nfanon - Man Page

nfanon anonymizes all IP addresses ( src, dst, next hop, router IP etc. ) in the netflow records using the CryptoPAn (Cryptography-based Prefix-preserving Anonymization) module. The key -K is used to initialize the Rijndael cipher. The key is either a 32 character string, or a 64 hex digit string starting with 0x. See https://en.wikipedia.org/wiki/Crypto-PAn for more information on CryptoPAn.

The source specified by argument -r path may point to a single nfdump file or to a directory containing many nfdump files. All files in a directory are processed recursively.

If the output argument -w nffile is given, all anonymized records are written into that single file, even if the source is a directory. If no argument -w is specified, nfanon overwrites the original source file with the anonymized flow records. If the source is a directory, each flow file is anonymized respectively.

The options are as follows:

-r path

Path to read flow files to anonymize. Path may point to a single file or a directory containing many flow files.

-w nffile

File name to write anonymized flow records to. If this argument is missing, the source file name is taken, which means the original file is overwritten.

-K key

key is either a 32 character string, or a 64 char hex string starting with 0x. This key is used to initialize the anonymizer.

-v level

Set verbose level. A verbose level of 0 disables the actifivy spinner.

-W num

Set the number of worker threads. The default depends on the number of cores online. The value must not exceed the number of online CPU cores.

Worker threads are used to anonymize flow records in parallel.

-h

Print help text to stdout and exit.

To create a random 64 character hex string you may use the following command:

% xxd -u -l 32 -p -c 64 /dev/urandom

Use the resulting output as key, prepended with 0x as -K argument. or

% openssl rand -hex 16

and use this output as argument for -K

nfanon returns 0 on success and 255 otherwise.

nfdump(1)