This repository has been archived by the owner on Nov 14, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 13
/
dnstap.conf
276 lines (257 loc) · 6.84 KB
/
dnstap.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
trace:
# log file path or null to print to stdout
file: null
# enable verbose mode
verbose: false
# rest api
web-api:
# enable or disable
enable: true
# web api key
api-key: changeme
# basicauth login
login: admin
# basicauth password
password: changeme
# listening address ipv4 0.0.0.0 or ipv6 [::]
local-address: 0.0.0.0
# listing on port
local-port: 8080
# geoip support, can be used to get the country, and city
# according to the source ip in the dnstap message
geoip:
# enable or disable
enable: false
# city database path in binary format
city-database: null
# represent country in iso mode
country-iso: false
# dnstap receiver statistics
statistics:
# qname lowercase
qname-lowercase: true
# default number of items to return in tables
max-items: 10
# default counters to return from api /counters
default-counters:
- clients
- domains
- query
- response
- qps
- response/noerror
- response/nxdomain
# default top domain to return from api /tables
default-top:
- noerror/query
- nxdomain/response
# read and decode dnstap messages from different sources
input:
# read dnstap messages from tcp socket
tcp-socket:
# enable or disable
enable: true
# listening address ipv4 0.0.0.0 or ipv6 [::]
local-address: 0.0.0.0
# listing on port
local-port: 6000
# access control list
access-control-list:
- 0.0.0.0/0
# enable tls on socket
tls-support: false
# provide certificate server path
tls-server-cert: null
# provide certificate key path
tls-server-key: null
# read dnstap messages fom unix socket
unix-socket:
# enable or disable
enable: false
# socket path
path: null
# sniff dns messages from network interface
sniffer:
# enable or disable
enable: false
# interface name to sniff
eth-name: null
# ip interface to sniff
eth-ip: [ ]
# dnstap identity
dnstap-identity: sniffer
# sniff on the list of dns port
dns-port: [ 53 ]
# incoming dns client queries
client-query-support: true
# outgoing dns client responses
client-response-support: true
# outgoing dns resolver queries
resolver-query-support: true
# incoming dns client responses
resolver-response-support: true
# forward queries
forwarder-query-support: true
# forward responses
forwarder-response-support: true
# tcp client
tcp-client:
# enable or disable
enable: false
# retry interval in seconds to connect
retry: 1
# remote dns server address
remote-address: null
# remote dns server port
remote-port: null
# filtering feature on input, can be useful to ignore
# some dnstap messages
filter:
# qname filtering feature with regex support
qname-regex: null
# dnstap identify filtering feature with regex support
dnstap-identities: null
# forward decoded messages to ?
output:
# forward to stdout, default output
stdout:
# enable or disable
enable: true
# format available text|json|yaml
format: text
# forward to log file
file:
# enable or disable
enable: false
# format available text|json|yaml
format: text
# log file path or null to print to stdout
file: /var/log/dnstap.log
# max size for log file
file-max-size: 10M
# number of max log files
file-count: 10
# print metrics to stdout
metrics:
# enable or disable
enable: false
# print every N seconds
interval: 300
# cumulative statistics, without clearing them after printing
cumulative: true
# log file path or null to print to stdout
file: null
# max size for log file
file-max-size: 10M
# number of max log files
file-count: 10
# forward to remote tcp destination
tcp-socket:
# enable or disable
enable: false
# format available text|json|yaml
format: text
# delimiter
delimiter: "\n"
# retry interval in seconds to connect
retry: 5
# remote ipv4 or ipv6 address
remote-address: null
# remote tcp port
remote-port: null
# forward to syslog server
syslog:
# enable or disable
enable: false
# syslog over tcp or udp
transport: udp
# format available text|json
format: text
# retry interval in seconds to connect
retry: 5
# remote ipv4 or ipv6 address of the syslog server
remote-address: null
# remote port of the syslog server
remote-port: null
# forward to another remote dnstap receiver
dnstap:
# enable or disable
enable: false
# retry interval in seconds to connect
retry: 1
# remote ipv4 or ipv6 address of the remote dnstap receiver
remote-address: null
# remote port of the remote dnstap receiver
remote-port: null
# dnstap identity
dnstap-identity: dnstap-receiver
# forward to a Kafka topic
kafka:
# enable or disable
enable: false
# format available text|json|yaml
format: json
# configuration object to pass to librdkafka
rdkafka-config:
"bootstrap.servers": null
"security.protocol": null
"sasl.mechanism": null
"sasl.username": null
"sasl.password": null
# Kafka topic to forward messages to
topic: null
# forward to a RabbitMQ queue
rabbitmq:
# enable or disable
enable: false
# format available text|json|yaml
format: json
# connection configuration
connection:
username: null
password: null
host: 127.0.0.1
port: 5672
# Queue to forward messages to
queue:
queue: null
passive: false
durable: true
exclusive: false
auto_delete: false
# Exchange, default ''
exchange: ""
# Routing key, default = queue
routing-key: null
# Retries to connect/publish
retry-count: 2
# Retry delay seconds
retry-delay: 0.5
# forward to postgresql server
pgsql:
# enable or disable
enable: false
# retry interval in seconds to connect
retry: 1
# dsn := postgres://user@host:port/database
# To explicitly write passwd in dsn is not recommended though possible.
# Instead use passfile below.
dsn: postgres://postgres@localhost:5432/postgres
# passfile := /path/to/.pgpass
# https://www.postgresql.org/docs/12/libpq-connect.html#LIBPQ-CONNECT-PASSFILE
passfile: ~/.pgpass
# min_size: minimum number of connections in the pool
min_size: 5
# max_size: maximum number of connections in the pool
max_size: 10
# busy_wait: wait this amount of seconds in the busy loop to write to PostgreSQL.
busy_wait: 1.0
# timeout: wait this amount of seconds to re-create the connection pool to PostgreSQL after it failed.
timeout: 60
# filename including user defined functions
userfuncfile: null
elasticsearch:
# enable or disable
enable: false
# elasticsearch url
url: null