LANDER Trace Capture software handles for packet capture, scrubbing, and triggering user-provided scripts. It supports multiple levels of data sensitivity, with different levels of anonymization and scrubbing (payload removal). It support multiple users of the data stream, potentially each with varying computational needs. We currently use lander to process several datatypes: packet headers, full packets, flow data (typically Argus format), and DNS data.
Alpha-release of the new gen lander2. The main difference between previous versions of lander is the use of queueing abstraction. Data is organized in queues (comprised of storage directories and cronjobs with associated processors). Each queue does only one type of processing and distributes its output to all connected *child* queues. A user of the system can, provided they have access, have many queues of the same type e.g. *raw* or *host* (for unanonymized and host-only anonymized data), and run different type of processing on each. This allows a lot of flexibility in processing, although at the small expense of efficiency. This release is working in our test environment, but may be a bit rough around the edges for new setup.
Minor changes since 0.3 to fix build and compilation warnings.
Snapshot of the last installed lander @ISI.