6. ontp-wire config#

6.1. Network Metrics Capture Configuration#

6.1.1. Configuration File Example#

Sample configuration file with env variables defined - sutible for use in a redis store and still accept command line env variables.

 1{
 2 "host_uuid": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
 3 "host_serial": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
 4 "host_unitid": "myorg:Unit",
 5 "host_ident": "my.hostname.com",
 6 "loghost": "xxxxxxxxxxxx:2558",
 7 "io_threads": 2,
 8 "msg_threads": 2,
 9 "ssl_threads": 2,
10 "tool_path": "",
11 "tool_args": [],
12 "no_config_dir": false,
13 "config_dir_name": "ontp-v2.0.2",
14 "add_unique_connection_id": true,
15 "initial_thread_sleep": 500,
16 "remove_from_metric": [ ... ],
17 "metric_base": "layers",
18 "metric_tstamp": "timestamp",
19 "metric_normalize": ["tls"],
20 "sub_key_updates":  ["dns_","http_","tcp_", "xrp_"],
21 "default_line_filter": "timestamp",
22 "capture_filter": ["not dst port 2558 and not src port 2558", "...", "..."]
23 "override_prefs": ["http.ssl.port:443,4433", "http.tcp.port:8080"],
24 "decode_as": ["tcp.port==8888,http", "tcp.port==8888-8890,http"],
25 "disable_name_res": false,
26 "name_res_flags": "",
27 "active": true,
28 "restart_mbus_attempts": 10,
29 "restart_mbus_attempts_sleep": 900,
30 "ssl_cert": "/var/ontp-wire/tls/client.crt",
31 "ssl_key":  "/var/ontp-wire/tls/client.key",
32 "destination_sinks": ["mbus","kafka"],
33 "sink_mbus_active": 0,
34 "sink_kafka_active": 0,
35 "sink_kafka_json_output": 0,
36 "bulk_write_threshold": 25,
37 "kafka_config": { .. }
38}

6.1.2. Capture Configuration File Sections#

  • host_uuid
    • Specify a unique uuid for the host to make it unique within your environment.

      • Typically any uuid format will do as long as it is unique within your environment.

  • host_serial
    • The serial number associated with the ontp-tsdb deployed instance.

      • The serial number is configured into the ontp-tsdb instance with the config-auth script.

  • host_unitid

    • An identifier that ties this instance to a group defined within your environment.

  • loghost

    • The host and port that the ontp-mbus component is located on.

  • io_threads
    • Number of io threads

      • Internal the number of threads we use for io - should not need to alter.

  • msg_threads
    • Number of message threads

      • Internal the number of threads we use for msgs - should not need to alter.

  • ssl_threads
    • Number of ssl threads

      • The number of ssl connections to the msg bus - should not need to alter.

  • tool_path

    • Tool path

  • tool_args

    • Tool arguments

  • no_config_dir

    • Do you want to not specify a configuration directory. Default: false

  • config_dir_name

    • The configuration preferences directory that should be used for configuration.

  • add_unique_connection_id

    • Add a unique id to the metric

  • initial_thread_sleep

    • How long to initially delay sending metrics

  • remove_from_metric

    • Remove these elements from the metric before pushing them to the database.

  • metric_base

    • Base key into the metric

  • metric_tstamp

    • What is the timestamp field for the metric?.

  • metric_normalize

    • Metrics that should be normalized

  • sub_key_updates

    • Part of the data remapping check for these sub keys to update

  • default_line_filter

    • Filter to scan for - do not change - unless you know what you are doing.

  • capture_filter

    • pcap bpf / filter configuration

Warning

The port which the ontp-mbus component is recieving data on should be excluded from collection.

Example for the default ontp-mbus port capture_filter should contain

[“not dst port 2558 and not src port 2558”]

Otherwise you will get metric data about your metrics which is not recommended.

  • active

    • Is the configuration valid and to be treated as active.

    • If the configuration is not valid i.e == false then the tool will exit during startup.

  • restart_mbus_attempts

    • Attempt to restart broken ssl connections to the database a max amount of times: default = 10,

  • override_prefs

    • Examples [“http.tls.port:443,4433”, “tcp.try_heuristic_first:TRUE”, “udp.try_heuristic_first:TRUE”],

  • decode_as

    • Decode a protocol running on not a typical port

    • Examples [“tcp.port==8888,http”, “tcp.port==8888-8890,http”]

  • disable_name_res

    • Disable name resolution. Default false

  • name_res_flags

    • Name resolving flags

  • restart_mbus_attempts_sleep

    • Sleep duration during restart attempts - default: 900 milliseconds

  • ssl_cert

    • SSL certificate to be used to communicate with the message bus.

Warning

  • note this should not be changed as the cert that is used in the docker command is mapped to this location

  • ssl_key

    • SSL key used to communicate with the message bus.

Warning

  • note this should not be changed as the cert that is used in the docker command is mapped to this location

  • destination_sinks

    • Specify what location to send metrics to , supported are mbus and kafka

    • “destination_sinks”: [“mbus”,”kafka”]

  • sink_mbus_active

    • Internal default

  • sink_kafka_active

    • Internal default 0

  • sink_kafka_json_output

    • Internal default 0

  • bulk_write_threshold

    • Specify the threshold limit at which to send metrics to the other subsystems

  • kafka_config - Specify the kafka configuration if you are sending network metrics to kafka

    • 1 Basic config

1 {"topic_name": "NY1-Zone1", "ontp-koutput": "json", "bootstrap.servers": "192.168.1.20:9092",
                "message.timeout.ms": "900", "session.timeout.ms": "6000"}

  • 2 SSL config

2 {"topic_name": "NY1-Zone1", "ontp-koutput": "json", "bootstrap.servers": "192.168.1.20:9093",
   "message.timeout.ms": "800", "session.timeout.ms": "6000", "security.protocol": "SSL",
   "ssl.ca.location": "./kubernetes/tls/ca.pem", "ssl.key.location": "./kubernetes/tls/client-key.pem",
   "ssl.certificate.location": "./kubernetes/tls/client.pem", "enable.ssl.certificate.verification": "true"
  }