SiLK (System for Internet-Level Knowledge) consists of two sets of tools: a packing system and an analysis suite. The packing system receives Netflow V5 PDUs or IPFIX and converts them into a more space efficient format, recording the packed records into service-specific binary flat files. The analysis suite consists of tools that can read these flat files and then perform various query operations, ranging from per-record filtering to statistical analysis of groups of records. The analysis tools interoperate using pipes, allowing a user to develop a relatively sophisticated query from a simple beginning.
|Tags||Logging Security Internet Log Analysis Networking Monitoring Information Management|
|Operating Systems||POSIX Mac OS X|
|Implementation||Python Perl C|
Release Notes: Better handling of missing Netflow V5 records.
Release Notes: This release removes limits on numbers of temporary files. rwpollexec, a new daemon that monitors a directory for files and invokes a user-supplied command on each file, has been added. There is a respooling option for rwflowpack.
Release Notes: rwfileinfo speedups. Support for sensor descriptions. Flattened archive support. A fix for running out of file descriptors when there are many sensors.
Release Notes: Country code support in PySiLK. CIDR-block options for rwfilter. More flexibility in the packing system. Bugfixes.
Release Notes: Allows user switches from PySiLK plugins.