SiLK is a traffic analysis tool project that helps to collect and process internet-level knowledge.
SiLK consists of two sets of tools, a packing system, and an analysis suite. The packing system converts Netflow V5 PDU's into a more space-efficient format and records the packed records into service-specific binary flat files. The analysis suite consists of various tools that can read these flat files and perform a diverse range of query operations, including per-record filtering and statistical analysis of groups of records. These tools interoperate using pipes, allowing users to develop relatively sophisticated queries from simple beginnings.
The majority of SiLK's code-base is implemented in C, Perl, or Python. This code has been thoroughly tested on several platforms, including Linux, Solaris, OpenBSD, and Mac OS X, and should be usable with little or no modification on other Unix platforms. Additionally, the software components of SiLK are released under the GPL.
In the latest release, the PySiLK functionality of SiLK in Python has been enhanced. It is now possible to create arbitrary fields for printing, counting, and sorting with rwcut, rwuniq, and rwsort. rwuniq has also been modified to count more bins than will fit in memory, and when its hash table fills, temporary files are used to store the data, which are merged once all the input has been read. rwtotal now has minimum and maximum thresholds, and rwflowpack and the sensor.conf syntax have been updated to allow administrators to explicitly set the directionality of collected flows for use on a unidirectional tap.
Overall, SiLK is a powerful network analysis tool that offers efficient collection, storage, and analysis of network flow data, making it an indispensable tool for network security analysts working with large, distributed enterprise or mid-sized ISP networks.
Version 1.1.0: N/A