NAME

Netflow::Parser - NetFlow datagram parser

DESCRIPTION

Netflow Parser supports currently NetFlow V9 only

VERSION

Version 0.06.001

SYNOPSIS

use Netflow::Parser;

my $nfp = Netflow::Parser->new(
        flow_cb => sub {my ($flow_hr) = @_; ...},
        templates_data => pack('H*', '01020002011b000400e60001')
    );

while(my $packet = take_packet_from_socket()) {
    my $pp = $nfp->parse($packet);

    # version, count, sysuptime, unix_secs, seqno and source_id
    $pp->header;

    # parsed flowsets
    $pp->parsed;

    # unparsed flowsets 
    $pp->unparsed && persist_for_later($pp->unparsed);
}

# persist templates if you want
my @templates = $nfp->templates;
foreach (@templates) {
    my ($id, $content) = each(%{$_});
}

SUBROUTINES/METHODS

new(%opts)

options:

  • templates_data

    [raw template piece]

  • flow_cb

    callback method will be applied to each parsed flow

  • verbose

parse($packet)

currently only NetFlow V9 supported

unpack packet, try to parse flowsets content.

return { 'header' => { 'count', 'seqno', 'source_id', 'sysuptime', 'unix_secs', 'version' => 9 }, 'flows' => [flow_cb result], 'flowsets' => ?, # flowsets number 'templates' => [], # templates contains in the packet 'unparsed_flowsets' => [] # no template }

templates()

return [ { template_id => content} ]

template($template_id)

return hex dump of template for given $template_id

EXAMPLE - Netflow Collector

my $p = Netflow::Parser->new( verbose => 1, flow_cb => sub { my ($hr) = @_; ... }

Netflow::Collector->new( port => $port, dispatch => sub { $p->parse(@_) })->run();

AUTHOR

Alexei Pastuchov <palik at cpan dot org>.

REPOSITORY

https://github.com/p-alik/Netflow-Parser

LICENSE AND COPYRIGHT

Copyright 2014-2016 by Alexei Pastuchov <palik at cpan dot org>.

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.