Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.
Jean-Louis Huynen f1a5bc2c14
chg: [filewatcher] daily rotation of watched folder - fixed
5 дней назад
conf.sample chg: [input] d4 redis input config sample 11 месяцев назад
media Improves README 2 лет назад
.gitignore chg: [mod] bump d4-golang-util 1 год назад
LICENSE Relicensing to MIT 2 лет назад
Makefile chg: [mkf] - 10 месяцев назад
README.md Update README.md 10 месяцев назад
d4-goclient.go chg: [filewatcher] daily rotation of watched folder - fixed 5 дней назад
d4-goclient_test.go Fix #4 1 год назад
go.mod chg: [filewatcher] daily rotation of watched folder - fixed 5 дней назад
go.sum chg: [filewatcher] daily rotation of watched folder - fixed 5 дней назад

README.md

d4-goclient

Release Software License Go Report Card

d4-goclient is a D4 project client (sensor) implementing the D4 encapsulation protocol.

The client can be used on different targets and architectures to collect network capture, logs, specific network monitoring and send it back to a D4 server.

For more information about the D4 project.

Installation

Fetch d4-goclient code and dependencies

go get github.com/D4-project/d4-goclient

Dependencies

  • golang 1.13 (tested)

Use

Launch a d4-server (if you don’t have a server)

See https://github.com/D4-project/d4-core/tree/master/server $IP_SRV being the d4-server’s address, $PORT its listening port

Configuration files

Part of the client configuration can be stored in folder containing the following files:

  • key: your Pre-Shared-Key
  • snaplen: default is 4096
  • source: stdin or d4server
  • destination: stdout, [fe80::ffff:ffff:ffff:a6fb]:4443, 127.0.0.1:4443
  • type: D4 packet type, see types
  • uuid: generated automatically if empty
  • version: protocol version
  • rootCA.crt: optional : CA certificate to check the server certificate
  • metaheader.json: optional : a json file describing feed’s meta-type types

If source is set to d4server, then one also 2 additional files:

  • redis_queue: redis queue in the form analyzer:typeofqueue:queueuuid, for instance analyzer:3:d42967c1-f7ad-464e-bbc7-4464c653d7a6
  • redis_d4: redis server location:port/database, for instance localhost:6385/2

Flags

  -c string
    	configuration directory
  -cc
    	Check TLS certificate against rootCA.crt
  -ce
    	Set to True, true, TRUE, 1, or t to enable TLS on network destination (default true)
  -cka duration
    	Keep Alive time human format, 0 to disable (default 30s)
  -ct duration
    	Set timeout in human format
  -rl duration
        Rate limiter: time in human format before retry after EOF (default 200ms)
  -rt duration
    	Time in human format before retry after connection failure, set to 0 to exit on failure (default 30s)
  -v	Set to True, true, TRUE, 1, or t to enable verbose output on stdout

Pipe data into the client

In the followin examples, destination is set to stdout.

Some file

cat /proc/cpuinfo | ./d4-goclient -c conf.sample/ |  socat - OPENSSL-CONNECT:$IP_SRV:$PORT,verify=0

tcpdump (libpcap) output, discarding our own traffic

$IP being the monitoring computer ip

tcpdump not dst $IP and not src $IP -w - | ./d4-goclient -c conf.sample/ |  socat - OPENSSL-CONNECT:$IP_SRV:$PORT,verify=0

Forwarding data from a D4 server to another D4 server

Add two files to you configuration folder: redis_d4 and redis_queue:

  • redis_d4 contains the location of the source d4’s redis server database, for instance 127.0.0.1:6380/2
  • redis_queue contains the queue to forward to the other D4 server, for instance analyzer:3:d42967c1-f7ad-464e-bbc7-4464c653d7a6