-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathconfig.yaml
85 lines (83 loc) · 2.42 KB
/
config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
maxIpfixMessageLen: 100
timerFinishedDrainSeconds: 5
timerForceDrainSeconds: 30
timerTemplateFlushSeconds: 60
## FUTURE PLAN??
# flowMetering:
# interfaces:
# - name: eth1
# netns: ns0
# - name: eth2
# netns: ns0
# - name: eth3
# netns: ns0
outputs:
- collector:
remoteAddress: 35.194.97.218:2055
localAddress: 0.0.0.0:50101
- collector:
remoteAddress: localhost:2100
localAddress: 0.0.0.0:50102
# HELPER
# nfcapd -w -l /tmp/netflow -t 1000 -p 2100
# nfdump -r /tmp/netflow/nfcapd.202207101030 -o extended
- log:
file: /tmp/flow.log
# hooks:
# - name: hostname addition
# command: /usr/bin/hook_command_example_hostname.sh
# - name: shell to resolve hostname
# shell: |
# #!/bin/sh
# echo `cat` | jq --arg hostname $(hostname) '. + {hostname: $hostname}'
# - name: shell to resolve ifname from ifindex
# shell: |
# #!/bin/sh
# IN=$(cat)
# I_IDX=$(echo $IN | jq .ingressIfindex -r)
# E_IDX=$(echo $IN | jq .egressIfindex -r )
# I_NAME=$(ip -n ns0 -j link | jq --argjson idx $I_IDX '.[] | select(.ifindex == $idx) | .ifname' -r)
# E_NAME=$(ip -n ns0 -j link | jq --argjson idx $E_IDX '.[] | select(.ifindex == $idx) | .ifname' -r)
# echo $IN | jq --arg i_name $I_NAME --arg e_name $E_NAME '. + {ingressIfname: $i_name, egressIfname: $e_name}'
templates:
- id: 1001
template:
- name: SourceIPv4Address
- name: DestinationIPv4Address
- name: ProtocolIdentifier
- name: OctetDeltaCount
- name: PacketDeltaCount
- id: 1002
template:
- name: SourceIPv4Address
- name: DestinationIPv4Address
- name: ProtocolIdentifier
- name: SourceTransportPort
- name: DestinationTransportPort
- name: IngressInterface
- name: OctetDeltaCount
- name: PacketDeltaCount
- id: 1004
template:
- name: SourceIPv4Address
- name: DestinationIPv4Address
- name: ProtocolIdentifier
- name: SourceTransportPort
- name: DestinationTransportPort
- name: IngressInterface
- name: OctetDeltaCount
- name: PacketDeltaCount
- name: FlowStartMilliseconds
- name: FlowEndMilliseconds
- id: 1005
template:
- name: SourceIPv4Address
- name: DestinationIPv4Address
- name: ProtocolIdentifier
- name: SourceTransportPort
- name: DestinationTransportPort
- name: IngressInterface
- name: OctetDeltaCount
- name: PacketDeltaCount
- name: FlowStartNanoseconds
- name: FlowEndNanoseconds