From c81679f05b959f2a643c174690b6fa556a28d81a Mon Sep 17 00:00:00 2001 From: Michal Sedlak Date: Mon, 2 Sep 2024 10:33:05 +0200 Subject: [PATCH] FDS Output: expand README with documentation --- src/plugins/output/fds/README.rst | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/src/plugins/output/fds/README.rst b/src/plugins/output/fds/README.rst index 3ef8ada1..e36f6f73 100644 --- a/src/plugins/output/fds/README.rst +++ b/src/plugins/output/fds/README.rst @@ -28,6 +28,21 @@ Example configuration 300 yes + + iana:octetDeltaCount + iana@reverse:octetDeltaCount@reverse + iana:packetDeltaCount + iana@reverse:packetDeltaCount@reverse + iana:destinationIPv4Address + iana:destinationIPv6Address + iana:sourceIPv4Address + iana:sourceIPv6Address + iana:destinationTransportPort + iana:sourceTransportPort + iana:protocolIdentifier + cesnet:quicSNI + cesnet:TLSSNI + @@ -62,6 +77,20 @@ Parameters and window size is 5 minutes long, files will be created at 0, 5, 10, etc. [values: yes/no, default: yes] +:``outputSelection``: + Select only a subset of fields that will be saved in output. A list of IPFIX + elements is provided. Any fields of an element that are not a part of this list + will be skipped and not included in the resulting FDS output file. + Note that when + [default: all fields] + + :``element``: + The identifier of the IPFIX element in the form of ``SCOPE_NAME:ELEMENT_NAME``, + for example ``iana:sourceIPv4Address``. ``SCOPE_NAME:`` prefix can be omitted in + case of "iana:". + Note: Reverse elements use the following naming pattern + ``iana@reverse:sourceIPv4Address@reverse`` + :``asyncIO``: Allows to use asynchronous I/O for writing to the file. Usually when parts of the file are being written, the process is blocked on synchronous I/O