-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathipfixer.yaml
87 lines (81 loc) · 2.1 KB
/
ipfixer.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
storage:
type: mysql
host: localhost
user: ipfix
pass: ipfix
db: ipfix
map:
# here you select which fields you want in the database (or
# in the unmapped json-blob if you want). multiple fields
# can be combined in a json-blob. 'iana' and 'field' can be
# the same name
# see https://www.iana.org/assignments/ipfix/ipfix.xhtml for
# a list of field-names
- iana: sourceIPv4Address
field: source_address
is-json: true
- iana: sourceIPv6Address
field: source_address
is-json: true
- iana: destinationIPv4Address
field: destination_address
is-json: true
- iana: destinationIPv6Address
field: destination_address
is-json: true
- iana: protocolIdentifier
field: ip_protocol
is-json: false
- iana: ipVersion
field: ip_version
is-json: false
- iana: sourceTransportPort
field: src_port
is-json: false
- iana: destinationTransportPort
field: dst_port
is-json: false
- iana: flowStartSysUpTime
field: flow_start_time
is-json: false
- iana: flowEndSysUpTime
field: flow_end_time
is-json: false
- iana: octetDeltaCount
field: n_bytes
is-json: false
- iana: packetDeltaCount
field: n_packets
is-json: false
# miscellaneous is a 'json-blob'
unmapped-fields: miscellaneous
#storage:
# type: postgres
# connection-info: 'host=127.0.0.1 port=5434 dbname=ipfixpg user=ipfix password=ipfix'
## mappings can be applied for postgresql as well, see mysql
#storage:
# type: mongodb
# uri: mongodb://localhost:27017
# db: testdb
# collection: testcol
## mappings can be applied for mongodb as well, see mysql, all fields are json though
#storage:
# type: influxdb
# host: 172.29.0.1
# port: 2012
# aggregations:
# - field: octetDeltaCount
# interval: 60
# topic: nurdspace.traffic.bytes
## sum, average or count:
# type: sum
# rules:
# - match-key: ipVersion
# match-val: 4
listen-port: 4739
# ipfix / v5 / v9
protocol: ipfix
logging:
file: /var/log/ipfixer.log
loglevel-files: info
loglevel-screen: info