NAME

Netflow::Parser - NetFlow datagram parser

DESCRIPTION

Netflow Parser supports currently NetFlow V9 only

VERSION

Version 0.06.002

SYNOPSIS

    use Netflow::Parser;

    my $nfp = Netflow::Parser->new(
            flow_cb => sub {my ($flow_hr) = @_; ...},
            templates_data => pack('H*', '01020002011b000400e60001')
        );

    while(my $packet = take_packet_from_socket()) {
        my $pp = $nfp->parse($packet);

        # version, count, sysuptime, unix_secs, seqno and source_id
        $pp->header;

        # parsed flowsets
        $pp->parsed;

        # unparsed flowsets 
        $pp->unparsed && persist_for_later($pp->unparsed);
    }

    # persist templates if you want
    my @templates = $nfp->templates;
    foreach (@templates) {
        my ($id, $content) = each(%{$_});
    }

SUBROUTINES/METHODS

new(%opts)

options:

• templates_data

  [raw template piece]

• flow_cb

  callback method will be applied to each parsed flow

• verbose

parse($packet)

currently only NetFlow V9 supported

unpack packet, try to parse flowsets content.

return { 'header' => { 'count', 'seqno', 'source_id', 'sysuptime', 'unix_secs', 'version' => 9 }, 'flows' => [flow_cb result], 'flowsets' => ?, # flowsets number 'templates' => [], # templates contains in the packet 'unparsed_flowsets' => [] # no template }

templates()

return [ { template_id => content} ]

template($template_id)

return hex dump of template for given $template_id

EXAMPLE - Netflow Collector

my $p = Netflow::Parser->new( verbose => 1, flow_cb => sub { my ($hr) = @_; ... }

Netflow::Collector->new( port => $port, dispatch => sub { $p->parse(@_) })->run();

AUTHOR

Alexei Pastuchov <palik at cpan dot org>.

REPOSITORY

https://github.com/p-alik/Netflow-Parser

LICENSE AND COPYRIGHT

Copyright 2014-2016 by Alexei Pastuchov <palik at cpan dot org>.

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.