Jean-Louis Huynen f1a5bc2c14 chg: [filewatcher] daily rotation of watched folder - fixed		5 дней назад
conf.sample	chg: [input] d4 redis input config sample	11 месяцев назад
media	Improves README	2 лет назад
.gitignore	chg: [mod] bump d4-golang-util	1 год назад
LICENSE	Relicensing to MIT	2 лет назад
Makefile	chg: [mkf] -	10 месяцев назад
README.md	Update README.md	10 месяцев назад
d4-goclient.go	chg: [filewatcher] daily rotation of watched folder - fixed	5 дней назад
d4-goclient_test.go	Fix #4	1 год назад
go.mod	chg: [filewatcher] daily rotation of watched folder - fixed	5 дней назад
go.sum	chg: [filewatcher] daily rotation of watched folder - fixed	5 дней назад

README.md

d4-goclient

d4-goclient is a D4 project client (sensor) implementing the D4 encapsulation protocol.

The client can be used on different targets and architectures to collect network capture, logs, specific network monitoring and send it back to a D4 server.

For more information about the D4 project.

Installation

Fetch d4-goclient code and dependencies

go get github.com/D4-project/d4-goclient

Dependencies

golang 1.13 (tested)

Use

Launch a d4-server (if you don’t have a server)

See https://github.com/D4-project/d4-core/tree/master/server $IP_SRV being the d4-server’s address, $PORT its listening port

Configuration files

Part of the client configuration can be stored in folder containing the following files:

key: your Pre-Shared-Key
snaplen: default is 4096
source: stdin or d4server
destination: stdout, [fe80::ffff:ffff:ffff:a6fb]:4443, 127.0.0.1:4443
type: D4 packet type, see types
uuid: generated automatically if empty
version: protocol version
rootCA.crt: optional : CA certificate to check the server certificate
metaheader.json: optional : a json file describing feed’s meta-type types

If source is set to d4server, then one also 2 additional files:

redis_queue: redis queue in the form analyzer:typeofqueue:queueuuid, for instance analyzer:3:d42967c1-f7ad-464e-bbc7-4464c653d7a6
redis_d4: redis server location:port/database, for instance localhost:6385/2

Flags

  -c string
    	configuration directory
  -cc
    	Check TLS certificate against rootCA.crt
  -ce
    	Set to True, true, TRUE, 1, or t to enable TLS on network destination (default true)
  -cka duration
    	Keep Alive time human format, 0 to disable (default 30s)
  -ct duration
    	Set timeout in human format
  -rl duration
        Rate limiter: time in human format before retry after EOF (default 200ms)
  -rt duration
    	Time in human format before retry after connection failure, set to 0 to exit on failure (default 30s)
  -v	Set to True, true, TRUE, 1, or t to enable verbose output on stdout

Pipe data into the client

In the followin examples, destination is set to stdout.

Some file

cat /proc/cpuinfo | ./d4-goclient -c conf.sample/ |  socat - OPENSSL-CONNECT:$IP_SRV:$PORT,verify=0

tcpdump (libpcap) output, discarding our own traffic

$IP being the monitoring computer ip

tcpdump not dst $IP and not src $IP -w - | ./d4-goclient -c conf.sample/ |  socat - OPENSSL-CONNECT:$IP_SRV:$PORT,verify=0

Forwarding data from a D4 server to another D4 server

Add two files to you configuration folder: redis_d4 and redis_queue:

redis_d4 contains the location of the source d4’s redis server database, for instance 127.0.0.1:6380/2
redis_queue contains the queue to forward to the other D4 server, for instance analyzer:3:d42967c1-f7ad-464e-bbc7-4464c653d7a6