delian / node-netflowv9 Goto Github PK
View Code? Open in Web Editor NEWNetFlow Version 9 library for Node.JS
License: GNU General Public License v2.0
node-netflowv9's People
Stargazers
Watchers
Forkers
nikl enterstudio markuskont xqjibz ciscokorea shehanhasintha mlow splitice nyxtom haidarchikh fhmunnanode-netflowv9's Issues
ipv4num doesn't seem to work
Hello. I'm trying to use ipv4num: true for netflow v5, but i'm getting this error:
ReferenceError: decIpv4Rule is not defined
at new NetFlowV9 (/srv/ilb-netflow/node_modules/node-netflowv9/netflowv9.js:57:30)
at NetFlowV9 (/srv/ilb-netflow/node_modules/node-netflowv9/netflowv9.js:42:46)
Working with node-cluster
I'm triying to use a Collector with node cluster, but when i use with it, i lose packets.
Say i receive 1k packets on my 1-process server, then i'll receive about 800 in a 2-processes server, 700 in a 3-processes server, and so on.
I started googling a bit, and found that udp4 clustering isn't supported in node 0.10.x as stated on this SO question.
I'm using node v0.10.36 (On ubuntu 14.04), so the first strange thing is that it's working on this version of node. Then it comes this problem of losing packets, which i can't find a solution.
Also tried node v0.11.x but it showed the same results.
Basically, this is my code:
var cluster = require('cluster');
cluster.schedulingPolicy = cluster.SCHED_NONE;
if (cluster.isMaster) {
..
for (var i = 0; i < 4; i++) {
cluster.fork();
}
} else {
var Collector = require('node-netflowv9');
Collector({
port: 9995
}).on('data', function(packet) {
totalPacketCount += packet.flows.length;
});
//then print that count.
Any help would be appreciated.
Thanks!
In & out interface names?
how can i use In and Out Interface Names in netflow v9?
Netflow v9 Issue
I have a Cisco 7606, with Netflow v5 everything works well but with v9 I get this:
NetFlowV9 Unknown template/option data with flowset id 256 +1ms
NetFlowV9 Undecoded flows +0ms { header:
{ version: 9,
count: 32,
uptime: 2440412596,
seconds: 1417567190,
sequence: 130285,
sourceId: 515 },
flows: [] }
NetFlowV9 compile template 257 +1ms
NetFlowV9 Unknown NF type 51 +1ms
node_modules/node-netflowv9/netflowv9.js:185
throw new Error('Unknown NF Type');
Any idea?
Thanks,
IPFix
Any V10/IPFIX support coming??
NetFlowV9 bad header version 10 +0ms
NetFlowV9 Undecoded flows +31ms undefined
Issues with packages from vyos
I'm trying to get packages from a vyos (fork of vyatta) router but keep getting a crash on every packet.
e:\Projekt\bru\mashup\bru-netinfo\node_modules\node-netflowv9\netflowv9.js:184
if (nf.compileRule[0]) return nf.compileRule[len].toString().repla
^
TypeError: Cannot call method 'toString' of undefined
at compileStatement (e:\Projekt\bru\mashup\bru-netinfo\node_modules\node-netflowv9\netflowv9.js:184:63)
at compileTemplate (e:\Projekt\bru\mashup\bru-netinfo\node_modules\node-netflowv9\netflowv9.js:199:36)
at readTemplate (e:\Projekt\bru\mashup\bru-netinfo\node_modules\node-netflowv9\netflowv9.js:220:65)
at nfPktDecode (e:\Projekt\bru\mashup\bru-netinfo\node_modules\node-netflowv9\netflowv9.js:235:22)
at Socket.<anonymous> (e:\Projekt\bru\mashup\bru-netinfo\node_modules\node-netflowv9\netflowv9.js:258:17)
at Socket.EventEmitter.emit (events.js:98:17)
at UDP.onMessage (dgram.js:440:8)
Wireshark seems to be able to decode it.
Sample frame as hex stream
3417eb9f1b1a001b2fb948490800450002089fdb40003f11dea2c0a8f0060a640054c0810bb801f45d6c000900070002549b53b289a200000001000000000000005c0400001500150004001600040001000400020004003c0001000a0002000e0002003d00010003000400080004000c000400070002000b00020005000100060001000400010038000600500006003a000200c90004003000010000005c0401001500150004001600040001000400020004003c0001000a0002000e0002003d00010003000400080004000c000400070002000b00020005000100060001000400010051000600390006003b000200c90004003000010000005c0800001500150004001600040001000400020004003c0001000a0002000e0002003d000100030004001b0010001c00100005000100070002000b000200060001000400010038000600500006003a000200c90004003000010000005c0801001500150004001600040001000400020004003c0001000a0002000e0002003d000100030004001b0010001c00100005000100070002000b000200060001000400010051000600390006003b000200c90004003000010001001a10000004000c000100040030000100310001003200041000000e000000000102000001f4040000400000209e0000209e0000002800000001040003000000000000000a640054c0004c0264aa0050001006001b2fb9484980ee7395562800000000000301
Packet without header and stuff.
