Bottleneck Conversation Aggregator

ERROR: Overall Queue-Size is extremly long ((Queue-Size) Flows: 0. Corrector: 916. Stats: 25. Conversation: 88949. Security: 0. Postprocessing: 0. Finisher: 0.)

Conversation-Aggregator is currently a bottleneck. Rewrite of Aggregator is necessary, as already written in #4.

Change Setup elasticsearch (newer es releases)

Method old: POST, new: PUT:

Content:
PUT /ipfix
{
"mappings": {
"conversation": {
"properties": {
"sourceIPv6Address": {
"type": "ip"
},
"sourceIPv4Address": {
"type": "ip"
},
"destinationIPv6Address": {
"type": "ip"
},
"destinationIPv4Address": {
"type": "ip"
},
"@timestamp": {
"type": "date",
"format": "epoch_millis"
},
"sourceHostname" : {"type" : "string", "index" : "not_analyzed"},
"destinationHostname" : {"type" : "string", "index" : "not_analyzed"},
"destinationTransportPortName" : {"type" : "string", "index" : "not_analyzed"},
"sourceTransportPortName" : {"type" : "string", "index" : "not_analyzed"},
"protocolIdentifierName" : {"type" : "string", "index" : "not_analyzed"},
"networkLocation" : {"type" : "string", "index" : "not_analyzed"},
"securityReason" : {"type" : "string", "index" : "not_analyzed"}
}
}
}
}

Error: Length of Template and Data not equal

If multiple IPFIX-Senders send messages with same the Template-ID, but different template data, there is an error while parsing: "Length of Template and Data not equal". So packets can't be parsed, because they will use a wrong template.

Solution (todo): Implement a datastructure, which holds and finds templates by source ip of ipfx-sender.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.