super_mediator - IPFIX Super Mediator for use with the YAF and SiLK tools
super_mediator is an IPFIX mediator for use with the YAF and SiLK tools. It collects and filters YAF output data to various IPFIX collecting processes and/or csv files. super_mediator can be configured to perform de-duplication of DNS resource records, SSL certificates, or HTTP header fields as exported by YAF.
|super_mediator-2.0.0.alpha2-1.amzn2.x86_64 [234 KiB]
by Lawrence R. Rogers (2023-02-09):
* Release 2.0.0.alpha2-1 Re-enabled the ability to filter using an IPSet which was left unimplemented in 2.0.0.alpha1. Fixed a crash in the SSL_DEDUP code introduced in 2.0.0.alpha1. Fixed bug by ensuring that PRESERVE_OBDOMAIN is handled individually for each template. Ensured that JSON output uses a unique key for each entry in an object. Changed text output of firstEightNonEmptyPacketDirections to display in base-2. Improved compatibility with very old versions of YAF.
|super_mediator-2.0.0.alpha1-1.amzn2.x86_64 [230 KiB]
by Lawrence R. Rogers (2022-03-10):
* Release 2.0.0.alpha1-1 Increased the flexibility of super_mediator by eliminating most internal template definitions and having it use the incoming template definitions instead. Changed the syntax of the configuration file; previous versions of the files need to be updated. Made changes to the command line parsing and eliminated several options. The configuration file is the preferred way to configure super_mediator. Enhanced statistics for types of records read from a collector and written to an exporter. Temporarily disabled SiLK IPset and MySQL support. Note: Exporting as delimited TEXT is lightly tested and contains bugs. Updated the fixbuf requirement to libfixbuf-3.0.0.