-
Notifications
You must be signed in to change notification settings - Fork 7
Configure flow inspector
The central config file for flow-inspector is located in the source directory under
config/config.py
You need to create that file, and you can use the file config/config.default.py for this. So just copy it with
cp config/config.default.py config/config.py
The file contains a number of different configurations, that you need to correctly fill in. The following sections will discuss the individual sections
host = "0.0.0.0"
port = 8080
debug = True
Parameters:
| Element name | Expected Value | Description |
| host | IP Addresses | Defines the IP addresses the built-in web-server is listening for incoming HTTP connections. This parameter is not cared for if Flow-Inspector is run in a Web server such as the Apache Web server. |
| port | port number | Defines the port that the built-in web-server is listening for incoming HTTP connections. This parameter is not cared for if Flow-Inspector is run in a Web server such as the Apache Web server. |
| debug | True or False | Defines whether debug mode is enabled. Flow-Inspector will output additional debug information. Furthermore, if debug mode is activated, then flow-inspector will automatically restart if you make changes to any of its python files. It is recommended to activate this parameter if you extend Flow-Inspector. |
flowDBHost="127.0.0.1"
flowDBPort=3306
flowDBUser="username"
flowDBPassword="password"
flowDBName="flows"
This parameter is relevant for import data from flow databases that have been written by the network monitor and IPFIX collector Vermont. It is not necessary to fill in these fields if you do not import data from such a database. It is only used by the script preprocess/import_from_db.py
Parameters:
| Element name | Expected Value | Description |
| flowDBHost | IP Addresses | IP Address of the database |
| flowDBPort | port number | Port number of the database. |
| flowDBPassword | String / Password | Password that is used to authenticate against the database |
| flowDBUser | String / Username | Username that is used to authenticate against the database. |
| flowDBName | String / Username | Database name that contains the flow information. |
db_backend = "mongo"
db_host = "127.0.0.1"
db_port = 27017
db_user = None
db_password = None
db_name = "flows"
Database that is used to store flow-inspectors flow information. This parameter is
Parameters:
| Element name | Expected Value | Description |
| db_backend | String / Type of databackend | Defines the backend type that is used to store the data.
Acceptable values are:
All other configurations are the same among all backends. |
| db_host | IP Addresses | IP Address of the database |
| db_port | port number | Port number of the database. |
| db_password | String / Password | Password that is used to authenticate against the database |
| db_user | String / Username | Username that is used to authenticate against the database. |
| db_name | String / Username | Database name that contains the flow information. |
data_backend = "none"
data_backend_host = "127.0.0.1"
data_backend_port = 3306
data_backend_user = "username"
data_backend_password = "password"
data_backend_name = "flows"
Flow-Inspector might store additional information, other than flow data. For backends that do not support storing data other then flow data, this backend configuration allows to store this kind of data.
This is currently not used. Please ignore this.
Parameters:
| Element name | Expected Value | Description |
| db_backend | String / Type of databackend | Defines the backend type that is used to store the data.
Acceptable values are:
All other configurations are the same among all backends. |
| data_backend_host | IP Addresses | IP Address of the database |
| data_backend_port | port number | Port number of the database. |
| data_backend_password | String / Password | Password that is used to authenticate against the database |
| data_backend_user | String / Username | Username that is used to authenticate against the database. |
| data_backend_name | String / Username | Database name that contains the flow information. |
flow_bucket_sizes = [ 5*60 ]
flow_aggr_values = ["sourceIPv4Address", "destinationIPv4Address", "sourceTransportPort", "destinationTransportPort", "protocolIdentifier"]
flow_aggr_sums = ["packetDeltaCount", "octetDeltaCount"]
flow_filter_unknown_ports = False
Parameters:
| Element name | Expected Value | Description |
| flow_bucket_sizes | List of Integers / Time in Seconds | Defines the available time granularity for the imported data. Flow-Inspector will create statistics and performs flow aggregation based on the time spans in the list. |
| flow_aggr_values | List of Strings / IPFIX Type Names | Defines the Flow Aggregation Keys that are used while aggregating flows. This parameter does contain a list of keys that are used to match flows. All flows sharing the same aggregation keys that are observed in the same time window are aggregated into a single flow. The keys must be specified using the IPFIX name types. |
| flow_aggr_sums | List of strings / IPFIX Type Names | Defines the types of data that are values to be aggregated. Currenlty, only fields that can be aggregated using the SUM() operator are supported. |
| flow_filter_unknown_ports | Boolean / True or False | This parameter controls whether flow-inspector should consider all ports (when set to False), or if it should focus on only a set of ports. THIS IS NOT A FILTER THAT REMOVES FLOWS FROM THE DATASET. If this parameter is set to true, flow-inspector will set all port numbers that are not listed in `config/service-names-port-numbers.xml` to zero. This will result in all these flows that are on non-interesting ports list will be aggregated (this improves performance). |
pre_cache_size = 10000
pre_cache_size_aggr = 5
max_flow_age = 0
Flow-Inspector will try to use caching while importing and aggregating data. Aggregated flows will only be committed to the database, based on a last-recently-seen schema, if the cache is full.
| Element name | Expected Value | Description |
| pre_cache_size | Integer | Number of flows in cache for each defined time window. |
| pre_cache_size_aggr | Integer | Flow-Inspector calculates time-based series for each window. This parameter defines the number of slots that are cached by flow-inspector. |