Differences

This shows you the differences between two versions of the page.

--- en:dpi:dpi_options:opt_li:li_ipfix [2024/09/26 15:29] – внешнее изменение 127.0.0.1
+++ en:dpi:dpi_options:opt_li:li_ipfix [2025/06/26 07:26] (current) – [IPFIX metadata export template formats] elena.krasnobryzh
@@ Line 1: / Line 1: @@
-====== IPFIX export ======
+====== Configuring Clickstream, Meta data, DNS export in IPFIX ======
 {{indexmenu_n>3}}
@@ Line 41: / Line 41: @@
 here
-  * **//em1//** - NIC using for export.
+  * **''em1''** — NIC using for export.
-  * **//ipfix_udp_collectors//** - IP of udp collectors.
+  * **''ipfix_udp_collectors''** — IP of udp collectors.
-  * **//ipfix_tcp_collectors//** - IP of tcp collectors.
+  * **''ipfix_tcp_collectors''** — IP of tcp collectors.
-  * **//dbg_log_mask=0x80//** - logging statistics about export.
+  * **''dbg_log_mask=0x80''** — logging statistics about export.
 ==== IPFIX format template for Clickstream ====
-The format of IPFIX templates for IPV6 differs only in the //IP_SOURCE// and //IP_DESTINATION// fields.
+The format of IPFIX templates for IPV6 differs only in the **IP_SOURCE** and **IP_DESTINATION** fields.
 ^  №	^  Size in bytes	^  Type 	^  IANA 	^  Description	^  Note  ^
@@ Line 82: / Line 82: @@
 **ND:**
-  * LOCKED = 1 - blocked by HTTPS, 2 - HTTP redirect, 3 - blocked by HTTP (transmitted by bitmask)
+  * LOCKED = 1 — blocked by HTTPS, 2 — HTTP redirect, 3 — blocked by HTTP (transmitted by bitmask)
-  * HOST TYPE = 1 in case of HTTP, 2 - CNAME, 3 - SNI, 4 - QUIC
+  * HOST TYPE = 1 in case of HTTP, 2 — CNAME, 3 — SNI, 4 — QUIC
-  * METHOD = 1 - GET, 2 - POST, 3 - PUT, 4 - DELETE
+  * METHOD = 1 — GET, 2 — POST, 3 — PUT, 4 — DELETE
-If the configuration parameter "//http_parse_reply=1//" is enabled, information from responses to requests will be additionally transmitted. You can associate them with responses by the session identifier //SESSION_ID//, taking into account the order.
+If the configuration parameter ''http_parse_reply=1'' is enabled, information from responses to requests will be additionally transmitted. You can associate them with responses by the session identifier **SESSION_ID**, taking into account the order.
 ^  Clickstream export template IPFIX format for HTTP responses((for the IPv6 variant see difference above))  ^^^^^^
@@ Line 106: / Line 106: @@
 |  2017  |  -  |  raw  |  43823  |MPLS Labels|
-If the configuration parameter "//ssl_parse_reply=1//" is enabled, information from responses to requests will be additionally transmitted. You can associate them with responses by the session identifier //SESSION_ID//, taking into account the order.
+If the configuration parameter ''ssl_parse_reply=1'' is enabled, information from responses to requests will be additionally transmitted. You can associate them with responses by the session identifier **SESSION_ID**, taking into account the order.
 ^  Clickstream export template IPFIX format for responses over SSL/TLS, HTTPS((for the IPv6 variant, see difference above))  ^^^^^^
@@ Line 139: / Line 139: @@
 where
-  * **//em1//** - network interface name for export\\
+  * **''em1''** — network interface name for export\\
-  * **//ipfix_meta_udp_collectors//** - udp addresses of collectors\\
+  * **''ipfix_meta_udp_collectors''** — udp addresses of collectors\\
-  * **//ipfix_meta_tcp_collectors//** - tcp addresses of collectors\\
+  * **''ipfix_meta_tcp_collectors''** — tcp addresses of collectors\\
-  * **//dbg_log_mask=0x80//** - output of statistical information about export to the log
+  * **''dbg_log_mask=0x80''** — output of statistical information about export to the log
 ==== IPFIX metadata export template formats ====
@@ Line 168: / Line 168: @@
 |  2017  |  -  |  raw  |  43823  |MPLS Labels|
 **Notes:** \\
-IP_SRC --- IP SOURCE\\
+**IP_SRC** — IP SOURCE\\
-IP_DST --- IP DESTINATION\\
+**IP_DST** — IP DESTINATION\\
-GATEWAYS --- comma separated list of gateways (IP or hostname)
+**GATEWAYS** — comma separated list of gateways (IP or hostname)
 ^  FTP Metadata Export Template IPFIX Format  ^^^^^^
@@ Line 190: / Line 190: @@
 |  2017  |  -  |  raw  |  43823  |MPLS Labels|
-**Note:** the MODE field contains the FTP connection type 0 --- active, 1 --- passive
+**Note:** the MODE field contains the FTP connection type 0 — active, 1 — passive
 ^  Messenger Metadata Export Template IPFIX Format (XMPP)  ^^^^^^
@@ Line 212: / Line 212: @@
 |  2017  |  -  |  raw  |  43823  |MPLS Labels|
-**Note:** the IM_PROTOCOL field contains the type of protocol used: 0 --- ICQ, 7 --- XMPP, 106 --- ZELLO
+**Note:** the IM_PROTOCOL field contains the type of protocol used: 0 — ICQ, 7 — XMPP, 106 — ZELLO
 ^  IPFIX format of mail protocol metadata export template (POP, IMAP, SMTP)  ^^^^^^
@@ Line 237: / Line 237: @@
 |  2017  |  -  |  raw  |  43823  | MPLS Labels |
