forked from cloudflare/goflow
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmapping.yaml
88 lines (88 loc) · 1.72 KB
/
mapping.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
formatter:
fields: # list of fields to format in JSON
- type
- time_received_ns
- sequence_num
- sampling_rate
- flow_direction
- sampler_address
- time_flow_start_ns
- time_flow_end_ns
- bytes
- packets
- src_addr
- src_net
- dst_addr
- dst_net
- etype
- proto
- src_port
- dst_port
- in_if
- out_if
- src_mac
- dst_mac
# additional fields
- icmp_name # virtual column
- csum # udp checksum
key:
- sampler_address
protobuf: # manual protobuf fields addition
- name: flow_direction
index: 42
type: varint
- name: bi_flow_direction
index: 41
type: varint
- name: ingress_vrf_id
index: 39
type: varint
- name: egress_vrf_id
index: 40
type: varint
- name: csum
index: 999
type: varint
render:
time_received_ns: datetimenano
# Decoder mappings
ipfix:
mapping:
- field: 61
destination: flow_direction
- field: 239
destination: bi_flow_direction
- field: 234
destination: ingress_vrf_id
- field: 235
destination: egress_vrf_id
netflowv9:
mapping:
- field: 34 # samplingInterval provided within the template
destination: sampling_rate
endian: little
- field: 61
destination: flow_direction
sflow:
ports:
- proto: "udp"
dir: "dst"
port: 3544
parser: "teredo-dst"
- proto: "udp"
dir: "both"
port: 4754
parser: "gre"
- proto: "udp"
dir: "both"
port: 6081
parser: "geneve"
mapping:
- layer: "udp"
offset: 48
length: 16
destination: csum
- layer: "tcp"
offset: 128
length: 16
destination: csum