-
Notifications
You must be signed in to change notification settings - Fork 5
/
example_config.yml
56 lines (53 loc) · 2.44 KB
/
example_config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
---
_net_filters: &net_filters
- subnet_name: 10 # name for the filter (must be unique)
network: 10.0.0.0 # network address in dot-notation
network_mask: 255.0.0.0 # network mask in dot-notation
description: "all RFC 1918 10/8" # just a human readable description
# except_ports: [443] # do not filter traffic for this set of ports
# include_ports: [80] # only filters traffic for this set of ports
- subnet_name: 17216
network: 172.16.0.0
network_mask: 255.240.0.0
description: "all RFC 1918 172.16/12"
- subnet_name: 169254
network: 169.254.0.0
network_mask: 255.255.0.0
description: "all 169.254/16 loopback"
- subnet_name: 127
network: 127.0.0.0
network_mask: 255.0.0.0
description: "all 127/8 loopback"
# Some configuration fields supported by all probes:
# filters: list of network filters (see above for schema); they act on the destination
# address for tcp_connect and udp_session, local listening address for net_listen
# container_labels: list of label filters to only capture events generated from processes in containers
# container_poll_interval: how often to poll for running containers (in seconds)
# excludeports: list of ports to be filtered out (cannot be used with includeports)
# includeports: list of ports for which events will be logged (filters out all the others) (cannot be used with excludeports)
# plugins: map of plugins to enable for the probe (check README for more details)
udp_session:
filters: *net_filters
tcp_connect:
filters: *net_filters
container_labels:
- key=value
plugins:
sourceipmap:
enabled: True
hostfiles:
- '/etc/hosts'
attribute_key: "source_host"
net_listen:
snapshot_periodicity: 43200 # how often the probe should output a full list of the listening processes (seconds, off by default)
protocols: [tcp] # for which protocols events get logged (choices: tcp, udp)
same_namespace_only: False # filter out events for network namespaces different from the one of the pidtree-bcc process (off by default)
exclude_random_bind: False # filter out bind events using port 0 (affects UDP events only, off by default)
filters:
- subnet_name: 127
network: 127.0.0.0
network_mask: 255.0.0.0
description: "all 127/8 loopback"
excludeports:
- 22222
- 30000-40000