Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| en:dpi:dpi_options:opt_li:li_ipfix:start [2021/05/08 07:43] – [IPFIX format template for Clickstream] arusnak | en:dpi:dpi_options:opt_li:li_ipfix:start [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== 3 IPFIX export ====== | ||
| - | {{indexmenu_n> | ||
| - | For Clickstream data analisys (subscribers' | ||
| - | on external systems IPFIX export is available. | ||
| - | A list of the correspondence between the Protocol and the port number in netfow5 can be found [[en: | ||
| - | |||
| - | Any universal IPFIX collector that accepts templates or the [[en: | ||
| - | |||
| - | To receive, process and store ClickStream, | ||
| - | |||
| - | ===== ClickStream export Setup ===== | ||
| - | Clickstream experts is configured by folowing parameters: | ||
| - | <code ini> | ||
| - | ipfix_dev=em1 | ||
| - | ipfix_udp_collectors=1.2.3.4: | ||
| - | ipfix_tcp_collectors=1.2.3.6: | ||
| - | dbg_log_mask=0x80 | ||
| - | </ | ||
| - | here | ||
| - | * em1 NIC using for export | ||
| - | * ipfix_udp_collectors IP of udp collectors | ||
| - | * ipfix_tcp_collectors IP of tcp collectors | ||
| - | * dbg_log_mask=0x80 logging statistics about export | ||
| - | |||
| - | ===== IPFIX format template for Clickstream ===== | ||
| - | |||
| - | The format of IPFIX templates for IPV6 differs only in the IP SOURCE and IP DESTINATION fields. | ||
| - | |||
| - | ^№ ^Size in bytes ^Type ^IANA ^Description ^Note^ | ||
| - | |1003 |16 |ipv6 |43823 |IP SOURCE |sender address| | ||
| - | |1004 |16 |ipv6 |43823 |IP DESTINATION |recipient address| | ||
| - | |||
| - | IPFIX format template for Clickstream | ||
| - | |||
| - | ^№ ^Size in bytes ^Type ^IANA ^Description^Note^ | ||
| - | |1001 |4 |int32 |43823 |TIMESTAMP| | ||
| - | |1002 |- |string |43823 |LOGIN| | ||
| - | |1003 |4 |ipv4 |43823 |IP SOURCE| | ||
| - | |1004 |4 |ipv4 |43823 |IP DESTINATION| | ||
| - | |1005 |- |string |43823 |HOSTNAME/ | ||
| - | |1006 |- |string |43823 |PATH| | ||
| - | |1007 |- |string |43823 |REFER| | ||
| - | |1008 |- |string |43823 |USER AGENT| | ||
| - | |1009 |- |string |43823 |COOCKIE| | ||
| - | |2000 |8 |int64 |43823 |SESSION ID| | ||
| - | |1010 |8 |int64 |43823 |LOCKED| | ||
| - | |1011 |1 |int8 |43823 |HOST TYPE| | ||
| - | |1012 |1 |int8 |43823 |METHOD| | ||
| - | |1013 |2 |int16 |43823 |PORT SOURCE| Sender port | | ||
| - | |1014 |2 |int16 |43823 |PORT DESTINATION| Recipient port | | ||
| - | |2016 | ||
| - | |||
| - | ND: | ||
| - | * LOCKED contains the blocking mark if its value !=0, | ||
| - | * HOST TYPE = 1 in case of HTTP, 2 - CNAME, 3 - SNI, 4 - QUIC | ||
| - | * METHOD = 1 - GET, 2 - POST, 3 - PUT, 4 - DELETE | ||
| - | |||
| - | Clickstream is usefulnot only local authorities but ISP also for subscriber interest profiles, top of sites, ads targeting, prevent outflow of subscribers etc. | ||
| - | |||
| - | SIP metadata export is configured by folowing parameters: | ||
