Logo
nfdump

nfdump

#Operations Management#SIEM

A collection of free shareable log samples from various systems with evidence of compromise and malicious activity, maintained by Dr. Anton Chuvakin.

Visit Website

nfdump: A Comprehensive Toolset for Network Data

nfdump is a toolset designed for collecting and processing netflow, IPFIX, and sFlow data that is sent from devices compatible with netflow and sFlow.

It contains several collectors to gather flow data and generate statistics

It contains several collectors that gather flow data and can process and display flows in various output formats, producing a wide range of statistics.

It also features a robust

It also features a robust flow filter and has the capability to aggregate flows based on a user-defined number of elements. nfdump can enhance the flow listing by adding geo-location information and AS information. Additionally, it can read from and write to flow files in various formats.

Compatibility with nfdump-1

nfdump-1 is compatible with version 6.18 and can read files generated by earlier versions. nfdump is now a multi-threaded application, utilizing parallel threads for reading, writing, and processing flows, as well as for sorting.

It supports flexible length fields and enhanced processing capabilities

It supports flexible length fields for NetFlow v9 and IPFIX, and has improved packet processing with nfpcapd. Nfdump now includes new programs, such as geolookup, which enables the enrichment of IP addresses with corresponding country codes and locations, as well as the addition of potentially missing AS information.

Support for NSEL/ASA and NEL/NAT Event Logging

It also supports NSEL/ASA as well as NEL/NAT event logging.