github.com/javadmohebbi/gonfcollector

Go Netflow Collector (goNfCollector)

This repo will help you collect Netflow (version 1,5,6,7,9 and IPFIX) from network devices. It stores all the required information needed for further analysis in InfluxDB and visualize them using Grafna.

Currently we are using InfluxDB v2+ for stroring data. If You need older version, you can see this repository.

Features

• Supports almost all Netflow versions: In order to decode Netflow we are using tehmaze go module. this module supports netflow version 1,5,6,7,9 & IPFIX.
• Container ready: Just run a simple shell script to prepare your environment & run the containerized netflow collector
• IP Reputation check: Check source & destination IPs for the reputation & potential threats.
  • Currently we are using IPSum from this repo
  • OpenIntelligence24.com will be available soon. this will be a community based intelligence for checking IP, domains, ... reputatition.
• Machine Learning models & techniques to find threats like DDoS attacks through packet meta data
• Get Geo Locations using IP2Location free lite database (IPv4 & IPv6)
• Fetch AS Numebr & Name if possible from IP
• Fetch Domain Name from IP if Possible (using PTR record)
• Define multiple data exporter:
  • InfluxDB
  • Splunk (CEF)
  • Zabbix

Quick Start

There are multiple ways to deploy "netflow collector" app & easiest ways is all-in-one deployment. This method will run influxdb, grafana & gonfcollector docker container using a shell script. No more further configuration are needed & everythings will be downloaded/configured using a shell script.

ALL-IN-ONE deployment using docker-compose

1. Download the latest version: wget https://download.openintelligence24.com/latest.sh
2. Make this shell script executable chmod +x latest.sh
3. Run the downloaded shellscript. ./latest.sh
   • You might be asked to enter your user's password during the execution.
   • At the end, it will let you know how to run the container.
   • REQUIREMENTS: docker, docker-compose, wget are required!

ALL-IN-ONE defaults

• InfluxDB default passwords:

  • Username: admin
  • Password: influx_admin_secret

• Grafana default passwords:

  • Username: admin
  • Password: secret

• Project path: The shell script will create a directory called oi24 (abbr. of openintelligence24.com) and a subdirectory nfcollector inside your HOME directory. InfluxDB database, grafana dashboards & plugins & ... are in vendors sub-directory.

  • To open this directory run cd $HOME/oi24/nfcollector

• Start & Stop Containers:

  • Start: cd $HOME/oi24/nfcollector && docker-compose up -d
  • Stop: cd $HOME/oi24/nfcollector && docker-compose down