Monitoring for Large-Scale Networks

fixbuf-tools

Documentation

fixbuf-tools Documentation

fixbuf-tools contains command line tools to read IPIX files created by YAF and other NetSA tools and convert them to other formats.

The tools are

ipfix2json – reads an IPFIX file and writes it as JSON
ipfixDump – reads an IPFIX file and writes it to human-readable text

A data file is also installed:

cert_ipfix.xml – contains the definitions of Information Elements used by ipfix2json and ipfixDump to process data from yaf and super_mediator.

Installation

This section describes installing from source.

Prerequisites

fixbuf-tools requires libfixbuf-2.3.0 or later including libfixbuf-3.x.

fixbuf-tools requires glib-2.0 version 2.36 or later. glib is available on most modern Linux distributions and BSD ports collections, or in source form from http://www.gtk.org.

If ./configure is unable to find libfixbuf, you may need to set the PKG_CONFIG_PATH environment variable to the directory containing the libfixbuf.pc file.

On Linux systems, ensure packages containing the header files and unversioned libraries are installed: Install the glib2-devel and libfixbuf-devel package on RPM-based systems or the libglib-2.0-dev and libfixbuf-dev packages on APT-based systems.

Building

fixbuf-tools uses a reasonably standard autotools-based build system. The customary build procedure (./configure && make && make install) should work in most environments.

Running

To run the tools on a file named flows.ipfix, run

ipfix2json --in flows.ipfix | less

ipfixDump --in flows.ipfix | less

If the tools complain that cert_ipfix.xml cannot be found, run

G_MESSAGES_DEBUG=all ipfix2json --in flows.ipfix --out /dev/null

to see the tool’s attempts to find the file. If needed, provide the --cert-element-path option with the directory containing the cert_ipfix.xml file, or use --no-cert-elements to have the tool skip the loading of that file.

Use the --string-format and --octet-format to modify how the string and binary (octetArray) values are displayed.

The --show option controls what is displayed. By default, ipfix2json shows only data records and ipfixDump shows template records, data records, and IPFIX message boundaries.

Copyright

@DISTRIBUTION_STATEMENT_BEGIN@

fixbuf-tools 4.0

NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN “AS-IS” BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

Licensed under a GNU GPL 2.0-style license, please see LICENSE.txt or contact permission@sei.cmu.edu for full terms.

[DISTRIBUTION STATEMENT A] This material has been approved for public release and unlimited distribution. Please see Copyright notice for non-US Government use and distribution.

This Software includes and/or makes use of Third-Party Software each subject to its own license.

DM24-1024

@DISTRIBUTION_STATEMENT_END@