-
Notifications
You must be signed in to change notification settings - Fork 451
/
manifest.yml
94 lines (94 loc) · 3.28 KB
/
manifest.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
title: NetFlow logs
type: logs
streams:
- input: netflow
template_path: netflow.yml.hbs
title: Collect NetFlow logs
description: Collect NetFlow logs using the netflow input
vars:
- name: host
type: text
title: UDP host to listen on
multi: false
required: true
show_user: true
default: localhost
- name: port
type: integer
title: UDP port to listen on
multi: false
required: true
show_user: true
default: 2055
- name: expiration_timeout
type: text
title: Time duration before an idle session or unused template is expired. Valid time units are h, m, s.
multi: false
required: true
show_user: false
default: 30m
- name: internal_networks
type: text
title: Internal Networks
description: List of CIDR ranges describing the IP addresses that is considered internal. This is used in determining the values of `source.locality`, `destination.locality`, and `flow.locality`. The values can be either a CIDR value or one of the named ranges supported by the <<condition-network, `network`>> condition. The default value is `[private]` which classifies RFC 1918 (IPv4) and RFC 4193 (IPv6) addresses as internal.
multi: true
required: false
show_user: true
- name: queue_size
type: integer
title: Maximum number of packets that can be queued for processing
multi: false
required: true
show_user: false
default: 8192
- name: read_buffer
type: text
title: Read Buffer Size
description: |
Sets the size of the OS read buffer on the UDP socket in the format KiB/MiB, an example would be: 10KiB. If it is not set, the existing operating system's default value is used.
required: false
show_user: false
- name: custom_definitions
type: text
title: Custom definitions
multi: true
required: false
show_user: false
default: ""
- name: detect_sequence_reset
type: bool
title: Whether to detect sequence reset
multi: false
required: true
show_user: false
default: true
- name: max_message_size
type: text
title: Maximum size of the message received over UDP
multi: false
required: true
show_user: false
default: 10KiB
- name: tags
type: text
title: Tags
multi: true
required: false
show_user: false
default:
- netflow
- forwarded
- name: timeout
type: text
title: Read timeout for socket operations. Valid time units are ns, us, ms, s, m, h.
multi: false
required: false
show_user: false
- name: processors
type: yaml
title: Processors
multi: false
required: false
show_user: false
description: >-
Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.