000900070002549b53b289a200000001000000000000005c0400001500150004001600040001000400020004003c0001000a0002000e0002003d00010003000400080004000c000400070002000b00020005000100060001000400010038000600500006003a000200c90004003000010000005c0401001500150004001600040001000400020004003c0001000a0002000e0002003d00010003000400080004000c000400070002000b00020005000100060001000400010051000600390006003b000200c90004003000010000005c0800001500150004001600040001000400020004003c0001000a0002000e0002003d000100030004001b0010001c00100005000100070002000b000200060001000400010038000600500006003a000200c90004003000010000005c0801001500150004001600040001000400020004003c0001000a0002000e0002003d000100030004001b0010001c00100005000100070002000b000200060001000400010051000600390006003b000200c90004003000010001001a10000004000c000100040030000100310001003200041000000e000000000102000001f4040000400000209e0000209e0000002800000001040003000000000000000a640054c0004c0264aa0050001006001b2fb9484980ee7395562800000000000301
Splitice seems to be maintaining the tool now
https://github.com/splitice/node-netflowv9
Want to maybe merge in and push an updated npm package if you're no longer maintaining this repo?
in_bytes undefined
Dear all,
thank you for building such a great tool - it helps me do my job pretty better ;-)
We have several Cisco ASA Firewalls with the following firmware-levels:
ASA 5545 - Version 9.1(3)
ASA 5520 - Version 8.4(4)9
ASA 5520 - Version 9.1(4)
On all Firewalls I'm suffering with the same issue, I can not see how many bytes are transferred.
The code I'm using is pretty straightforward - so I don't think I made a mistake here - but to make sure...
var Collector = require('node-netflowv9');
Collector(function(flow) {
Object.keys(flow.flows).forEach(function(flow_nr){
if (flow.flows[flow_nr].ipv4_src_addr) console.log("Source: "+flow.flows[flow_nr].ipv4_src_addr + "\tDestination: "+flow.flows[flow_nr].ipv4_dst_addr + " \tProtocol: " + flow.flows[flow_nr].protocol + " \tsrc-port: " + flow.flows[flow_nr].l4_src_port + " \tdst-port: " + flow.flows[flow_nr].l4_dst_port + " \tbytes: " + flow.flows[flow_nr].in_bytes)
})
}).listen(25560);
An (anonymous/shortend) example of a flow.
{ header:
{ version: 9,
count: 17,
uptime: 3106950079,
seconds: 1424420284,
sequence: 369182748,
sourceId: 0 },
flows:
[ { flowId: 4031249624,
ipv4_src_addr: '1.2.3.4',
l4_src_port: 41934,
input_snmp: 4,
ipv4_dst_addr: '1.2.3.4',
l4_dst_port: 53,
output_snmp: 3,
protocol: 17,
icmpTypeIPv4: 0,
icmpCodeIPv4: 0,
postNATSourceIPv4Address: '1.2.3.4',
postNATDestinationIPv4Address: '1.2.3.4',
postNAPTSourceTransportPort: 41934,
postNAPTDestinationTransportPort: 53,
firewallEvent: 2,
unknown_type_33002: '07e1',
observationTimeMilliseconds: 1424420284201,
initiatorOctets: 123,
responderOctets: 320,
flowStartMilliseconds: 1424420284161,
fsId: 263 },
{ ipv4_src_addr: '1.2.3.4',
l4_src_port: 57553,
input_snmp: 27,
ipv4_dst_addr: '1.2.3.4',
l4_dst_port: 139,
output_snmp: 4,
protocol: 6,
icmpTypeIPv4: 0,
icmpCodeIPv4: 0,
postNATSourceIPv4Address: '1.2.3.4',
postNATDestinationIPv4Address: '1.2.3.4',
postNAPTSourceTransportPort: 57553,
postNAPTDestinationTransportPort: 139,
firewallEvent: 3,
unknown_type_33002: '03e9',
observationTimeMilliseconds: 1424420284201,
unknown_type_33000: '818dd109aea26e3700000000',
unknown_type_33001: '000000000000000000000000',
fsId: 260 },
With the mentioned code above my output looks like:
Source: 1.2.3.4 Destination: 1.2.3.4 Protocol: 17 src-port: 46083 dst-port: 53 bytes: undefined
Do you got an idea, how I can get to the bytes?
Thank you in advance.
Björn
Require nfPktDecode undefined
Hi,
When i try to require nfPktDecode like in your readme.md that does'nt work. (The decoder is equal to undefined). And all of decoder prototype seems to be not linked to the Collector Object.
const netflowPktDecoder = require('node-netflowv9').nfPktDecode;
console.log(netflowPktDecoder) // undefinedSame result with : nf9PktDecode
Can you look why ? I'm working on NodeJS V6.
Best Regards,
Thomas
NEL error
On enable debug display this error:
NetFlowV9 Unknown template/option data with flowset id 285 for xxx.xxx.xxx.xxx:36488 +80ms
NetFlowV9 Undecoded flows {
header: {
version: 9,
count: 40,
uptime: 1283732737,
seconds: 1621348685,
sequence: 1674873,
sourceId: 200
},
flows: []
Any idea ?
flows & templates in one packet
The library doesn't accept new templates from packet, where are flows and templates together (as for example Cisco ASR 1002-X does for NAT logging). Easy fix woud be to split "else if" to a separate if condition for o.templates presence here
https://github.com/delian/node-netflowv9/blob/master/netflowv9.js#L149
ipv6 Returning as string without Semi-Colons
ipv6 returning as string without Semi-Colons.
Is IPFIX going to be supported?
I know it's more like IPFIX = NetFlow V10 and this project says V9.
Vyos seems to include IPFIX types within it's V9 netflow packets.
So unless they are included this library seems unusable for that.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.