-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathconfig.yml
368 lines (368 loc) · 14.1 KB
/
config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
logger:
# debug will show all kinds of data being discarded
# trace will show all kinds of data being processed
# possible values: trace, debug, info, warn, error, fatal
# default: info
level: info
# possible values: console, json
# default: console
format: console
prometheus:
# default: false
enable: false
# default: /metrics
path: /metrics
# default: 9285
port: 9285
# define number of threads for parsing snmptrapd messages
# default: number of logical CPUs
parse_workers: 2
# correlate is a process to correlate/match raised & cleared notifications.
# snmptrap is usually used for alarms on network devices, and those devices
# usually send a trap when an alarm happened, and another trap when the alarm
# doesn't happen anymore. this module will check the previous raise alarm
# and inject information on clear alarm on how long the alarm has happened.
# this will add some latencies to the overall forwarding scheme
correlate:
# default: false
enable: true
# possible scheme: badger, redis, postgres, mysql
# badger: in-process database, kind of like sqlite but for kv store
# # persist data to /path/to/db directory, don't forget to mount
# # this directory as docker volume
# - badger:///path/to/db
# # store data in RAM, data will be discarded after restart
# # but faster in read/write access
# - badger://
# redis: minimum version 6.2.0
# default: badger://
backend_url: badger://
# specify how long you will keep data that doesn't have its clear counterpart
# if the clear event arrived, it will be automatically deleted
# default: 30d
ttl: 30d
# specify interval for cleanup if ttl is reached, only applicable to
# postgres and mysql backend
cleanup_interval: 1h
# define how long should a forwarder wait for its queue to flush during a shutdown event
# default: 5s
shutdown_wait_time: 0s
# specify timeout operation for the backend, ignored for badger backend
# default: 0 (no timeout)
timeout: 1s
# specify queue size for the correlate worker, adjusting this for
# badger backend doesn't really make sense since it's on the same process.
# when the queue is full, it goes straight to forwarders without any correlation
# process happening
# default: 10000
queue_size: 10000
# define number of threads for the correlate process
# default: 4
workers: 4
# be careful when enabling auto_retry, your messages will have delay if
# the backend has errors
auto_retry:
# default: false
enable: true
# default: 10
max_retries: 10
# default: 1s
min_delay: 1s
# default: 1h
max_delay: 1h
# define conditions to match a specific trap, it's evaluated in order.
# if no condition matches, no correlation process will be done
# default: empty
conditions:
- match: ip in [xxxx, yyyy]
# identifiers are used as a way to identify if the alarm points to the same event.
# it will be hashed internally, and stored at the backend
identifiers:
- source_ip
- OidValueString(value_list, ".1.2.3.4", true)
clear: OidValueString(value_list, ".1.2.3.4", true) == "normal"
forwarders:
# id is used for logging and prometheus label
- id: print_to_stdout
## these are common configs available for all type of forwarders
# the queue size for each forwarder, as forwarders are synchronous sent for each message,
# this might be helpful for slow connections
# you can set this to -1 for unbounded queue size, be careful as this might eat your RAM
# default: 10000
queue_size: 10000
auto_retry:
# default: false
enable: true
# default: 10
max_retries: 10
# default: 1s
min_delay: 1s
# default: 1h
max_delay: 1h
# define how long should a forwarder wait for its queue to flush during a shutdown event
# default: 5s
shutdown_wait_time: 0s
# time format uses golang time layout. there's also special keywords for unix format:
# - unix
# - unixMilli
# - unixMicro
# - unixNano
# default: 2006-01-02T15:04:05.999999999Z07:00
time_format: "2006-01-02T15:04:05.999999999Z07:00"
