The configuration file is in YAML format.
$ ./ripflow -ripflow.file /path/to/configuration/file.ymlConfigure the logs.
logging: # configure logging properties
level: debug # log level (trace,debug,info,warning,error)
file: /var/log/riproxy.log # log file (stderr if not set)The log level. Must be one of the following :
- error: used for errors that should definitely be noted.
- warning (or warn): non-critical entries that deserve eyes.
- info: general operational entries about what's going on inside the application.
- debug: usually only enabled when debugging. Very verbose logging.
- trace: designates finer-grained informational events than the Debug.
The log file. Use stderr if not set.
Configure interfaces. This is a map of interface names.
interfaces: # Capturing interfaces
eth0: # Capture all traffic from eth0
eth1: # Capture traffic from eth1
filter: not port 53 # BPF filter: exclude traffic from or to port 53The BPF program to apply to the interface traffic before extracting flows.
Host and port of the Netflow collector.
export:
host: 127.0.0.1
port: 9999Probe cache configuration
cache:
max: 8192 # Maximum cache size (in flows) before oldest flow eviction occurs (default: 65536)
idle_timeout: 15 # Number of second accepted between two packets in the same flow (default: 15)
active_timeout: 1800 # Number of seconds a flow can live (default: 1800)Many parts are based on the goflowd project by Hitoshi Irino (irino).