-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathxdpcap.yaml.example
More file actions
59 lines (49 loc) · 1.46 KB
/
xdpcap.yaml.example
File metadata and controls
59 lines (49 loc) · 1.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# xdpcap configuration file
#
# This file should be placed at /etc/xdpcap/xdpcap.yaml
# or specified via the -c/--config flag.
# Network interface to capture packets from
interface: eth0
# Directory to store pcap files
output_dir: /var/log/xdpcap
# How often to rotate pcap files
# Supported formats: 5m, 1h, 30s, etc.
rotation_interval: 5m
# Flows to exclude from capture
# Packets matching these rules will NOT be captured.
# All fields are optional - omitted fields match any value.
#
# Supported protocols: tcp, udp, icmp, icmpv6
# IP addresses can be IPv4 or IPv6, but src_ip and dst_ip
# must be the same version within a single rule.
exclude_flows:
# Example: Exclude SSH traffic from a backup server
- name: "backup-server-ssh"
src_ip: "10.0.0.100"
dst_port: 22
protocol: tcp
# Example: Exclude rsync file transfers to a specific host
- name: "rsync-transfers"
dst_ip: "192.168.1.50"
dst_port: 873
protocol: tcp
# Example: Exclude all DNS responses (source port 53)
- name: "dns-responses"
src_port: 53
protocol: udp
# Example: Exclude NFS traffic
- name: "nfs-traffic"
dst_port: 2049
protocol: tcp
# Example: Exclude SNMP monitoring
- name: "snmp-monitoring"
dst_port: 161
protocol: udp
# Example: Exclude syslog traffic
- name: "syslog"
dst_port: 514
protocol: udp
# Example: Exclude IPv6 traffic from a specific host
- name: "ipv6-monitoring"
src_ip: "2001:db8::1"
protocol: tcp