applications/system

silk - SiLK: A network flow collection and analysis package

Website: http://tools.netsa.cert.org/silk/
License: GPLv2
Vendor: CERT Network Situational Awareness <netsa-help@cert.org>
Description:
SiLK, the System for Internet-Level Knowledge, is a collection of
traffic analysis tools developed by the CERT Network Situational
Awareness Team (CERT NetSA) to facilitate security analysis of large
networks. The SiLK tool suite supports the efficient collection,
storage and analysis of network flow data, enabling network security
analysts to rapidly query large historical traffic data sets. SiLK is
ideally suited for analyzing traffic on the backbone or border of a
large, distributed enterprise or mid-sized ISP.

SiLK consists of two sets of tools: a packing system and analysis
suite. The packing system receives network flow information from
Netflow v5 or any IPFIX-based flowmeter and converts them into a more
space efficient format, recording the packed records into
service-specific, binary flat files. The analysis suite consists of
tools which can read these flat files and then perform various query
operations, ranging from per-record filtering to statistical analysis
of groups of records. The analysis tools interoperate using pipes,
allowing a user to develop a relatively sophisticated query from a
simple beginning.

Packages

silk-3.22.1-2.el9.src [5.7 MiB] Changelog by Lawrence R. Rogers (2023-09-14):
* Release 3.22.0-1/2
	New version of silk (https://tools.netsa.cert.org/silk/download.html#)
	Changelog
		rwaggbagcat
			Added the --fields switch to select which key and/or counter fields are printed and their order.
			Added the --missing-field=FIELD=STRING switch to print STRING when FIELD is listed in --fields but is not in the input file.
			Added the --help-fields switch to list the possible fields and a brief description of each.
		rwaggbagtool
			Added the --scalar-multiply switch. When argument is COUNTER=VALUE, multiplies COUNTER's value by VALUE; when argument is only VALUE, multiplies all counters' values by VALUE.
			Added the --divide switch to divide the counters in the first Aggregate Bag file by those in the remaining files.
			Added the --zero-divisor-result switch to specify the result when the divisor's counter is zero or when the dividend has a key-value that is not in the divisor.
			Added the --help-fields switch to list the possible fields and a brief description of each.
		rwaggbag, rwaggbagbuild
			Added the --help-fields switch to list the possible fields and a brief description of each.
		rwbagbuild
			Modified rwbagbuild to set the counter to the maximum value on overflow instead of raising an error.
		rwflowappend, rwsender, rwpollexec
			Made internal changes to the directory poller.
	Building
		Simplified the configure tests that check for python.
		Changed how the packing-logic is set in silk.spec to address an error when building an RPM with static-packing logic on RHEL8.

Listing created by Repoview-0.6.6-4.el7