constcast
/
vermont
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vermont/configs/analysis/p2pdetector.xml

152 lines
3.8 KiB
XML
Raw Blame History

<ipfixConfig xmlns="urn:ietf:params:xml:ns:ipfix-config">
<sensorManager id="99">
<outputfile>sensor_output.xml</outputfile>
<checkinterval>5</checkinterval>
</sensorManager>
<observer id="1">
<filename>DUMP</filename>
<pcap_filter>ip</pcap_filter>
<offlineAutoExit>1</offlineAutoExit>
<offlineSpeed>1</offlineSpeed>
<captureLength>128</captureLength>
<next>2</next>
</observer>
<packetQueue id="2">
<maxSize>1000</maxSize>
<next>3</next>
</packetQueue>
<packetAggregator id="3">
<rule>
<templateId>998</templateId>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<nonFlowKey>
<ieName>flowStartNanoSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndNanoSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>tcpControlBits</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>maxPacketGap</ieName>
</nonFlowKey>
</rule>
<expiration>
<inactiveTimeout unit="sec">5</inactiveTimeout>
<activeTimeout unit="sec">10</activeTimeout>
</expiration>
<pollInterval unit="msec">1000</pollInterval>
<next>4</next>
</packetAggregator>
<ipfixAggregator id="4">
<rule>
<templateId>999</templateId>
<biflowAggregation>1</biflowAggregation>
<flowKey>
<ieName>sourceIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>destinationIPv4Address</ieName>
</flowKey>
<flowKey>
<ieName>protocolIdentifier</ieName>
</flowKey>
<flowKey>
<ieName>sourceTransportPort</ieName>
</flowKey>
<flowKey>
<ieName>destinationTransportPort</ieName>
</flowKey>
<nonFlowKey>
<ieName>flowStartNanoSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>flowEndNanoSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>octetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>packetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>tcpControlBits</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>maxPacketGap</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revflowStartNanoSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revflowEndNanoSeconds</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revoctetDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revpacketDeltaCount</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revtcpControlBits</ieName>
</nonFlowKey>
<nonFlowKey>
<ieName>revMaxPacketGap</ieName>
</nonFlowKey>
</rule>
<expiration>
<inactiveTimeout unit="sec">70</inactiveTimeout>
<activeTimeout unit="sec">310</activeTimeout>
</expiration>
<pollInterval unit="msec">1000</pollInterval>
<next>5</next>
</ipfixAggregator>
<p2pDetector id="5">
<analyzerid>P2PDetector</analyzerid>
<interval>300</interval>
<subnet>192.168.1.0/24</subnet>
<udpRateThreshold>0.013</udpRateThreshold>
<udpHostRateThreshold>0.0007</udpHostRateThreshold>
<tcpRateThreshold>0.082</tcpRateThreshold>
<coexistentTCPConsThreshold>2.9</coexistentTCPConsThreshold>
<rateLongTCPConsThreshold>0.018</rateLongTCPConsThreshold>
<tcpVarianceThreshold>0.068</tcpVarianceThreshold>
<failedConsPercentThreshold>4.8</failedConsPercentThreshold>
<tcpFailedRateThreshold>0.01</tcpFailedRateThreshold>
<tcpFailedVarianceThreshold>0.3</tcpFailedVarianceThreshold>
<next>6</next>
</p2pDetector>
<idmefExporter id="6">
<sendurl>http://localhost</sendurl>
<destdir>idmef-msg</destdir>
</idmefExporter>
</ipfixConfig>
Reference in New Issue View Git Blame Copy Permalink