25'ten fazla konu seçemezsiniz Konular bir harf veya rakamla başlamalı, kısa çizgiler ('-') içerebilir ve en fazla 35 karakter uzunluğunda olabilir.
Jean-Louis Huynen f1a5bc2c14
chg: [filewatcher] daily rotation of watched folder - fixed
5 gün önce
conf.sample chg: [input] d4 redis input config sample 11 ay önce
media Improves README 2 yıl önce
.gitignore chg: [mod] bump d4-golang-util 1 yıl önce
LICENSE Relicensing to MIT 2 yıl önce
Makefile chg: [mkf] - 10 ay önce
README.md Update README.md 10 ay önce
d4-goclient.go chg: [filewatcher] daily rotation of watched folder - fixed 5 gün önce
d4-goclient_test.go Fix #4 1 yıl önce
go.mod chg: [filewatcher] daily rotation of watched folder - fixed 5 gün önce
go.sum chg: [filewatcher] daily rotation of watched folder - fixed 5 gün önce

README.md

d4-goclient

Release Software License Go Report Card

d4-goclient is a D4 project client (sensor) implementing the D4 encapsulation protocol.

The client can be used on different targets and architectures to collect network capture, logs, specific network monitoring and send it back to a D4 server.

For more information about the D4 project.

Installation

Fetch d4-goclient code and dependencies

go get github.com/D4-project/d4-goclient

Dependencies

  • golang 1.13 (tested)

Use

Launch a d4-server (if you don’t have a server)

See https://github.com/D4-project/d4-core/tree/master/server $IP_SRV being the d4-server’s address, $PORT its listening port

Configuration files

Part of the client configuration can be stored in folder containing the following files:

  • key: your Pre-Shared-Key
  • snaplen: default is 4096
  • source: stdin or d4server
  • destination: stdout, [fe80::ffff:ffff:ffff:a6fb]:4443, 127.0.0.1:4443
  • type: D4 packet type, see types
  • uuid: generated automatically if empty
  • version: protocol version
  • rootCA.crt: optional : CA certificate to check the server certificate
  • metaheader.json: optional : a json file describing feed’s meta-type types

If source is set to d4server, then one also 2 additional files:

  • redis_queue: redis queue in the form analyzer:typeofqueue:queueuuid, for instance analyzer:3:d42967c1-f7ad-464e-bbc7-4464c653d7a6
  • redis_d4: redis server location:port/database, for instance localhost:6385/2

Flags

  -c string
    	configuration directory
  -cc
    	Check TLS certificate against rootCA.crt
  -ce
    	Set to True, true, TRUE, 1, or t to enable TLS on network destination (default true)
  -cka duration
    	Keep Alive time human format, 0 to disable (default 30s)
  -ct duration
    	Set timeout in human format
  -rl duration
        Rate limiter: time in human format before retry after EOF (default 200ms)
  -rt duration
    	Time in human format before retry after connection failure, set to 0 to exit on failure (default 30s)
  -v	Set to True, true, TRUE, 1, or t to enable verbose output on stdout

Pipe data into the client

In the followin examples, destination is set to stdout.

Some file

cat /proc/cpuinfo | ./d4-goclient -c conf.sample/ |  socat - OPENSSL-CONNECT:$IP_SRV:$PORT,verify=0

tcpdump (libpcap) output, discarding our own traffic

$IP being the monitoring computer ip

tcpdump not dst $IP and not src $IP -w - | ./d4-goclient -c conf.sample/ |  socat - OPENSSL-CONNECT:$IP_SRV:$PORT,verify=0

Forwarding data from a D4 server to another D4 server

Add two files to you configuration folder: redis_d4 and redis_queue:

  • redis_d4 contains the location of the source d4’s redis server database, for instance 127.0.0.1:6380/2
  • redis_queue contains the queue to forward to the other D4 server, for instance analyzer:3:d42967c1-f7ad-464e-bbc7-4464c653d7a6