NAME

nfanon — anonymize the IP adresses

SYNOPSIS

nfanon -r path [-w nffile] -K key [-q] [-h]

DESCRIPTION

nfanon anonimizes all IP adresses ( src, dst, next hop, router IP etc. ) in the netflow records using the CryptoPAn (Cryptography-based Prefix-preserving Anonymization) module. The key -K is used to initialize the Rijndael cipher. The key is either a 32 character string, or a 64 hex digit string starting with 0x. See https://en.wikipedia.org/wiki/Crypto-PAn for more information on CryptoPAn.

The source specified by argument -r path may point to a single nfdump file or to a directory containing many nfdump files. All files in a directory are processed recursively.

If the output argument -w nffile is given, all anonimized records are written into that single file, even if the source is a directory. If no argument -w is specified, nfanon overwrites the original source file with the anonymized flow records. If the source is a directory, each flow file is anonymized respectively.

The options are as follows:

-r path: Path to read flow files to anonymize. Path may point to a single file or a directory containing many flow files.
[-w nffile]: File name to write anonymized flow records to. If this argument is missing, the source file name is taken, which means the original file is overwritten.
-k key: key is either a 32 character string, or a 64 char hex string starting with 0x. This key is used to initialize the anonymizer.
-q: nfanon prints the file name to be processed and an actifivy spinner. This option disables both.
-h: Print help text to stdout and exit.

EXAMPLES

To create a random 64 character hex string you may use the following command:

% xxd -u -l 32 -p -c 64
  /dev/urandom

Use the resulting output as key, prepended with 0x as -K argument.

RETURN VALUES

nfanon returns 0 on success and 255 otherwise.

NAME

SYNOPSIS

DESCRIPTION

EXAMPLES

RETURN VALUES

SEE ALSO