-**Note:** the EVENT field indicates the event type 1 --- send, 2 --- receive, \\
+**Note:** the EVENT field indicates the event type 1 — send, 2 — receive, \\
-ATTACHMENT sign of an attachment, mail_protocol = 0 --- smtp, 1 --- pop3, 2 --- imap
+ATTACHMENT sign of an attachment, mail_protocol = 0 — smtp, 1 — pop3, 2 — imap
 ^  The raw unparsed metadata export template IPFIX format  ^^^^^^
@@ Line 263: / Line 263: @@
 |  2017  |  -  |  raw  |  43823  |MPLS Labels|
 **Note:**
-  * **//FLW_DIR//** --- direction of packet on interfaces : 0 : subs --> inet, 1 : inet --> subs \\
+  * **''FLW_DIR''** — direction of packet on interfaces : 0 : subs → inet, 1 : inet → subs \\
-  * **//DIR_DATA//** --- direction of the packet by session: for TCP 0 : client --> server, 1 : server --> client, for UDP --- from whom the first packet was recorded, he is considered the client\\
+  * **''DIR_DATA''** — direction of the packet by session: for TCP 0 : client → server, 1 : server → client, for UDP — from whom the first packet was recorded, he is considered the client\\
-  * **//VDPI_PROTO//** --- protocol that defined dpi\\
+  * **''VDPI_PROTO''** — protocol that defined DPI\\
-  * **//META_PROTO//** --- internal protocol identifier (3 --- SIP, 4 --- FTP, 5 --- SMTP, 6 --- POP3, 7 --- IMAP, 8 --- XMPP, 9 --- ICQ, 10 --- RSS, 11 --- NNTP, 12 --- H323, 13 --- ZELLO)\\
+  * **''META_PROTO''** — internal protocol identifier (3 — SIP, 4 — FTP, 5 — SMTP, 6 — POP3, 7 — IMAP, 8 — XMPP, 9 — ICQ, 10 — RSS, 11 — NNTP, 12 — H323, 13 — ZELLO)\\
-  * **//RAW_DATA//** --- raw data
+  * **''RAW_DATA''** — raw data
 Aggregating ''raw_data'', ''clickstream'', ''http_reply'' and ''ssl_reply'' with session data requires additional processing or executing a database query with the ''session_id'' key, or support in the ''rcollector'' utility.
@@ Line 279: / Line 279: @@
 </code>
 where
-  * **''em1''** --- the name of the network interface to export.\\
+  * **''em1''** — the name of the network interface to export.\\
-  * **''ipfix_dns_udp_collectors''** --- UDP addresses of collectors.\\
+  * **''ipfix_dns_udp_collectors''** — UDP addresses of collectors.\\
-  * **''ipfix_dns_tcp_collectors''** --- TCP collector addresses.\\
+  * **''ipfix_dns_tcp_collectors''** — TCP collector addresses.\\
 The format of IPFIX templates for IPV6 differs in the format of the ''IP_SOURCE'' and ''IP_DESTINATION'' fields.
@@ Line 313: / Line 313: @@
 An alternative is to save the data in a local text log. Parameters:
-  * **//ajb_save_dns//** - flag for writing to a text file
+  * **''ajb_save_dns''** — flag for writing to a text file\\ **''ajb_save_dns=2''** allows you to enable sending DNS queries via IPFIX
-  * **//ajb_dns_ftimeout//** - timeout (minutes) for switching to the next file
+  * **''ajb_dns_ftimeout''** — timeout (minutes) for switching to the next file
-  * **//ajb_dns_bufsize//** - file write buffer
+  * **''ajb_dns_bufsize''** — file write buffer
-  * **//ajb_dns_fsize//** - file size limit
+  * **''ajb_dns_fsize''** — file size limit
-  * **//ajb_dns_path//**- path where to write
+  * **''ajb_dns_path''** — path where to write
-Switching to the next file occurs when the file size reaches //ajb_dns_fsize// or the file is not empty and //ajb_dns_ftimeout// has passed
+Switching to the next file occurs when the file size reaches ''ajb_dns_fsize'' or the file is not empty and ''ajb_dns_ftimeout'' has passed
 ajb_save_dns_format : format for writing to a text file
-  * **"ts"** - time
+  * **''ts''** - time
-  * **"ipsrc"** - ip source
+  * **''ipsrc''** — ip source
-  * **"ipdst"** - ip destination
+  * **''ipdst''** — ip destination
-  * **"ssid"** - session id
+  * **''ssid''** — session id
-  * **"login"** - understandable
+  * **''login''** — understandable
-  * **"host"** - the name of which the information was requested
+  * **''host''** — the name of which the information was requested
-  * **"rrtype"** - RR types
+  * **''rrtype''** — RR types
-  * **"rrclass"** - RR class
+  * **''rrclass''** — RR class
-  * **"ttl"** - TTL
+  * **''ttl''** — TTL
-  * **"rdlen"** - rdata size
+  * **''rdlen''** — rdata size
-  * **"rdata"** - the resource itself
+  * **''rdata''** — the resource itself
-  * **"psrc"** - port source
+  * **''psrc''** — port source
-  * **"pdst"** - port destination
+  * **''pdst''** — port destination
-  * **"transport"** - how the DNS query was received.
+  * **''transport''** — how the DNS query was received.
 Default: ''ts:ssid:login:ipsrc:ipdst:psrc:pdst:transport:host:rrtype:rrclass:ttl:rdlen:rdata''
+=====Sending Template in IPFIX=====
+  - Transport protocol TCP.\\ The Template is sent once after the TCP session is established.
+  - Transport protocol UDP.\\ The Template is sent by default every 20 seconds. This is controlled by the ''ipfix_udp_template_timer'' parameter.

Profile

Settings

Differences