1.1.9.1. ontp-wire Example Configuration#

1.1.9.1.1. ontp-wire Configuration File Example#

Sample configuration file with env variables defined - suitable for use in a redis store and still accept command line env variables.

 1{
 2 "host_uuid": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
 3 "host_serial": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
 4 "host_unitid": "myorg:Unit",
 5 "loghost": "xxxxxxxxxxxx:2558",
 6 "io_threads": 2,
 7 "msg_threads": 2,
 8 "ssl_threads": 2,
 9 "tool_path": "",
10 "tool_args": [],
11 "no_config_dir": false,
12 "config_dir_name": "ontp-v2.0.2",
13 "add_unique_connection_id": true,
14 "initial_thread_sleep": 500,
15 "remove_from_metric": [ ... ],
16 "metric_base": "layers",
17 "metric_tstamp": "timestamp",
18 "metric_normalize": ["tls"],
19 "sub_key_updates":  ["dns_","http_","tcp_", "xrp_"],
20 "default_line_filter": "timestamp",
21 "capture_filter": ["not dst port 2558 and not src port 2558", "...", "..."]
22 "override_prefs": ["http.tls.port:443,4433", "tcp.try_heuristic_first:TRUE", "udp.try_heuristic_first:TRUE"],
23 "decode_as": ["tcp.port==8888,http", "tcp.port==8888-8890,http"],
24 "disable_name_res": false,
25 "name_res_flags": "",
26 "active": true,
27 "restart_mbus_attempts": 10,
28 "restart_mbus_attempts_sleep": 900,
29 "ssl_cert": "/var/ontp-wire/tls/client.crt",
30 "ssl_key":  "/var/ontp-wire/tls/client.key"
31 "destination_sinks": ["mbus","kafka"],
32 "sink_mbus_active": 0,
33 "sink_kafka_active": 0,
34 "sink_kafka_json_output": 0,
35 "bulk_write_threshold": 25,
36 "kafka_config": { .. }
37}

Additional Documentation - ontp-wire config

1.1.9.1.2. tshark agent configuration#

The configuration of the tshark agent is managed via the -v argument to docker command.

-v "$PWD/ontp-capture_config:/home/ontpcap:ro"

This specifies that tshark will use this directory for its default configuration.

Any configuration of the tshark agent should go into this directory.

Any changes to this directory will require a restart of the agent via docker command.

Default directories for tshark configuration as defined on the image

Temp:                   /tmp
Personal configuration: /home/ontpcap/.config/wireshark
System:                 /etc
Personal Plugins:       /home/ontpcap/.local/lib/wireshark/plugins/3.7