| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| en:dpi:dpi_options:opt_li:li_ipfix [2025/07/18 12:43] – [Table] elena.krasnobryzh | en:dpi:dpi_options:opt_li:li_ipfix [2026/04/02 11:53] (current) – [Configuring the export of DNS responses or DNS queries] elena.krasnobryzh |
|---|
| Any universal IPFIX collector that accepts templates or the __[[en:dpi:dpi_components:utilities:ipfixreceiver2|IPFIX Receiver]]__ utility is suitable for collecting information in IPFIX format. | Any universal IPFIX collector that accepts templates or the __[[en:dpi:dpi_components:utilities:ipfixreceiver2|IPFIX Receiver]]__ utility is suitable for collecting information in IPFIX format. |
| |
| To receive, process and store ClickStream, we suggest using the __[[en:dpi:dpi_components:qoestor|QoE Store software]]__ and __[[en:dpi:dpi_components:dpiui|DPIUI2 graphical interface]]__. | To receive, process and store ClickStream, we suggest using the __[[en:dpi:qoe_analytics|QoE Store software]]__ and __[[en:dpi:dpi_components:dpiui|DPIUI2 graphical interface]]__. |
| |
| If the link quality between SSG and NetFlow/IPFIX collector is insufficient, SSG skips sending some statistics to save performance. A message is displayed in ''fastdpi_alert.log'' when a chunk of information is skipped: | If the link quality between SSG and NetFlow/IPFIX collector is insufficient, SSG skips sending some statistics to save performance. A message is displayed in ''fastdpi_alert.log'' when a chunk of information is skipped: |
| * **''dbg_log_mask=0x80''** — logging statistics about export. | * **''dbg_log_mask=0x80''** — logging statistics about export. |
| |
| | The ''ipfix_mtu_limit'' parameter sets the maximum UDP packet size when sending IPFIX. By default, it equals the minimum MTU of the interfaces used for sending. |
| ==== IPFIX format template for Clickstream ==== | ==== IPFIX format template for Clickstream ==== |
| |
| | 1004 | 16 | IPv6 | 43823 |IP_DESTINATION |Recipient address| | | 1004 | 16 | IPv6 | 43823 |IP_DESTINATION |Recipient address| |
| |
| ^ IPFIX format template for Clickstream |||||| | ^ IPFIX format template for Clickstream ^^^^^^ |
| ^ № ^ Size in bytes ^ Type ^ IANA ^ Description ^ Note ^ | ^ № ^ Size in bytes ^ Type ^ IANA ^ Description ^ Note ^ |
| | 1001 | 4 | int32 | 43823 | TIME_STAMP | | | | 1001 | 4 | int32 | 43823 | TIME_STAMP | | |
| Aggregating ''raw_data'', ''clickstream'', ''http_reply'' and ''ssl_reply'' with session data requires additional processing or executing a database query with the ''session_id'' key, or support in the ''rcollector'' utility. | Aggregating ''raw_data'', ''clickstream'', ''http_reply'' and ''ssl_reply'' with session data requires additional processing or executing a database query with the ''session_id'' key, or support in the ''rcollector'' utility. |
| |
| =====DNS===== | =====Configuring the export of DNS responses or DNS queries===== |
| DNS export is configured with the following settings: | DNS export is configured with the following settings: |
| <code bash> | <code bash> |
| | 2017 | - | raw | 43823 | MPLS Labels || | | 2017 | - | raw | 43823 | MPLS Labels || |
| | 2016 | 2 | int16 | 43823 | BRIDGE_CHANNEL_NUM | Channel (vchannel) or bridge number. If vchannel is set in the DPI configuration, the channel number will be transmitted, otherwise the bridge number will be transmitted | | | 2016 | 2 | int16 | 43823 | BRIDGE_CHANNEL_NUM | Channel (vchannel) or bridge number. If vchannel is set in the DPI configuration, the channel number will be transmitted, otherwise the bridge number will be transmitted | |
| | | 224 | 8 | uint64 | - | ipTotalLength | Total IP packet size | |
| | | 3206 | 2 | uint16 | 43823 | DNS transaction id | DNS Transaction ID | |
| |
| An alternative is to save the data in a local text log. Parameters: | An alternative is to save the data in a local text log. Parameters: |
| * **''ajb_save_dns''** — flag for writing to a text file\\ **''ajb_save_dns=2''** allows you to enable sending DNS queries via IPFIX | * **''ajb_save_dns''** — a bit flag that controls whether to log to a text file and enable sending DNS queries via IPFIX. |
| | * **''ajb_save_dns=0''** — do not save |
| | * **''ajb_save_dns=1''** — enable saving DNS responses to a file |
| | * **''ajb_save_dns=2''** — enables sending DNS queries via IPFIX |
| | * **''ajb_save_dns=3''** — enables sending DNS requests via IPFIX and saving DNS responses to a file |
| | |
| | <note tip>The filter for DNS **request** types to be sent via IPFIX is specified by the ''ajb_save_dns_request_types'' parameter. Values can be specified as ranges using a hyphen, as a list separated by commas, or as the keywords ''all'' (any value) and ''none'' (filter all values). By default, the parameter is set to ''all''.\\ |
| | The filter for DNS **response** types to be sent via IPFIX is specified by the ''ajb_save_dns_answer_types'' parameter. Values can be specified as ranges using hyphens, lists separated by commas, and the keywords ''all'' (any value) and ''none'' (filter all values). By default, the parameter is set to ''1,5,28''.</note> |
| * **''ajb_dns_ftimeout''** — timeout (minutes) for switching to the next file | * **''ajb_dns_ftimeout''** — timeout (minutes) for switching to the next file |
| * **''ajb_dns_bufsize''** — file write buffer | * **''ajb_dns_bufsize''** — file write buffer |
| Switching to the next file occurs when the file size reaches ''ajb_dns_fsize'' or the file is not empty and ''ajb_dns_ftimeout'' has passed | Switching to the next file occurs when the file size reaches ''ajb_dns_fsize'' or the file is not empty and ''ajb_dns_ftimeout'' has passed |
| |
| ajb_save_dns_format : format for writing to a text file | ''ajb_save_dns_format'': format for writing to a text file |
| * **''ts''** - time | * **''ts''** - time |
| * **''ipsrc''** — ip source | * **''ipsrc''** — ip source |
