Tonight I stiched together a new tool that I plan on using to do realtime name resolution of our border and edge netflow data at work.

We get somewhere in the neighborhood of 20 - 30 gig of netflow a day, and that's not even all of it. Until this point in time it's been a major pain in the ass to reverse resolve all those IP addresses, but I had an epiphany when I started exploring node.js.

It has an asynchronous DNS library in it that made writing a node script a trivial task. The end result is about 45 lines of script. It sits there and watches our netflow file, resolving names in near realtime. It also beats the snot out of our DNS servers.

There are a couple cool things I want to do with this that revolve around web services and the other parts of our security infrastructure. It should be cool.