AIToday

Xenoeye: Open-source network traffic analyzer using Netflow, PostgreSQL, Grafana

Hacker News10h ago4 min read
Xenoeye: Open-source network traffic analyzer using Netflow, PostgreSQL, Grafana

Key takeaway

Xenoeye is an open-source network traffic analyzer that collects flow data from routers using standard protocols (Netflow, IPFIX, sFlow) and stores it in PostgreSQL for analysis and charting in Grafana. It runs on minimal hardware and helps organizations detect traffic anomalies, DDoS attacks, and network patterns without requiring proprietary or AI-based tools.

Summaries like this, in your inbox every morning.

Sign up free →

3 Key Points

  • What happened

    A lightweight network monitoring tool called Xenoeye was released that collects and analyzes network traffic data from Netflow, IPFIX, and sFlow protocols. The tool aggregates traffic by IP networks, individual addresses, or services, and stores data in PostgreSQL for visualization in Grafana dashboards.

  • Why it matters

    The tool can run on minimal hardware—a single CPU with 1GB of RAM or even on devices like Orange Pi—making it accessible for medium to large networks without expensive infrastructure. Organizations can detect traffic spikes, drops, and potential DDoS attacks using moving averages and threshold-based alerts.

  • What to watch

    The project uses an ISC license with no commercial restrictions and has no planned commercial version. The v25.02 release includes a ready-to-deploy LXC container image with pre-configured PostgreSQL and Grafana dashboards for IPv4 and IPv6 monitoring. Performance testing on an i3-2120 CPU showed roughly 700K flows per second in production-mode configurations.

FAQ

What hardware does Xenoeye require to run?
The tool can run on a VM with one CPU and 1GB of RAM, or on devices like Orange Pi with 4GB of memory. Performance testing showed roughly 700K flows per second per single CPU in production mode with multiple monitoring objects and sliding windows.
What protocols does Xenoeye support?
The collector supports Netflow v9, IPFIX, Netflow v5, and sFlow. The developers have tested Netflow v9 and IPFIX in their own networks.
How is this tool licensed and distributed?
Xenoeye uses a liberal ISC license with no hidden or artificial restrictions, and the developers have no plans to create commercial or semi-commercial versions. The v25.02 release includes an LXC container image and a Proxmox template for easy deployment.

Discussion

No comments yet. Be the first to share your thoughts!

Log in to join the discussion

Related Articles

Stay ahead with AI news

Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.

Get Started Free

Free · takes 30 seconds · unsubscribe anytime

1 minute a day. The AI essentials.

200+ sources · Email / LINE / Slack

Get it free →