nfanon - anonymize the IP addresses


NFANON(1) General Commands Manual NFANON(1)

NAME

nfanon — anonymize the IP addresses

SYNOPSIS

nfanon −r path [−w nffile] −K key [−q] [−h]

DESCRIPTION

nfanon anonimizes all IP addresses ( src, dst, next hop, router IP etc. ) in the netflow records using the CryptoPAn (Cryptography-based Prefix-preserving Anonymization) module. The key -K is used to initialize the Rijndael cipher. The key is either a 32 character string, or a 64 hex digit string starting with 0x. See https://en.wikipedia.org/wiki/Crypto-PAn for more information on CryptoPAn.

The source specified by argument −r path may point to a single nfdump file or to a directory containing many nfdump files. All files in a directory are processed recursively.

If the output argument −w nffile is given, all anonimized records are written into that single file, even if the source is a directory. If no argument −w is specified, nfanon overwrites the original source file with the anonymized flow records. If the source is a directory, each flow file is anonymized respectively.

The options are as follows:

−r path

Path to read flow files to anonymize. Path may point to a single file or a directory containing many flow files.

[−w nffile]

File name to write anonymized flow records to. If this argument is missing, the source file name is taken, which means the original file is overwritten.

−k key

key is either a 32 character string, or a 64 char hex string starting with 0x. This key is used to initialize the anonymizer.

−q

nfanon prints the file name to be processed and an actifivy spinner. This option disables both.

−h

Print help text to stdout and exit.

EXAMPLES

To create a random 64 character hex string you may use the following command:

% xxd -u -l 32 -p -c 64 /dev/urandom

Use the resulting output as key, prepended with 0x as -K argument.

RETURN VALUES

nfanon returns 0 on success and 255 otherwise.

SEE ALSO

nfdump(1) GNU $Mdocdate$ NFANON(1)


Updated 2024-01-29 - jenkler.se | uex.se