| - | < | ||
| - | ipfix_dev=em1 | ||
| - | ipfix_meta_udp_collectors=1.2.3.4: | ||
| - | ipfix_meta_tcp_collectors=1.2.3.6: | ||
| - | dbg_log_mask=0x80 | ||
| - | </ | ||
| - | here | ||
| - | em1 NIC for data export\\ | ||
| - | ipfix_meta_udp_collectors IP of udp collectors\\ | ||
| - | ipfix_meta_tcp_collectors IP of tcp collectors\\ | ||
| - | dbg_log_mask=0x80 logging statistics about export | ||
| - | |||
| - | IPFIX format template for export SIP metadata | ||
| - | ^№ ^Size in Bytes ^Type ^IANA ^Description^Note^ | ||
| - | |0 | | ||
| - | |1 | | ||
| - | |2 | | ||
| - | |3 | | ||
| - | |4 | | ||
| - | |5 | | ||
| - | |6 | | ||
| - | |7 | | ||
| - | |8 | | ||
| - | |9 | | ||
| - | |10 | -|string| 3005| callid| | ||
| - | |11 | -|string| 3006| uagent| | ||
| - | |12 | -|string| 3007| ctype| | ||
| - | |||
| - | IPFIX template for FTP metadata export | ||
| - | ^№ ^size ^type ^IANA ^description^Note^ | ||
| - | |1001 | | ||
| - | |1002 | | ||
| - | |1003 | | ||
| - | |1004 | | ||
| - | |2000 | | ||
| - | |3050 | -|string| 43823| server name| | ||
| - | |3051 | -|string| 43823| user| | ||
| - | |3052 | -|string| 43823| password| | ||
| - | |3053 | 1|int8| 43823| mode | | ||
| - | |||
| - | :!: the mode field contains the type of ftp connection 0 - active, 1 - passive | ||
| - | |||
| - | IPFIX template for short messages metadata protocols (XMPP) | ||
| - | ^№ ^size ^type ^IANA ^description^Note^ | ||
| - | |1001 | | ||
| - | |1002 | | ||
| - | |1003 | | ||
| - | |1004 | | ||
| - | |2000 | | ||
| - | |3100 | -|string| 43823| im_login| | ||
| - | |3101 | -|string| 43823| im_passw| | ||
| - | |3102 | -|string| 43823| im_screen_name| | ||
| - | |3103 | -|string| 43823| im_uin| | ||
| - | |3104 | 1|int8 | 43823| im_protocol| | ||
| - | |3105 | -|string| 43823| im_receivers| | ||
| - | |||
| - | :!: the im_protocol field contains the type of usesd protocol: 7 - XMPP | ||
| - | |||
| - | IPFIX template for export EMAIL metadata protocols (POP, | ||
| - | ^№ ^size ^type ^IANA ^description^Note^ | ||
| - | |1001 | | ||
| - | |1002 | | ||
| - | |1003 | | ||
| - | |1004 | | ||
| - | |2000 | | ||
| - | |3150 | -|string| 43823| mail_sender| | ||
| - | |3151 | -|string| 43823| mail_receiver| | ||
| - | |3152 | -|string| 43823| mail_cc| | ||
| - | |3153 | -|string| 43823| mail_subject| | ||
| - | |3154 | -|string| 43823| mail_servers| | ||
| - | |3155 | -|string| 43823| mail_reply| | ||
| - | |3156 | 1|int8 | 43823| event | | ||
| - | |3157 | 1|int8 | 43823| attachment| | ||
| - | |3158 | 1|int8 | 43823| mail_protocol| | ||
| - | |||
| - | :!: the event field contains the type of event 1 - send, 2 - receive\\ | ||
| - | :!: the attachment field contains the attachment mark\\ | ||
| - | :!: mail_protocol = 0 - smtp, 1 - pop3, 2 - imap\\ | ||
| - | |||
| - | For receiving export with IPFIX protocol can be used any universal IPFIX collector, for instance - [[https:// | ||
| - | |||