# all time fields will use this timezone for formatting
# default: local timezone for snmp message, as parsed for oid value
time_as_timezone: Asia/Jakarta
# json payload template
# see documentation of the syntax https://expr.medv.io/docs/Language-Definition
# variables is shown as if you don't use any templates
# possible variables: time, uptime_seconds, src_address, src_port, dst_address, dst_port,
# agent_address, pdu_version, snmp_version, community, enterprise_oid, enterprise_mib_name,
# user, context, description, trap_type, trap_sub_type, value_list
# possible functions:
# merges list of dictionary to dictionary
# - MergeMap(list of map) // key has to be string
# extract value by oid, and return any value
# - OidValueAny(value_list, oid_or_mib_name_string)
# extract value by oid, and return only number types, or try to cast any data to number
# - OidValueNumber(value_list, oid_or_mib_name_string, try_cast_boolean)
# extract value by oid, and return only string types, or try to cast any data to string
# - OidValueString(value_list, oid_or_mib_name_string, try_cast_boolean)
# - built-in functions as mentioned in https://expr.medv.io/docs/Language-Definition
# default: as mentioned on possible variables
json_format: '{"test": community, "test2": time, "values": MergeMap(map(value_list, { {(.mib_name): .value} }))}'
# if filter returns false, the message is dropped for this forwarder. this uses the same variables as json_format
# default: no default (unfiltered)
filter: 'community == "public"'
# the forwarder to use, possible values: file, kafka, mqtt, trap, zabbix_trapper
# you can only define one in each forwarder
file:
# path for output log. it's formatted as newline delimited json logs
# if path is empty, it will print to stdout. stderr is not possible since it's used by logging
path: /output.log
# path: ""
- id: kafka
kafka:
# list of kafka broker hosts
hosts:
- 127.0.0.1:9092
- 127.0.0.2:9092
# ssl/tls configuration to connect to kafka
# default: no tls
tls:
# trust any server certificate
# default: false
insecure_skip_verify: false
# path to ca cert
ca_cert: ""
# path to client cert, used for TLS authentication (mTLS)
client_cert: ""
# path to client key, used for TLS authentication (mTLS)
client_key: ""
# sasl authentication
# default: no sasl
sasl:
# sasl mechanism, possible values: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512
# default: PLAIN
mechanism: "PLAIN"
username: ""
password: ""
# define how sent kafka messages ask for acknowledgements
# possible values: none, one, all
# default: none
required_acks: "none"
# field name for kafka message's key. it's useful when you have multiple
# partitions on your kafka topic and want to route the same key to the same
# partition
# it is evaluated as a template, just like json_format
# default: no default
key_field: ""
# your kafka topic
# default: no default
topic: ""
# send messages to kafka when this many values are ready to be sent
# default: 100
batch_size: 100
# message batch will be sent at least after this many duration regardless
# of batch size
# default: 1s
batch_timeout: 1s
- id: mqtt
# kafka forwarder doesn't support auth yet
mqtt:
# list of mqtt broker hosts
hosts:
- tcp://127.0.0.1:1883
- ssl://127.0.0.1:8883
# websocket
- ws://127.0.0.1:80
# secure websocket
- wss://127.0.0.1:443
# according to the MQTT v3.1 specification, a client id must be no longer than 23 characters.
client_id: ""
username: ""
password: ""
# default: true
ordered: true
# no custom cert supported yet
tls:
insecure_skip_verify: false
# your mqtt topic
topic: ""
# qos level for mqtt message
# supported values: 0, 1, 2
# default: 0
qos: 0
- id: snmp trap
# forward to another snmp trap receiver/nms
# trap uses snmptrap/snmpinform command line provided by net-snmp package
trap:
