The Wayback Machine - https://web.archive.org/web/20201031185538/https://github.com/chrispassas/nfdump
Skip to content

/ nfdump

NFDump File Reader

MIT License
3 stars 0 forks
Star
Watch
master
1 branch 0 tags
Go to file
Code
Clone

Use Git or checkout with SVN using the web URL.

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
testdata
 
 
LICENSE
 
 
README.md
 
 
go.mod
 
 
go.sum
 
 
nfdump.go
 
 
nfdump_test.go
 
 
stream.go
 
 
stream_test.go
 
 

README.md

nfdump

NFDump File Reader

This library allows Go programs to read file produced by nfdump.

https://github.com/phaag/nfdump

nfdump is a toolset in order to collect and process netflow and sflow data, sent from netflow/sflow compatible devices. The toolset supports netflow v1, v5/v7,v9,IPFIX and SFLOW. nfdump supports IPv4 as well as IPv6.

ParseReader Example

Read whole file and return struct with all meta data and records.

package main

import (
	"bufio"
	"log"
	"os"
	"time"

	"github.com/chrispassas/nfdump"

)

func main() {
    var filePath = "testdata/nfcapd-small-lzo"
    var nff *nfdump.NFFile
	  var err error
    var f *os.File
	  
    f, err = os.Open(filePath)
	  
    if err != nil {
		    log.Fatalf("[ERROR] os.Open error:%#+v", err)
	  }
	  defer f.Close()
    
    var reader = bufio.NewReader(f)
	  nff, err = nfdump.ParseReader(reader)
	  
    if err != nil {
		    log.Fatalf("[ERROR] nfdump.ParseReader error:%#+v", err)
	  }
    
    for _, record := range nff.Records {
        log.Printf("Received:%s routerIP:%s srcIP:%s dstIP:%s srcPort:%d dstPort:%d srcMask:%d dstMask:%d ipNextHop:%s srcAS:%d dstAS:%d",
        record.ReceivedTime().Format(time.RFC3339),
			  record.RouterIP.String(),
			  record.DstIP.String(),
			  record.SrcIP.String(),
			  record.SrcPort,
			  record.DstPort,
			  record.SrcMask,
			  record.DstMask,
			  record.NextHopIP.String(),
			  record.SrcAS,
			  record.DstAS,
		)
    
    }
}

StreamReader Example

Reads file one row at a time and returns records. This is generally faster and uses a lot less memory.

package main

import (
	"bufio"
	"io"
	"log"
	"os"

	"github.com/chrispassas/nfdump"
)

func main() {

    var filePath = "testdata/nfcapd-large-lzo"
    var err error
    var nfs *nfdump.NFStream
    var f *os.File
    f, err = os.Open(filePath)
    if err != nil {
        log.Fatalf("[ERROR] os.Open error:%#+v", err)
    }
    defer f.Close()

    var reader = bufio.NewReader(f)
    nfs, err = nfdump.StreamReader(reader)
    if err != nil {
        log.Fatalf("[ERROR] nfdump.StreamReader error:%#+v", err)
    }
    
    var record *NFRecord
    for {
	if record, err = nfs.Row(); err == io.EOF {
	    goto Stop
	} else if err != nil {
	    log.Printf("[ERROR] nfs.Row() error:%v", err)
	    goto Stop
	}

	log.Printf("Received:%s routerIP:%s srcIP:%s dstIP:%s srcPort:%d dstPort:%d srcMask:%d dstMask:%d ipNextHop:%s srcAS:%d dstAS:%d",
        record.ReceivedTime().Format(time.RFC3339),
			  record.RouterIP.String(),
			  record.DstIP.String(),
			  record.SrcIP.String(),
			  record.SrcPort,
			  record.DstPort,
			  record.SrcMask,
			  record.DstMask,
			  record.NextHopIP.String(),
			  record.SrcAS,
			  record.DstAS,
		)

	}
Stop:

}

About

NFDump File Reader

Topics

flows netflow nfdump

Resources

Readme

License

MIT License

Releases

No releases published

Packages

No packages published

Languages

You can’t perform that action at this time.