Tanal
Tanal is a Unix daemon that captures traffic packet size, source, destination, and times and saves this data into a native PostgreSQL or ODBC database in near real time, from which traffic reports may be made. It does not save the actual data or headers. It works on ethX or cooked devices like ppp0. It uses PostgreSQL embedded SQL or libodbc++ to insert the data, the pcap library to capture traffic, and pthreads to capure and write at the same time. Pcap filters can be specified on the command line. Logs go to syslog. Under development are tools that analyze this traffic to determine the type based on flows, not packet inspection.
| Tags | Networking Monitoring Internet Log Analysis Database |
|---|---|
| Licenses | GPL |
| Operating Systems | POSIX Linux |
| Implementation | C++ |
Recent releases
- 07 Nov 2008 08:06
Release Notes: The MySQL interface was updated to reliablly hold and reconnect to the MySQL session when it goes away. All data is buffered until MySQL comes back up. You can even reinstall MySQL and it will reconnect.
- 03 Aug 2008 21:24
Release Notes: The configuration system has been updated to support PostgreSQL again, and the SQL write code has been updated to support the new schema.
- 03 Aug 2008 10:11
Release Notes: The database interface has been completely rewritten to use libodbc++ and support ODBC. PostgreSQL and MySQL have been tested and the new schema is provided (as well as example odbc.ini files). Work is ongoing to support native PostgreSQL again with a configure argument. The project host has been moved to SourceForge and a subversion repository has been started.
- 29 Jun 2005 22:33
Release Notes: The new version now supports a secondary filter specification (-s "pcap filter spec"). All traffic that matches this filter will be stored in the database in a binary field associated with the flow item. The code was changed to use the normal IP headers in the /usr/include/ directory instead of the dodgy pcap header that was used in the past. A new database schema is included.
- 21 Apr 2004 21:06
Release Notes: The configure scripts were updated to support compilation on Debian and with earlier PostgreSQL installations.
Recent comments
the hostname in the dnsentry table is too small
You need to update it as follows:
ALTER TABLE `dnsentry` MODIFY `hostname` varchar(257) NOT NULL;
Build and install help
I am going to update the install documentation next but if anyone wants to try the new version and is having any troubles please email me.
(You need libodbc++ compiled as the debian and ubuntu versions are Unicode only).
update coming
As it's Christmas and I have a little time I am going to resurrect this project a bit and do some work on it. In particular I am going to fix the memory leak and add periodic flushing of long time connections.
mianos
24 Mar 2003 05:54
Heartbeat
- Popularity Score
- 51.91
- Vitality Score
- 4.95
- Subscriptions
- 34