# count of workers to spawn which will execute the snmptrap/snmpinform command
# this is useful if your connection is slow or has high throughput of messages
# to forward to
# default: 1
workers: 1
# set enable_inform to true if you wish to use inform.
# inform will wait for ack message from nms before terminating
# not all NMS support this
# default: false
enable_inform: false
host: 127.0.0.1:162
# define snmp version to use
# possible values: v1, v2c, v3
version: v2c
# community name to use for v1 and v2c snmp
community: public
# for snmp v3. omit privacy_passphrase if you wish to use authNoPriv.
# omit auth_passphrase if you wish to use noAuthNoPriv
user:
username: traptest
# set engine id to use
engine_id: ""
# possible values: MD5, SHA (alias for SHA-128), SHA-128, SHA-224, SHA-256, SHA-384, SHA-512
auth_type: SHA
auth_passphrase: testauth
# possible values: DES, AES (alias for AES-128), AES-128, AES-192, AES-256
privacy_protocol: AES
privacy_passphrase: testpriv
# for snmp v3. context name to use
context: name
- id: http
# forward to a http server. payload is in the http body
# request will be considered successful when receiving 2xx status code and retried otherwise
http:
# mandatory, URL to http server
url: https://localhost:8080/trap?token=xxxx
# default: POST
method: POST
# http headers to add to your requests in key: value format
# default: empty
headers:
Authorization:
- Bearer xxxx
# add http basic auth
# default: empty
basic_auth:
username: user
password: passwd
# ssl/tls configuration to connect to http server
# default: empty
tls:
# trust any server certificate
# default: false
insecure_skip_verify: false
# path to ca cert
ca_cert: ""
# path to client cert, used for TLS authentication (mTLS)
client_cert: ""
# path to client key, used for TLS authentication (mTLS)
client_key: ""
# proxy request to a http proxy
# default: empty
proxy: http://user:pass@localhost:3128
# timeout when making http request
# default: 5s
timeout: 5s
- id: zabbix trapper
# forward to zabbix server/zabbix proxy using zabbix trapper item
zabbix_trapper:
# default_* is used whenever host lookup fails:
# - no advanced config defined
# - proxy is defined in zabbix, but not defined in configuration
# - can't find monitored hostname
# - lookup strategy fails
# default_address and default_port can also be used in case the host
# is monitored directly with zabbix server and zabbix server
# is not configured as HA
default_address: 127.0.0.1
default_port: 10051
default_hostname: TestHost
item_key: snmptrap.json
# possible values: agent_address, source_address, oid
hostname_lookup_strategy: agent_address
# define oid/mib name to use when hostname_lookup_strategy is oid
oid_lookup: SNMPv2-MIB::sysName
# send trap to proxy, or lookup host by its address
advanced:
db_url: postgres://user:[email protected]:5432/dbname
db_refresh_interval: 15m
db_query_timeout: 5s
# define your proxies here, also zabbix server if you use HA configuration for zabbix server
proxies:
- hostname: zabbix-proxy-01
address: 127.0.0.1
port: 10051
- hostname: zabbix-server-ha-01
address: 127.0.0.2
port: 10051
- hostname: zabbix-server-ha-02
address: 127.0.0.3
port: 10051
snmptrapd:
# default: "udp:10162", "udp6:10162"
listening:
- "udp:10162"
- "udp6:10162"
# magic_begin and magic_end will be used as a separator for each snmptrapd message
# default: --TFWDBEGIN--
magic_begin: --TFWDBEGIN--
# default: --TFWDEND--
magic_end: --TFWDEND--
# define buffer size for reading snmptrapd log output, trap packet usually ranges from 1k - 5k
# and the default buffer_size should be enough
# default: 64k
buffer_size: 64k
additional_config: |
# WARNING: you have to know what you're doing, as it might break the application
# you can add additional config for snmptrapd.conf here, for example, adding tls/dtls connection config
auth:
# if this is disabled:
# - any v1/v2c community will work
# - v3 noAuthNoPriv will work regardless of no_auth/require_privacy config
# if this is enabled:
# - only listed v1/v2c communities will work
# - v3 will work on specified no_auth/require_privacy config
# default: false
enable: false
# community name list for v1 and v2
community:
- name: public
- name: test
# snmp v3 USM user list
user:
- username: traptest
# if set to true, user will be allowed to use noAuthNoPriv scheme
no_auth: false
# if set to true, user will only be allowed to use authPriv scheme
# no_auth config will be ignored if this is set to true
require_privacy: false
# set engine id to be allowed for this user
# required for snmptrap, not required for snmpinform
engine_id: "0x8000000001020304"
# possible values: MD5, SHA (alias for SHA-128), SHA-128, SHA-224, SHA-256, SHA-384, SHA-512
auth_type: SHA
# required
auth_passphrase: testauth
# possible values: DES, AES (alias for AES-128), AES-128, AES-192, AES-256
privacy_protocol: AES
# if this field is empty, it will use auth_passphrase field
privacy_passphrase: testpriv