Netflow-collector Xenoeye is now available for use. The open-source tool is designed to collect traffic statistics from various network devices that are transmitted using Netflow V9 protocols and ipfix. The data collected can then be generated into reports and graphs.
Xenoeye is equipped with additional features such as the ability to run user scripts when thresholds are exceeded. The collector is primarily written in C and distributed under the ISC license. Xenoeye allows for preliminary aggregation within the collector, while aggregated Netflow Polish data is exported to PostgreSQL.
The tool is capable of handling a substantial workload, with a productivity that can reach several hundred thousand “Flows Per Second” on one CPU, depending on the nature of the traffic and reports. Xenoeye also uses sliding average to calculate the exceeding the traffic speed.
In addition, Xenoeye can be used to search for infected hosts, determine sharp bursts during DOS/DDoS attacks and visualize network reports using different utilities such as gnuplot, scripts on Python + MatPlotlib and Grafana. Unlike many other modern collectors, Xenoeye’s calculations occur within the collector itself rather than relying on external software such as Apache Kafka or Elastic.
Xenoeye provides a flexible and customizable solution with the ability to add almost any additional field, making it a valuable tool for organizations looking for a reliable and efficient solution for traffic statistics and analysis.
| Features of Xenoeye |
|---|
| Aggregated Netflow Polish data is exported to PostgreSQL. Preliminary aggregation occurs inside the collector. |
| From the box, only the basic set of Netflow-fields is maintained, but you can add almost any field. |
| The productivity of the collector, depending on the nature of the traffic and reports, can reach several hundred thousand “Flows Per Second” on one CPU. The load distribution model – according to the device (router) on the stream. |
| The collector uses sliding average to calculate the exceeding the traffic speed. |
| Xenoeye can be used to search for infected hosts (sending postal spam, http (s) -flood, ssh scanners), to determine sharp bursts at DOS/DDOS attacks. |
| Network |