About

Net/FSE (Network Forensic Search Engine) is a server application for network operations. The system consists of a data capture, indexing and search services optimized for processing high-volume IP-based network log data. Log data from firewalls, intrusion detection systems, routers and other network devices is streamed to Net/FSE in near real time, providing network professionals on enterprise networks with fast drill down and analysis of billions of log records.

A web interface built on top of Tomcat and GWT is integrated into the codebase. The UI is designed to be an easy to use workflow tool for network operations including security, compliance, troubleshooting and management. Socket-based APIs and HTTP-based XML APIs make integrating search of network log data fast and easy.

The system can also be used as a network log processing platform. This allows users to build custom data processing engines to meet individual needs. The core system handles capture and storage, as well as search/query functionality, allowing plugins to easily leverage the system's capabilities with minimal coding.

Project Status

Net/FSE is available under the GPL v2.0 license. We hope that the open source version will spur adoption of network forensic capabilities in enterprise networks.

Net/FSE 0.3.1 was released in March 2011. An installer package is available in the Downloads section of this site.

If you are interested in contributing to the open source effort please contact Ben Uphoff (uphoff@gmail.com).