NAME

Net::Flow::Ie - decode NetFlow/IPFIX information elements.

SYNOPSIS

EXAMPLE#1 - Output Flow Records of NetFlow v5, v9 and IPFIX -

The following script simply outputs the received Flow Records after decoding NetFlow/IPFIX datagrams by using Net::Flow. Net::Flow::Ie can decode binary data by giving element id and type of data.

use strict ; use Net::Flow qw(decode) ; use Net::Flow::Ie qw(decode addie) ; use Ie qw(iedecode addie) ; use IO::Socket::INET;

my $receive_port = 4739 ; my $packet = undef ; my $TemplateArrayRef = undef ; my $sock = IO::Socket::INET->new( LocalPort =>$receive_port, Proto => 'udp') ; my $ieRef = Net::Flow::Ie::addie() ;

while ($sock->recv($packet,1548)) {


            
              
                 my ($HeaderHashRef,$FlowArrayRef,$ErrorsArrayRef)=() ;
     
   ( $HeaderHashRef,
     $TemplateArrayRef,
     $FlowArrayRef,
     $ErrorsArrayRef)
= Net::Flow::decode(
                    \$packet,
                    $TemplateArrayRef
                    ) ;
   grep{ print "$_\n" }@{$ErrorsArrayRef} if( @{$ErrorsArrayRef} ) ;
     
   print "\n- Header Information -\n" ;
   foreach my $Key ( sort keys %{$HeaderHashRef} ){
printf " %s = %3d\n",$Key,$HeaderHashRef->{$Key} ;
   }
     
   foreach my $TemplateRef ( @{$TemplateArrayRef} ){
print "\n-- Template Information --\n" ;
         
foreach my $TempKey ( sort {$a <=> $b} keys %{$TemplateRef} ){
    if( $TempKey eq "Template" ){
                 
        printf "  %s = \n",$TempKey ;
                 
        foreach my $Ref ( @{$$TemplateRef{Template}}  ){
                     
            foreach my $Key ( keys %{$Ref} ){
                         
                printf "   %s=%-3d Name=%-30s Type=%-10s",
                $Key, $$Ref{$Key}, $$ieRef{$$Ref{$Key}}->{Name},
                $$ieRef{$$Ref{$Key}}->{Type} if $Key eq "Id" ;
                         
                printf "   %s=%-3d", $Key, $$Ref{$Key} if $Key eq "Length" ;
                         
            }
            print "\n" ;
                     
        }
                 
    }else{
                 
        printf "  %s = %s\n", $TempKey, $$TemplateRef{$TempKey} ;
                 
    }
             
}
         
   }
   foreach my $FlowRef ( @{$FlowArrayRef} ){
print "\n-- Flow Information --\n" ;
         
foreach my $Id ( sort {$a <=> $b} keys %{$FlowRef} ){
             
    if( $Id eq "SetId" ){
                 
        print "  $Id=$$FlowRef{$Id}\n" if defined $$FlowRef{$Id} ;
                 
    }else{
                 
        printf "  Id=%-3d Name=%-30s Value=%s\n",
        $Id, Net::Flow::Ie::decode($Id,$$FlowRef{$Id}) ;
                 
    }
             
}
         
   }

}

DESCRIPTION

FUNCTIONS

decode function


            
              
              ( $Name, $Value ) =
   Net::Flow::Ie::iedecode( $Id, $BinValue, $IeRef ) ;

It returns a pair of name and value of information element by giving the information element id and the binary data of associated information element. This module has information element data that includes id, name, and data type, such as "1", "octetDeltaCount" and "unsigned64". As default, if it can not find id number in the information element data, it change binary data to hex data. If you want to add new information elements, such as enterprise id, you can put $IeRef. $IeRef is the reference that points information elements data, as follows. And also, you can use the return value of addie function. The return value is merged into information element data kept in this module.


            
              
                 my $ieRef = {
0=>{ 
    'Name'=>'dummy',
    'Type'=>'octetArray' },
1=>{ 
    'Name'=>'octetDeltaCount',
    'Type'=>'unsigned64' },
1000.1=>{ 
    'Name'=>'enterprise.octetDeltaCount',
    'Type'=>'unsigned64' },
   } ;

In addition, if you want to decode multiple binary data in same id, you can set input $BinValue as the reference of Array including each binary data. In that case, the return $Value is shown as the concatenation string of multiple data values using delimiter. Regarding data type and information elements, please see for detail.

addie method


            
              
              $IeRef = Net::Flow::Ie::addie( $AddRef ) ;

You can add your original information elements into data set kept in this module. The return value $IeRef indicates the reference of merged information elements data.

Return Values

$IeRef

AUTHOR

Atsushi Kobayashi

COPYRIGHT

This package is free software and is provided "as is" without express or implied warranty. It may be used, redistributed and/or modified under the terms of the Perl Artistic License (see http://www.perl.com/perl/misc/Artistic.html)

1 POD Error

The following errors were encountered while parsing the POD:

Around line 846:: =back without =over

To install Net::Flow::Ie, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Net::Flow::Ie

CPAN shell

perl -MCPAN -e shell
install Net::Flow::Ie

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)