In this post you will find a simple script once I used to anonymise netflow data.
nfanon command, which is one of the nfdump tools, is deployed.
nfanon is used to anonymise all IP addresses ( src, dst, next hop, router IP etc. ) in the netflow records using the CryptoPAn (Cryptography-based Prefix-preserving Anonymization) module.
You may find the netflow anonymisation script below.
#!/usr/bin/env bash
#
# Specify directory of the flow to be anonymised, 3 examples below.
#
# Select yesterday’s flow
# YESTERDAY=$(date -d ‘1 day ago’ +’%Y/%m/%d’)
# FILE_DIR=/data/nfsen/profiles-data/live/upstream1/$YESTERDAY/*
#
# Select a specific date
FILE_DIR=/data/nfsen/profiles-data/live/upstream1/2013/06/24/*# Specify output directory
OUTPUT_DIR=/path/to/output/# Specify output directory
LOG_FILE=/path/to/log/anonimize-flow.log# The KEY is used to initialize the Rijndael cipher. KEY is either a 32
# character string, or a 64 hex digit string starting with 0x.
$KEY=al8BpDojSuFZkjm68zRUXZIlIRNYr73D# Execute nfanon command with the predefined arguments over all flow files.
for f in $FILE_DIR
do
FILENAME=$(basename $f)
/usr/bin/nfanon -K $KEY -r $f -w $OUTPUT_DIR$FILENAME >> $LOG_FILE
doneexit
Hope it works for you as well.
This is a very nice script, but have you checked whether nfanon works correctly ? In my case it messes up Packets and Bytes entries among other things, making it unusable. Using nfdump: Version: 1.6.13