The Network Situational
Awareness (NetSA) group at CERT has developed and maintains a
suite of open source tools for monitoring large-scale networks
using flow data. These tools have grown out of the work of the
AirCERT project, the SiLK project and the effort to integrate this
work into a unified, standards-compliant flow collection and
CERT is a part of the Software Engineering Institute
(SEI), a federally funded research and development center
(FFRDC) operated by Carnegie Mellon
The System for Internet Level Knowledge (SiLK) is an efficient
network flow collection and storage infrastructure that will
accept flow data from a variety of sensors. SiLK also provides a
suite of efficient command-line tools for analysis.
Yet Another Flow Sensor (YAF) processes packet data into
bidirectional flow records that can be used as input to an IPFIX
Collecting Process. YAF's output can be used with the NetSA
Aggregated Flow (NAF) toolchain and the SiLK tools.
The fixbuf library provides a set of functions for processing the
IPFIX protocol message format. Using fixbuf, developers can build
IPFIX Collecting and Exporting Processes. pyfixbuf provides a
Python API to the fixbuf library.
iSiLK is a graphical front-end for the SiLK tools, designed to
work with an existing installation of the SiLK analysis suite. The
application uses the SSH protocol to connect to an analysis
server, run SiLK command-line tools and copy data files. It
provides an easy-to-use alternative interface to the core
functionality of the SiLK tool suite.