The following program will read YAF IPFIX files using libfixbuf and write the flow data to stdout or to a given text file. This program is intended to read IPFIX files generated from YAF 2.x. It will read IPFIX files from earlier versions of YAF, however, it will not be able to parse any flow data that is now contained in the subTemplateMultiList. This program is able to read all Deep Packet Inspection (DPI) elements exported from YAF's DPI plugin or DHCP fingerprinting plugin. The following program requires GLIB 2.12 or later and libfixbuf 1.0.0 or later. In order to use the included CMake configuration file, CMake version 2.8 or later is required. See "Known Issues" below if you are planning to run the mediator on a 64 bit machine.
First, make sure you have libfixbuf 1.0.0 (or later) installed.
If you have CMake installed you can use the included configuration file. You may need to set PKG_CONFIG_PATH to the location of libfixbuf.pc:
yaf_file_mediator takes an IPFIX file generated by YAF as input. It outputs text to a file or stdout.
Each flow record will have output similar to below:
It will also output YAF Process Statistics if YAF ran with stats output enabled (default):
If you have bug reports, feedback, or questions please send them to email@example.com.