NFQL

February 19th, 2017

The Network Flow Query Language (NFQL) is a stream-oriented query language to locate patterns in collections of network flow records. The query language allows to describe patterns in a declarative and orthogonal fashion, making it easy to read queries and flexible enough to describe complex relationships among a given set of flows. It can process flow-records, aggregate them into groups, apply absolute (or relative) filters and invoke Allen interval algebra rules.

  • V. Bajpai, J. Schauer, J. Schönwälder: NFQL: A Tool for Querying Network Flow Records. 13th IFIP/IEEE International Symposium on Integrated Network Management, Ghent, May 2013.
  • V. Perelman, N. Melnikov, J. Schönwälder: Flow Signatures of Popular Applications. 12th IFIP/IEEE International Symposium on Integrated Network Management, Dublin, May 2011.
  • K. Kanev, N. Melnikov, J. Schönwälder: Implementation of a Stream-based IP Flow Record Query Language. 4th Conference on Autonomous Infrastructure, Management and Security (AIMS 2010), Springer LNCS 6155, June 2010.
  • V. Marinov, J. Schönwälder: Design of a Stream-based IP Flow Record Query Language. 20th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management (DSOM 2009), Springer LNCS 5841, October 2009.

Download: https://github.com/vbajpai/nfql

Comments are closed.