fli

fli is a command-line tool for analyzing AWS VPC Flow Logs, quickly turning raw network traffic data into useful insights through filtering, queries and automatic annotations.

It uses simple query commands (like count, sum, raw) instead of complex query syntax and supports intuitive filtering by any field (IP, port, protocol, etc). This tool can aggregate flows to find top 'talkers', analyze traffic patterns, and detect anomalies, with output in table or CSV/JSON format. It also automatically annotates IP addresses with WHOIS details and highlights traffic to known cloud providers.

fli is useful for cloud engineers, security analysts or network administrators working with AWS networks. It’s ideal for investigating traffic patterns or suspicious activity within VPC Flow Logs, or troubleshooting connectivity issues using those logs.