BLOG

nfstream ubuntu monitor

Ubuntu optimize:

ethtool -G ens161 rx 4096 tx 4096
ip link set ens161 txqueuelen 100000
sysctl -w net.core.rmem_max=$((1024*1024*16))

sysctl

fs.aio-max-nr = 524288
fs.file-max = 611160
kernel.msgmax = 131072
kernel.msgmnb = 131072
kernel.panic = 15
kernel.pid_max = 65536
kernel.printk = 4 4 1 7
kernel.sysrq = 0
net.core.default_qdisc = fq
net.core.netdev_max_backlog = 262144
net.core.optmem_max = 16777216
net.core.somaxconn = 65535
net.core.wmem_max = 16777216
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.ip_forward = 0
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_congestion_control = bbr
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_keepalive_intvl = 10
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_time = 60
net.ipv4.tcp_low_latency = 1
net.ipv4.tcp_max_orphans = 10000
net.ipv4.tcp_max_syn_backlog = 65000
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_moderate_rcvbuf = 1
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_notsent_lowat = 16384
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_sack = 0
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_window_scaling = 0
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
vm.dirty_background_ratio = 2
vm.dirty_ratio = 60
vm.max_map_count = 262144
vm.overcommit_memory = 1
vm.swappiness = 1

NFSTREAM:

from nfstream import NFStreamer
my_capture_streamer = NFStreamer(source=args.nic, statistical_analysis=True, splt_analysis=1 )

for flow in my_capture_streamer:
                NFEntry={
                        "epoch_first_seen":flow.bidirectional_first_seen_ms,
                        "epoch_last_seen":flow.bidirectional_last_seen_ms,
                        "timedate_first_seen":datetime_to_int(epoch_to_time(flow.bidirectional_first_seen_ms)),
                        "timedate_last_seen":datetime_to_int(epoch_to_time(flow.bidirectional_last_seen_ms)),
                        "time_duration":flow.bidirectional_duration_ms/1000,
                        "version":flow.ip_version,
                        "protocol":flow.protocol,
                        "src_ip":flow.src_ip,
                        "src_port":flow.src_port,
                        "dst_ip":flow.dst_ip,
                        "dst_port":flow.dst_port,
                        "dst_mac":flow.dst_mac,
                        "vlan_id":flow.vlan_id,
                        "src_mac":flow.src_mac,
                        "whois_destination_name": whois_cache.get(flow.dst_ip)[0],
                        "whois_destination_cidr": whois_cache.get(flow.dst_ip)[1],
                        #"process_name":''.join(find_process),
                        #"process_pid":find_pid[0],
                        #"process_name":''.join(retrieve_process_info(int(find_pid[0]))[0]),
                        #"process_exe":''.join(retrieve_process_info(int(find_pid[0]))[1]),
                        #"process_cmd_line":' '.join(retrieve_process_info(int(find_pid[0]))[2])[0:255],
                        #"process_parent_pid":retrieve_process_info(int(find_pid[0]))[3],
                        #"process_parent_name":''.join(retrieve_process_info(int(find_pid[0]))[4]),
                        #"process_create_time":retrieve_process_info(int(find_pid[0]))[5],
                        "total_packets":flow.bidirectional_packets,
                        "total_bytes":flow.bidirectional_bytes,
                        "src2dst_packets":flow.src2dst_packets,
 !/#@5                  "src2dst_bytes":flow.src2dst_bytes,
                        "dst2src_packets":flow.dst2src_packets,
                        "dst2src_bytes":flow.dst2src_bytes,
                        "application_name":flow.application_name,
                        "category_name":flow.application_category_name,
                        "auth0_signal_badip":auth0_signal(flow.dst_ip)
                }

                
                print(NFEntry)

Ref: https://github.com/nfstream/nfstream

API DOC: https://www.nfstream.org/docs/api

https://www.nfstream.org/resources/architecture_nfstream.png
   Send article as PDF   
20. decembra 2020 monitoring
Žiadne komentáre

Apache2 php8, php8-fpm

mikrotik change mac address

Pridaj komentár Zrušiť odpoveď

61  +    =  66

Najnovšie články

  • Windows server 2022 printer add 16. septembra 2024
  • Elasticsearch docker ssl 27. júla 2024
  • Azure AuditEnterpriseAppsAzure 7. júla 2024
  • MSSQL server create external account from entra ID 20. marca 2024
  • ubuntu bring up all interface and show actual speed 17. januára 2024
  • RDP password BruteForce 12. decembra 2023
  • CiscoUCS 6XXX reboot 10. júna 2023

Najnovšie komentáre

  • Róbert Čečetka komentoval Zobrazenie všetkých stĺpcov z MYSQL cez PHP a html

Archív

  • september 2024
  • júl 2024
  • marec 2024
  • január 2024
  • december 2023
  • jún 2023
  • máj 2023
  • marec 2023
  • december 2022
  • október 2022
  • august 2022
  • júl 2022
  • máj 2022
  • apríl 2022
  • marec 2022
  • október 2021
  • september 2021
  • august 2021
  • jún 2021
  • máj 2021
  • apríl 2021
  • marec 2021
  • február 2021
  • január 2021
  • december 2020
  • november 2020
  • október 2020
  • september 2020
  • august 2020
  • júl 2020
  • jún 2020
  • máj 2020
  • apríl 2020
  • marec 2020
  • február 2020
  • január 2020
  • december 2019

Kategórie

  • Active Directory (3)
  • Ansible (1)
  • apereo (3)
  • BIaKS (2)
  • checkpoint (4)
  • CISCO (40)
  • docker (4)
  • emby (2)
  • freeradius (7)
  • Lenovo-IBM (1)
  • Linux (79)
  • Mikrotik (2)
  • monitoring (34)
  • Nezaradené (24)
  • PLESK (3)
  • Programovanie (13)
  • VEEAM (2)
  • VMware (38)
  • Windows (17)
  • Zabezpecenie (5)

Meta

  • Prihlásiť sa
  • Feed záznamov
  • RSS feed komentárov
  • WordPress.org
Hrdo poháňa WordPress | Téma: Neblue od NEThemes.