silk-flowcap-3.13.0-1.fc25.x86_64.rpm


Advertisement

Description

silk-flowcap - SiLK Toolset: Remote Flow Collection

Distribution: Fedora 25
Repository: CERT Forensics Tools x86_64
Package name: silk-flowcap
Package version: 3.13.0
Package release: 1.fc25
Package architecture: x86_64
Package type: rpm
Installed size: 112.12 KB
Download size: 70.15 KB
Official Mirror: forensics.cert.org
SiLK, the System for Internet-Level Knowledge, is a collection of traffic analysis tools developed by the CERT Network Situational Awareness Team (CERT NetSA) to facilitate security analysis of large networks. The SiLK tool suite supports the efficient collection, storage and analysis of network flow data, enabling network security analysts to rapidly query large historical traffic data sets. SiLK is ideally suited for analyzing traffic on the backbone or border of a large, distributed enterprise or mid-sized ISP. The silk-flowcap package contains flowcap, a daemon to capture NetFlow v5 or IPFIX flows (Internet Protocol Flow Information eXport), to store the data temporarily in files on its local disk, and to forward these files over the network to a machine where rwflowpack processes the data. flowcap is typically used with an rwsender-rwreceiver pair to move the files across the network.

Alternatives

Provides

  • config(silk-flowcap) = 3.13.0-1.fc25
  • silk-flowcap = 3.13.0-1.fc25
  • silk-flowcap(x86-64) = 3.13.0-1.fc25

    Download

    Install Howto

    1. Download cert-forensics-tools-release-25 rpm:
      https://forensics.cert.org/cert-forensics-tools-release-25.rpm
    2. Install cert-forensics-tools-release-25 rpm:
      # rpm -Uvh cert-forensics-tools-release*rpm
    3. Install silk-flowcap rpm package:
      # dnf --enablerepo=forensics install silk-flowcap

    Files

    • /etc/init.d/flowcap
    • /etc/sysconfig/flowcap.conf
    • /usr/sbin/flowcap
    • /usr/share/man/man8/flowcap.8.gz
    • /var/silk/

    Changelog

    2016-09-29 - Lawrence Rogers <lrr@cert.org> 3.13.0-1/2 * Release 3.13.0-1/2 Change across all tools Add support for compressing files with "Snappy" compression when the Snappy library and header are found during configuration. Add support for the SILK_COMPRESSION_METHOD environment variable that provides a default value for the --compression-method switch. rwcount Do not limit the maximum array size to a 32-bit value on 64-bit platforms. rwsettool Add a --symmetric-difference switch to compute the set of IP addresses that occur in only one of two input IPsets. rwfileinfo Disable printing of the record count when the file's compression method is not available. rwfilter, rwfglob Fix a file-selection bug where a --start-date specified in epoch seconds that fell on a day boundary would return files for that entire day instead of for that single hour. PySiLK Fix memory leaks. Fix a bug in the silk.site.repository_iter() where an epoch-based start-date value that fell on a day boundary would return files for that entire day instead of for that single hour. rwsender Change the log messages that are written when scanning the incoming and processing directories.

    2016-06-23 - Lawrence Rogers <lrr@cert.org> 3.12.2-1/2 * Release 3.12.2-1/2 rwgeoip2ccmap Restore support for binary input that was removed in SiLK 3.12.0. rwbagcat Sort the output using the value of each key's counter when the --sort-counters switch is given. rwbag Copy the invocation history and the notes from the source files to the output file(s). rwbagtool When inverting a bag, set the key-type of the output to the counter-type of the input. Previously it was set to custom. rwfileinfo Add a --help-fields switch. Expand the description of rwfileinfo's output on the manual page. rwfilter, rwfglob, rwsiteinfo Fix an unexpected fatal error that would occur when the silk.conf file contained a class that did not contain any types. Check the validity of the silk.conf file and report such errors. rwipfix2silk Write additional log messages when --log-destination is specified. rwpdu2silk Write additional log messages when --log-destination is specified. rwflowpack Change when record counts are reported in the log file: Report the number of records written to each output file only when the files are flushed. Fix a bug processing the reverse side a YAF bi-flow that stored the egressInterface in both the input and output fields. Fix a bug processing a bi-flow record that reversed the vlan interfaces on the forward record. flowcap Fix a bug when processing the reverse side a YAF bi-flow that stored the egressInterface in both the input and output fields. Fix a bug processing a bi-flow record that reversed the vlan interfaces on the forward record. rwflowappend Add locking of incremental files to prevent multiple rwflowappend invocations from processing the same file.

    2016-05-05 - Lawrence Rogers <lrr@cert.org> 3.12.1-1/2 * Release 3.12.1-1/2 rwbagcat Fix a bug where the pager was not invoked when displaying keys as IPs or integers. rwflowpack, flowcap Make substantial changes to the handling of IPFIX and NetFlow v9 records to decrease per-record processing time.

    Advertisement
    Advertisement