I'm trying to use neo4j to analyze the network traffic of my local office. Especially I want to filter out a specific time range and see what websites are the computers accessing.
I did something like this:
CREATE (d1:Device{mac:de:ad:be:ef, ip:'192.168.1.1', name:'Computer1'}),
(d2:Device{mac:de:ad:be:ee, ip:'192.168.1.2', name:'Computer2'}),
(d3:Device{mac:de:ad:be:ff, ip:'192.168.1.3', name:'Computer3'}),
(d1)-[:CONNECTION{at: 1393632000000, rx: 1024, tx: 2048}]->(d2),
(d2)-[:CONNECTION{at: 1393632000000, rx: 512, tx: 12800}]->(d3),
(d1)-[:CONNECTION{at: 1401577200000, rx: 1024, tx: 2048}]->(d2),
(d1)-[:CONNECTION{at: 1401577200000, rx: 800, tx: 4096}]->(d3),
Basically every connection is represented by an edge with properties. Later I can filter out edges that are within some time range.
I'm a bit worried that once I record a lot of traffic, there will be too many edges between the nodes and slow down the system. I'm wondering what's the best practice for doing something like this. Thanks!
