frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Show HN: Xenoeye – analyze network without AI using netflow, PostgreSQL, Grafana

https://github.com/vmxdev/xenoeye
1•vmxdev•1h ago
Sorry for the slightly truncated title. It should have been "Network traffic analysis and monitoring without AI, using netflow-family protocols, PostgreSQL or ClickHouse, Grafana, and some scripts".

In 2026, it might seem a bit presumptuous to announce AI-free software on HN. But building a netflow analyzer manually is no less presumptuous!

There are quite a few xFlow analyzers out there these days, and I'm constantly reminded of this. But I think there's always room for an alternative approach. After all, that's how software evolves, isn't it?

So, how does xenoeye differ from popular (at least from popular open source) analyzers?

- The analyzer has a feature called "monitoring objects". For some reason, open-source analyzers rarely use this feature, while commercial ones do. The monitoring object can be a subnet, autonomous system, geo-object (data on geo and AS are taken from external databases), application traffic (protocol, TCP/UDP ports, etc.), VLAN, etc. Almost everything in flow records can be used as a filter for a monitoring object. Of course, object filters can be composite - the classic operations AND, OR, NOT are supported. The analyzer contains a tiny virtual machine that matches each flow to an object.

- We don't store all flows. At least for now. It may seem strange, but this is an important feature, especially for large networks. We store aggregated data on monitored objects. The user chooses what to store. It could be just in/out, top talkers, top protocols, etc. The time for which to aggregate data is also specified by the user. Aggregation occurs inside the analyzer. We use a fast trie-based in-memory db. Because of this, the analyzer can process flows quite quickly (hundreds of thousands of FPS per vCPU) and export a measured amount of information to the database. You can easily use even vanilla PostgreSQL. Or ClickHouse with compression. The analyzer is not very resource-intensive; small network traffic can be processed on low-end hardware or in a VM with a small amount of memory. Or you can process large network traffic on a single server, without building clusters. I know of installations with multi-terabit traffic and hundreds of MOs on a single virtual machine (of course they have a high sampling rate on their routers).

- We can monitor traffic thresholds being exceeded using moving averages. That is, as soon as an excess is detected, an external script is launched at the same second (actually even faster). This feature is typically used to detect volumetric DoS/DDoS attacks. The scripts announce BGP Blackhole or BGP Flowspec and notify users via messenger.

- We don't have our own visualization utility; we use Grafana. Grafana works with PostgreSQL out of the box, although some complex time-series charts require some tinkering with SQL queries. Ok, it's a controversial decision, but users (and we ourselves) are putting up with it for now.

I tried to describe the rest in the documentation.

Yes, this isn't the first time I've tried to announce this project on HN, and I'm under no illusions - for some reason, hackers aren't very fond of this type of software. Perhaps everyone thinks that the production of netflow analyzers is too boring a matter, there is nothing to discuss.

However, if anyone is interested, it would be great to get feedback.

What would you do differently than it was done and why? What do you like most about your favorite analyzer that you can't find anywhere else?

How did you even see this post? This isn't AI or even a Rust-related thing

There's a Reason Women Aren't Swooning over AI Like Men Are

https://thenoosphere.substack.com/p/theres-a-reason-women-arent-swooning
1•Anon84•18s ago•0 comments

US offers $10M for info on group behind Signal and WhatsApp hacking

https://arstechnica.com/information-technology/2026/06/us-offers-10-million-for-info-on-group-beh...
1•Gaishan•47s ago•0 comments

Please pause the data center buildout

1•DaveZale•52s ago•0 comments

Eevdf Scheduler in the Linux Kernel

https://docs.kernel.org/scheduler/sched-eevdf.html
1•gurjeet•1m ago•0 comments

Codex: Introducing a familiar rich-text editing experience

https://twitter.com/khudonogov/status/2071715076814561759/video/1
1•hellodarknessmy•2m ago•0 comments

Predict churn before customers leave

https://github.com/team-telnyx/telnyx-code-examples/tree/main/ai-customer-churn-predictor-python
1•sona-coffee11•3m ago•0 comments

A bounty to forge a synthetic identity past our hardware-bound auth

https://gate.kenshikilabs.com/challenge
2•shfishburn•5m ago•0 comments

Hop 0.2

https://hoplang.com/blog/releasing-hop-0.2
3•lyxell•7m ago•0 comments

Next-Edit in Kilo, Powered by Inception Diffusion LLMs

https://blog.kilo.ai/p/announcing-next-edit-in-kilo-powered-by-inception
2•volodia•7m ago•0 comments

How working with a blind client revealed invisible accessibility gaps

https://iinteractive.com/resources/blog/read-only
2•fortyseven•10m ago•0 comments

Ten Years of Terms and Conditions

https://henryach.com/blog/tsandcs/
2•ChrisArchitect•12m ago•0 comments

Show HN: Ask Yes/No – Daily question puzzle game

https://askyesno.com
2•salelder•13m ago•1 comments

Agent memory is leaving the cute "remember this" demo phase

https://self.md/signals/2026-06-17-expertise-context-memory
5•decorner•15m ago•0 comments

From news overload to actionable intelligence

https://sarniq.com/
2•zack001•15m ago•0 comments

Noctalia V5 and LabWC on NixOS

https://grigio.org/noctalia-v5-labwc-on-nixos/
2•grigio•16m ago•0 comments

Show HN: Switchboard – route AI prompts instead of capping budgets

https://github.com/aivinay/switchboard
2•ai_vinaygupta•19m ago•0 comments

How Things Got to Be

https://medium.com/@osclark_68020/how-things-got-to-be-be4e72209ebd
2•JazzyRock•22m ago•0 comments

Building a Self-Hosted Cloud

https://lukaswerner.com/post/2026-06-29@dot-acm-0
4•chilipepperhott•26m ago•0 comments

The Dead Internet Is Real

https://moai.studio/blog/posts/the-dead-internet-is-real.html
4•ionwake•27m ago•1 comments

Original Organism, a living mathematical creature in the browser

https://sand-morph.up.railway.app/organism.html
2•echohive42•28m ago•0 comments

Things I Believe In

https://www.guidavid.com/writing/things-i-believe-in
2•gdss•29m ago•0 comments

A user-space firewall that gates an AI agent's actions

https://github.com/Vadale/project-guardian
2•grauk•31m ago•0 comments

Show HN: ForthWrite – Email AI that learns your voice from every edit you send

https://www.forthwrite.ai/blog/how-forthwrite-learns-your-email-voice
2•curtisboortz•32m ago•0 comments

Rethinking Software Engineering in the Age of AI

https://medium.com/@sharvanath/rethinking-software-teams-in-the-age-of-ai-ff5609701bf0
3•sharva•35m ago•0 comments

UK Government defends plan to switch off terrestrial TV

https://observer.co.uk/news/business/article/government-defends-plan-to-switch-off-terrestrial-tv
4•edward•35m ago•0 comments

High H-Index Revealed a Citation Ring

https://www.the-scientist.com/a-researcher-s-suspiciously-high-h-index-revealed-a-vast-citation-r...
2•lambda07•35m ago•0 comments

Show HN: Zenith: sota harness for normal models to beat Fable on FrontierSWE

https://ii.inc/blog/post/zenith
3•emadm•36m ago•0 comments

Qalculate Hacks

https://anarc.at/blog/2025-02-08-qalculate-hacks/
2•edward•36m ago•0 comments

Imali – an AI-assisted trading platform I built solo over the last 2 years

https://imali-defi.com/
2•Griffjoy•37m ago•0 comments

Ask HN: Is AI dumbing us down?

3•sarmadgulzar•38m ago•0 comments