[Sguil-users] cxtracker
Status: Beta
Brought to you by:
bamm
From: Edward B. F. <edw...@re...> - 2009-10-18 06:55:34
|
Hi, I have rewritten cxtracker in C, and I now have a working release that I would like to get some feed back on, if anyone is interested... My initial test, shows me that cxtracker is 20-30% less CPU intensive than sancp. The memory foot print is the same. To test it: # libpcap and a build environment is needed. $ git clone git://github.com/gamelinux/cxtracker.git $ cd cxtracker/src/ $ make $ ./cxtracker -h USAGE: $ cxtracker [options] OPTIONS: -i : network device (default: eth0) -b : berkeley packet filter -d : directory to dump sessions files in -u : user -g : group -D : enables daemon mode -h : this help message -v : verbose $ ./cxtracker -i eth0 -D -d /nsm_data/sensor-hostname/sancp/ -u nsm -g nsm -b 'ip' cxtracker processes IPv6 traffic to, so a BPF filter to ignore IPv6 traffic is needed to be used with sguil I guess. I have some more thoughts before a 1.0 release, like chroot and standardizing on a IPv6 notation in the output (right now it just writes out the IPv6 in the "human readable format", but a decimal notation I guess would be better in the future). Any thoughts and feedback is welcome :) Edward Fjellskål |