diff options
| author | wangkuan <[email protected]> | 2023-12-28 14:18:04 +0800 |
|---|---|---|
| committer | wangkuan <[email protected]> | 2023-12-28 14:18:04 +0800 |
| commit | 16b7d549222adf2b78ee38c34d37dcb410f736dc (patch) | |
| tree | 0e2726f151f288cf23b5678cd1e4f387f20f2054 /config | |
| parent | 86e634cf8b5b5579b324a98b1876b1a1bf1c2cf0 (diff) | |
[feature][core]知识库文件加载方式改为动态获取。
Diffstat (limited to 'config')
| -rw-r--r-- | config/grootstream.yaml | 13 | ||||
| -rw-r--r-- | config/grootstream_job_template.yaml | 19 |
2 files changed, 24 insertions, 8 deletions
diff --git a/config/grootstream.yaml b/config/grootstream.yaml index 4aa7ef9..58f8d1a 100644 --- a/config/grootstream.yaml +++ b/config/grootstream.yaml @@ -4,15 +4,18 @@ grootstream: type: asnlookup properties: fs_type: hos - fs_default_path: http://path + fs_default_path: http://192.168.44.12:9999/v1/knowledge_base?kb_id= files: - - http://192.168.44.12:9098/hos/knowledge_base_bucket/757732ce-8214-4c34-aea2-aca6c51a7e82-YXNuX2J1aWx0aW4=.mmdb - + # - http://192.168.44.12:9098/hos/knowledge_base_bucket/757732ce-8214-4c34-aea2-aca6c51a7e82-YXNuX2J1aWx0aW4=.mmdb + - f9f6bc91-2142-4673-8249-e097c00fe1ea - name: tsg_geoiplookup type: geoiplookup + properties: + fs_type: hos + fs_default_path: http://192.168.44.12:9999/v1/knowledge_base?kb_id= files: - - 7ce2f9890950ba90-fcc25696bf11a8a0 - - 7ce2f9890950ba90-71f13b3736863ddb + - 64af7077-eb9b-4b8f-80cf-2ceebc89bea9 + - 004390bc-3135-4a6f-a492-3662ecb9e289 properties: hos.path: http://192.168.44.12:8089 hos.bucket.name.traffic_file: traffic_file_bucket diff --git a/config/grootstream_job_template.yaml b/config/grootstream_job_template.yaml index c5bc99b..9bfc501 100644 --- a/config/grootstream_job_template.yaml +++ b/config/grootstream_job_template.yaml @@ -93,7 +93,15 @@ processing_pipelines: properties: key: value functions: # [array of object] Function List - + - function: GEOIP_LOOKUP + lookup_fields: [ server_ip ] + output_fields: [ server_asn ] + parameters: + vendor_id: tsg_geoiplookup + option: IP_TO_OBJECT + geolocation_field_mapping: + COUNTRY: client_country_region + PROVINCE: client_super_admin_area - function: ASN_LOOKUP lookup_fields: [ server_ip ] output_fields: [ server_asn ] @@ -120,14 +128,14 @@ processing_pipelines: output_fields: [ data_center ] filter: parameters: - param: $.tags[?(@.tag=='data_center')][0].value + value_expression: $.tags[?(@.tag=='data_center')][0].value - function: JSON_EXTRACT lookup_fields: [ device_tag ] output_fields: [ device_group ] filter: parameters: - param: $.tags[?(@.tag=='device_group')][0].value + value_expression: $.tags[?(@.tag=='device_group')][0].value - function: CURRENT_UNIX_TIMESTAMP output_fields: [ processing_time ] @@ -140,6 +148,11 @@ processing_pipelines: parameters: precision: seconds + - function: EVAL + output_fields: [ ingestion_time ] + parameters: + value_expression: recv_time + - function: DOMAIN lookup_fields: [ http_host,ssl_sni,dtls_sni,quic_sni ] output_fields: [ server_domain ] |