A piece of CAKe
I don't know about you but I find pretty difficult to generate realistic traffic for testing. While existing tools such as the replayfilegen, perftestsyslog or bleep are nice I often feel they lack of flexibility. That's why I decided to write my own tool. CAKe (standing for CEF Army Knife experiment) is a python script that I define as a versatile CEF manipulation and generation tool.
- replay existing CEF events or generate partially random CEF events based on a customizable template
- Modify timestamps of your CEF events. You can decide the timestamp(s) you want to modify and 4 modes exist:
- realtime: you define the EPS you want and the timestamps are generated to simulate realtime events
- customtime : you define a number of events and a time period (can be something like Now-1h:Now:100). Timestamps are created to spread your events equally all over this period.
- keeptimestamp: keep existing timestamp
- no timestamp: remove existing timestamp
- generate different output for your new cef events
- CEF files: events are simply stored in files.
- CSV file: allows to get a human readable format for CEF events
- Syslog: CEF events can be sent to a syslog connector in TCP or UDP
- display: CEF events are directly displayed in your terminal
- Modify CEF events content in multiple ways:
- sanitization: it's possible to remove IPs or to randomize them. It's possible to remove CEF fields if the fieldname or the value contains a given string
- extract: allows only keeping some CEF fields from a given CEF event
- select/unselect: allows to keep only or remove CEF events containing a given pattern
- add: allows adding some extra CEF fields
- fix: a string search and replace function in the CEF event
If you are interested you can find a lot more details in the documentation. If you want to give it a try, please help yourself and have a piece of CAKe.
All your comments are more than welcome
This is the last version available. I know some people have been using it successfully but didn't get a lot of feedback to be honest so ... good luck with your testing 😉