frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Show HN: Xenoeye – analyze network without AI using netflow, PostgreSQL, Grafana

https://github.com/vmxdev/xenoeye
5•vmxdev•1d ago
Sorry for the slightly truncated title. It should have been "Network traffic analysis and monitoring without AI, using netflow-family protocols, PostgreSQL or ClickHouse, Grafana, and some scripts".

In 2026, it might seem a bit presumptuous to announce AI-free software on HN. But building a netflow analyzer manually is no less presumptuous!

There are quite a few xFlow analyzers out there these days, and I'm constantly reminded of this. But I think there's always room for an alternative approach. After all, that's how software evolves, isn't it?

So, how does xenoeye differ from popular (at least from popular open source) analyzers?

- The analyzer has a feature called "monitoring objects". For some reason, open-source analyzers rarely use this feature, while commercial ones do. The monitoring object can be a subnet, autonomous system, geo-object (data on geo and AS are taken from external databases), application traffic (protocol, TCP/UDP ports, etc.), VLAN, etc. Almost everything in flow records can be used as a filter for a monitoring object. Of course, object filters can be composite - the classic operations AND, OR, NOT are supported. The analyzer contains a tiny virtual machine that matches each flow to an object.

- We don't store all flows. At least for now. It may seem strange, but this is an important feature, especially for large networks. We store aggregated data on monitored objects. The user chooses what to store. It could be just in/out, top talkers, top protocols, etc. The time for which to aggregate data is also specified by the user. Aggregation occurs inside the analyzer. We use a fast trie-based in-memory db. Because of this, the analyzer can process flows quite quickly (hundreds of thousands of FPS per vCPU) and export a measured amount of information to the database. You can easily use even vanilla PostgreSQL. Or ClickHouse with compression. The analyzer is not very resource-intensive; small network traffic can be processed on low-end hardware or in a VM with a small amount of memory. Or you can process large network traffic on a single server, without building clusters. I know of installations with multi-terabit traffic and hundreds of MOs on a single virtual machine (of course they have a high sampling rate on their routers).

- We can monitor traffic thresholds being exceeded using moving averages. That is, as soon as an excess is detected, an external script is launched at the same second (actually even faster). This feature is typically used to detect volumetric DoS/DDoS attacks. The scripts announce BGP Blackhole or BGP Flowspec and notify users via messenger.

- We don't have our own visualization utility; we use Grafana. Grafana works with PostgreSQL out of the box, although some complex time-series charts require some tinkering with SQL queries. Ok, it's a controversial decision, but users (and we ourselves) are putting up with it for now.

I tried to describe the rest in the documentation.

Yes, this isn't the first time I've tried to announce this project on HN, and I'm under no illusions - for some reason, hackers aren't very fond of this type of software. Perhaps everyone thinks that the production of netflow analyzers is too boring a matter, there is nothing to discuss.

However, if anyone is interested, it would be great to get feedback.

What would you do differently than it was done and why? What do you like most about your favorite analyzer that you can't find anywhere else?

How did you even see this post? This isn't AI or even a Rust-related thing

Show HN: My 13-year-old built an ant colony tracker

https://formicarium.es
48•abelgvidal•10h ago•35 comments

Show HN: Gilfoyle's Project but IRL

https://github.com/korrectional/GilfoyleAI
3•korrectional•33m ago•1 comments

Show HN: C++, Java and C# light-weight-logger

https://github.com/PenguineDavid/light-weight-logger
4•PenguineDavid•13h ago•0 comments

Show HN: Morph Reflexes – Multi-head classifiers for agent traces

4•bhaktatejas922•6h ago•1 comments

Show HN: Coding agent that compiles intent into deterministic DAG before running

https://github.com/arman-jalili/rigorix-oss
3•arman-w-jalili•2h ago•0 comments

Show HN: Free Online GIS Viewer and Format Converter

https://geodataviewer.com/
2•twainyoung•3h ago•0 comments

Show HN: TakoVM – open-source sandboxing for your agent's code

https://github.com/Tako-Research/TakoVM
3•sakuraiben•4h ago•0 comments

Show HN: Open-source restreaming and live studio

https://github.com/muxshed/shed
4•franticstone•5h ago•2 comments

Show HN: Openleetcode – LeetCode runner where tests live in the repo

https://github.com/therepanic/openleetcode/releases/tag/v1.0.0
4•therepanic•6h ago•0 comments

Show HN: Kage, verification and freshness for Google's OKF agent memory

https://kage-core.com/
3•kage18•6h ago•0 comments

Show HN: Clusy – Cursor for data science notebooks in cloud

https://www.clusy.io/
5•eldar_hsnv•10h ago•0 comments

Show HN: Shot-scraper video tool for recording YAML-defined webapp feature demos

https://simonwillison.net/2026/Jun/30/shot-scraper-video/
6•simonw•10h ago•1 comments

Show HN: Jensen – a Deus Ex: Human Revolution theme for 30 developer apps

https://tomaytotomato.github.io/jensen/
3•tomaytotomato•7h ago•0 comments

Show HN: I made a heatmap of 3400 VCs who are open to cold emails

https://apparent.social/heat-map
23•west_subject•8h ago•27 comments

Show HN: Makes local LLMs faster and more reliable by optimizing for your device

https://www.autotunellm.com/
5•tanavc•9h ago•0 comments

Show HN: I built an AI agent to yell at me about my ADHD

https://0xff.nu/hex/
3•hxii•10h ago•1 comments

Show HN: Classic Minesweeper

https://guokai.dev/minesweeper/
10•hanguokai•18h ago•9 comments

Show HN: fenic – LLMs as dataframe operators, query meaning and structure

https://github.com/typedef-ai/fenic
3•cpard•10h ago•0 comments

Show HN: DRM-Free Books

https://frequal.com/Perspectives/DrmFreeAuthors.html
118•TeaVMFan•2d ago•46 comments

Show HN: Openleetcode – local LeetCode runner with open test suites

https://github.com/therepanic/openleetcode
3•therepanic•11h ago•0 comments

Show HN: Zanagrams

https://zanagrams.com/
391•pompomsheep•2d ago•105 comments

Show HN: Don't ask if devs cheat with AI, test if they're good with it

https://tryevaluator.com
5•skyepstein•11h ago•3 comments

Show HN: Agentic Orchestrator, a TUI for long-running coding agents

https://github.com/doordash-oss/agentic-orchestrator
15•ivrr•1d ago•2 comments

Show HN: PDFMergely – In-browser PDF tools that never upload your files

https://pdfmergely.com
16•pdfmergely•20h ago•19 comments

Show HN: OM Core – multidimensional models without spreadsheet cell formulas

https://github.com/cloudcell/om-core
2•cloudcell•12h ago•1 comments

Show HN: Curvytron 2, I rewrote my browser party game, 10 years later

https://curvytron2.com/
2•tom32i•12h ago•0 comments

Show HN: Shoaku – Your Coding Navigator

https://github.com/seachicken/intellij-shoaku
4•seachicken•13h ago•4 comments

Show HN: Second opinion – A skill to query different models

https://github.com/kmcheung12/second-opinion
4•a_c•13h ago•2 comments

Show HN: TraceAIO – open-source LLM visibility tracker

https://traceaio.org
6•owenthejumper•14h ago•1 comments

Show HN: NodePad – AI agent on a canvas instead of a linear chat

https://node-pad.com/
5•palazski•14h ago•0 comments