|
Name |
|
Date |
Size |
#Lines |
LOC |
| .. | | 03-May-2022 | - |
| autoconf/ | H | 07-May-2018 | - | 16,559 | 12,319 |
| doc/ | H | 03-May-2022 | - | 3,026 | 2,386 |
| etc/ | H | 03-May-2022 | - | 863 | 690 |
| include/ | H | 03-May-2022 | - | 3,396 | 2,355 |
| m4/ | H | 07-May-2018 | - | 10,096 | 9,099 |
| src/ | H | 03-May-2022 | - | 56,621 | 43,884 |
| AUTHORS | H A D | 22-Feb-2017 | 490 | 12 | 9 |
| COPYING | H A D | 22-Feb-2017 | 17.6 KiB | 341 | 281 |
| Makefile.am | H A D | 26-Apr-2018 | 1.5 KiB | 45 | 20 |
| Makefile.in | H A D | 03-May-2022 | 28.3 KiB | 912 | 807 |
| NEWS | H A D | 07-May-2018 | 6.7 KiB | 334 | 185 |
| README | H A D | 25-Apr-2018 | 2.8 KiB | 64 | 49 |
| aclocal.m4 | H A D | 07-May-2018 | 60.1 KiB | 1,671 | 1,519 |
| configure | H A D | 07-May-2018 | 486 KiB | 16,633 | 13,827 |
| configure.ac | H A D | 07-May-2018 | 10.5 KiB | 299 | 248 |
| super_mediator.spec.in | H A D | 22-Feb-2017 | 2 KiB | 76 | 63 |
README
1super_mediator
2===============
3
4super_mediator is an IPFIX mediator for use with YAF and SiLK tools. It
5processes YAF output data (IPFIX files or via TCP, UDP, or Spread from a
6YAF process) and exports that data in IPFIX or CSV Text format to one or more
7collectors (e.g. flowcap, rwflowpack) or files (e.g. bulk upload to database).
8
9super_mediator can provide simple filtering on collection or at export time.
10super_mediator has the ability to filter by IP address in an IPset but requires
11the SiLK IPset library. Install the library before configuring super_mediator
12with the --with-skipset to ./configure.
13
14super_mediator can be configured to pull the Deep Packet Inspection data from
15YAF that SiLK can not collect and export that information to another IPFIX
16collector, or simply export the data to a CSV/JSON file for bulk upload into a
17database of your choice. Given MySQL credentials, super_mediator will
18import the files into the given database.
19
20super_mediator can also be configured to perform de-duplication on DPI
21protocol information exported by YAF.
22It will export the de-duplicated records in IPFIX, CSV, or JSON format.
23See the man pages for more information.
24
25super_mediator is configured using the super_mediator.conf file. You must
26use the configuration file if more than one collector or exporter is needed.
27Otherwise, simple command line arguments are provided for one collector
28to one exporter.
29
30Building
31==========
32
33super_mediator requires glib 2.12.0 or later; glib is available at
34http://www.gtk.org. Build and install glib before building super_mediator.
35Note that glib is also included in many operating environments or ports
36collections.
37
38super_mediator requires libfixbuf 1.7.0 or later; libfixbuf is available at
39http://tools.netsa.cert.org/fixbuf. Build and install libfixbuf before
40building the super_mediator.
41
42Spread support requires Spread 4.1 or later. Build and install Spread before
43building super_mediator if Spread is your desired transport protocol. Run
44./configure --with-spread to enable Spread in the super_mediator.
45
46super_mediator uses a standard autotools-based build system. The customary
47build procedure (./configure && make && make install) should work in
48most environments.
49
50If mysql libraries are available, the super_table_creator program will also be
51built. Given a few mysql parameters (name, password, database) the
52super_table_creator will create a database and the necessary tables for using
53the default super_mediator DPI CSV output. To disable building the
54super_table_creator, configure with --with-mysql=no.
55
56When building, pkg-config(1) is used to find libfixbuf. You may need
57to set the PKG_CONFIG_PATH to the location of libfixbuf.pc.
58
59Known Issues
60=============
61
62Please send bug reports, feature requests, and questions to
63<netsa-help@cert.org>.
64