The Hoof & Paw
DocsCategoriesTagsView the current conditions from the WolfspyreLabs WeatherstationToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage
  1. 🐺πŸ”₯βš—οΈβ„’
  2. /
  3. WolfspyreLabs Docpages
  4. /
  5. Networking
  6. /
  7. Configuring Flows in Aruba gear
Edit page

Configuring Flows in Aruba gear

#configuring flow on arubas existing prior art shows us the general steps:

  #EF_FLOW_SERVER_UDP_PORT: 9995
  #EF_FLOW_SERVER_UDP_PACKET_STREAM_MAX_SIZE:
  #EF_FLOW_SERVER_UDP_READ_BUFFER_MAX_SIZE: 33554432
  #UNICOLLD_SERVER_UDP_PORT: 9595
  COLLECTD_DOCKER_APP: 'elk'
  COLLECTD_DOCKER_TASK: 'elastiflow'
  EF_FLOW_DECODER_ENRICH_APP_CACHE_SIZE: 262144
  EF_FLOW_DECODER_ENRICH_APP_USERDEF_ENABLE: 'true'
  EF_FLOW_DECODER_ENRICH_APP_USERDEF_PATH: 'settings/apps_user_defined.yml'
  EF_FLOW_DECODER_ENRICH_APP_USERDEF_PRIVATE: 'true'
  EF_FLOW_DECODER_ENRICH_APP_USERDEF_PUBLIC: 'true'
  EF_FLOW_DECODER_ENRICH_ASN_LOOKUP: 'maxmind'
  EF_FLOW_DECODER_ENRICH_ASN_PREF: 'lookup'
  EF_FLOW_DECODER_ENRICH_DNS_CACHE_SIZE: 524288
  EF_FLOW_DECODER_ENRICH_DNS_ENABLE: 'false'
  EF_FLOW_DECODER_ENRICH_DNS_RESOLVE_EXPORTER: 'true'
  EF_FLOW_DECODER_ENRICH_DNS_RESOLVE_IPS: 'all'
  EF_FLOW_DECODER_ENRICH_DNS_RESOLVE_PRIVATE: 'true'
  EF_FLOW_DECODER_ENRICH_DNS_RESOLVE_PUBLIC: 'true'
  EF_FLOW_DECODER_ENRICH_DNS_USERDEF_ENABLE: 'false'
  EF_FLOW_DECODER_ENRICH_DNS_USERDEF_PATH: 'settings/hostnames_user_defined.yml'
  EF_FLOW_DECODER_ENRICH_GEOIP_LOOKUP: 'maxmind'
  EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_CACHE_SIZE: 262144
  EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_ENABLE: 'true'
  EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_LANG: 'en'
  EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_PATH: 'maxmind/GeoLite2-City.mmdb'
  EF_FLOW_DECODER_ENRICH_MAXMIND_GEOIP_VALUES: 'city,country,country_code,location,timezone'
  EF_FLOW_DECODER_ENRICH_SNMP_COMMUNITY: 'w01f5paw'
  EF_FLOW_DECODER_ENRICH_SNMP_ENABLE: 'true'
  EF_FLOW_LOGGER_ENCODING: 'json'
  EF_FLOW_LOGGER_FILE_LOG_COUNT: 4
  EF_FLOW_LOGGER_FILE_LOG_DIR: '/var/log/elastiflow/flowcoll'
  EF_FLOW_LOGGER_FILE_LOG_ENABLE: 'false'
  EF_FLOW_LOGGER_FILE_LOG_INTERVAL: 'weekly'
  EF_FLOW_LOGGER_FILE_LOG_SIZE: '10MB'
  EF_FLOW_LOGGER_LEVEL: 'warn'
  EF_FLOW_OUTPUT_ELASTICSEARCH_ADDRESSES: 'elasticsearch:9200'
  EF_FLOW_OUTPUT_ELASTICSEARCH_BATCH_DEADLINE: 2000
  EF_FLOW_OUTPUT_ELASTICSEARCH_BATCH_MAX_BYTES: 8388608
  EF_FLOW_OUTPUT_ELASTICSEARCH_ECS_ENABLE: 'false'
  EF_FLOW_OUTPUT_ELASTICSEARCH_ENABLE: 'true'
  EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_PERIOD: 'daily'
  EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_SUFFIX: ''
  EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_ENABLE: 'true'
  EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_OVERWRITE: 'true'
  EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_REPLICAS: 0
  EF_FLOW_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_SHARDS: 10
  EF_FLOW_OUTPUT_ELASTICSEARCH_PASSWORD: 'changeme'
  EF_FLOW_OUTPUT_ELASTICSEARCH_POOL_SIZE:
  EF_FLOW_OUTPUT_ELASTICSEARCH_TIMESTAMP_SOURCE: 'end'
  EF_FLOW_OUTPUT_ELASTICSEARCH_USERNAME: 'elastic'
  UNICOLLD_DECODER_ENRICH_ASN_LOOKUP: 'maxmind'
  UNICOLLD_DECODER_ENRICH_DNS_RESOLVE_IPS: 'all'
  UNICOLLD_DECODER_ENRICH_GEOIP_LOOKUP: 'maxmind'
  UNICOLLD_DECODER_ENRICH_SNMP_COMMUNITY: 'w01f5paw'
  UNICOLLD_DECODER_ENRICH_SNMP_ENABLE: 'true'
  UNICOLLD_LICENSED_CORES: 1
  UNICOLLD_OUTPUT_ELASTICSEARCH_ADDRESSES: 'elasticsearch:9200'
  UNICOLLD_OUTPUT_ELASTICSEARCH_ENABLE: 'true'
  UNICOLLD_OUTPUT_ELASTICSEARCH_INDEX_TEMPLATE_SHARDS: 10
  UNICOLLD_OUTPUT_ELASTICSEARCH_PASSWORD: 'changeme'
  UNICOLLD_OUTPUT_ELASTICSEARCH_USERNAME: 'elastic'
  UNICOLLD_OUTPUT_RISKIQ_ENABLE: 'false'
  UNICOLLD_SERVER_UDP_IP: '198.18.41.99'
  UNICOLLD_SERVER_UDP_PORT: 9995