diff --git a/ansible/install_config/group_vars/rpm_version.yml b/ansible/install_config/group_vars/rpm_version.yml index 8e5e912a..da62e0b3 100644 --- a/ansible/install_config/group_vars/rpm_version.yml +++ b/ansible/install_config/group_vars/rpm_version.yml @@ -3,7 +3,7 @@ certstore_rpm_version: firewall_rpm_version: conn_telemetry: conn_telemetry-1.0.3.4ef6df6 - firewall: firewall-3.2.16.a0334ca + firewall: firewall-3.2.17.041fe8e glimpse_detector: glimpse_detector-3.0.3.5555ba7 qdpi_detector: qdpi_detector-4.0.5.5cd1ccb #tsg_ddos_sketch: tsg_ddos_sketch-2.0.2.35e03d0 diff --git a/ansible/roles/firewall/templates/main.conf.j2.j2 b/ansible/roles/firewall/templates/main.conf.j2.j2 index 04348fa5..82cdb6e1 100644 --- a/ansible/roles/firewall/templates/main.conf.j2.j2 +++ b/ansible/roles/firewall/templates/main.conf.j2.j2 @@ -28,10 +28,6 @@ SEND_TRANSACTION_RECORD=1 SEND_TRANSACTION_RECORD=0 {% endif %} {% endraw %} -TCP_MIN_PKTS=3 -TCP_MIN_BYTES=5 -UDP_MIN_PKTS=3 -UDP_MIN_BYTES=5 [SYSTEM] NIC_NAME="{{ control_and_policy.nic_name }}" diff --git a/ansible/roles/traffic-engine/files/helm/conf/firewall_logger_transmitter_schema.json b/ansible/roles/traffic-engine/files/helm/conf/firewall_logger_transmitter_schema.json index ee768f92..77092fb8 100644 --- a/ansible/roles/traffic-engine/files/helm/conf/firewall_logger_transmitter_schema.json +++ b/ansible/roles/traffic-engine/files/helm/conf/firewall_logger_transmitter_schema.json @@ -37,6 +37,7 @@ "switch": "on", "async": "off", "name": "IPFIX-TEMPLATE", + "topic": "IPFIX-TEMPLATE", "mode": [ { "channel": "udpsock", @@ -55,6 +56,7 @@ {{- end }} "async": "on", "name": "SESSION-RECORD", + "topic": "SESSION-RECORD", "mode": [ {{- if eq .Values.external_resources.olap.udp_collectors.enable .Values.define_enable_val_yes }} { @@ -73,13 +75,14 @@ ] }, { - {{- if eq .Values.session_record.enable .Values.define_enable_val_yes }} + {{- if eq .Values.define_enable_val_yes .Values.transaction_record.enable_http }} "switch": "on", {{- else }} "switch": "off", {{- end }} "async": "on", - "name": "TRANSACTION-RECORD", + "name": "HTTP-TRANSACTION-RECORD", + "topic": "TRANSACTION-RECORD", "mode": [ { "channel": "kafka", @@ -90,9 +93,68 @@ ] }, { + {{- if eq .Values.define_enable_val_yes .Values.transaction_record.enable_mail }} "switch": "on", + {{- else }} + "switch": "off", + {{- end }} "async": "on", - "name": "VOIP-RECORD", + "name": "MAIL-TRANSACTION-RECORD", + "topic": "TRANSACTION-RECORD", + "mode": [ + { + "channel": "kafka", + "format": [ + "json" + ] + } + ] + }, + { + {{- if eq .Values.define_enable_val_yes .Values.transaction_record.enable_dns }} + "switch": "on", + {{- else }} + "switch": "off", + {{- end }} + "async": "on", + "name": "DNS-TRANSACTION-RECORD", + "topic": "TRANSACTION-RECORD", + "mode": [ + { + "channel": "kafka", + "format": [ + "json" + ] + } + ] + }, + { + {{- if eq .Values.define_enable_val_yes .Values.voip_record.enable_sip }} + "switch": "on", + {{- else }} + "switch": "off", + {{- end }} + "async": "on", + "name": "SIP-VOIP-RECORD", + "topic": "VOIP-RECORD", + "mode": [ + { + "channel": "kafka", + "format": [ + "json" + ] + } + ] + }, + { + {{- if eq .Values.define_enable_val_yes .Values.voip_record.enable_rtp }} + "switch": "on", + {{- else }} + "switch": "off", + {{- end }} + "async": "on", + "name": "RTP-VOIP-RECORD", + "topic": "VOIP-RECORD", "mode": [ { "channel": "kafka", @@ -109,7 +171,8 @@ "switch": "off", {{- end }} "async": "on", - "name": "TRAFFIC-FILE-STREAM-RECORD", + "name": "POLICY-PACKET-TRAFFIC-FILE-STREAM-RECORD", + "topic": "TRAFFIC-FILE-STREAM-RECORD", "mode": [ { "channel": "kafka", @@ -120,9 +183,86 @@ ] }, { + {{- if eq .Values.file_stream_record.enable .Values.define_enable_val_yes }} "switch": "on", + {{- else }} + "switch": "off", + {{- end }} + "async": "on", + "name": "HTTP-REQ-BODY-TRAFFIC-FILE-STREAM-RECORD", + "topic": "TRAFFIC-FILE-STREAM-RECORD", + "mode": [ + { + "channel": "kafka", + "format": [ + "mpack" + ] + } + ] + }, + { + {{- if eq .Values.file_stream_record.enable .Values.define_enable_val_yes }} + "switch": "on", + {{- else }} + "switch": "off", + {{- end }} + "async": "on", + "name": "HTTP-RES-BODY-TRAFFIC-FILE-STREAM-RECORD", + "topic": "TRAFFIC-FILE-STREAM-RECORD", + "mode": [ + { + "channel": "kafka", + "format": [ + "mpack" + ] + } + ] + }, + { + {{- if eq .Values.file_stream_record.enable .Values.define_enable_val_yes }} + "switch": "on", + {{- else }} + "switch": "off", + {{- end }} + "async": "on", + "name": "MAIL-EML-TRAFFIC-FILE-STREAM-RECORD", + "topic": "TRAFFIC-FILE-STREAM-RECORD", + "mode": [ + { + "channel": "kafka", + "format": [ + "mpack" + ] + } + ] + }, + { + {{- if eq .Values.file_stream_record.enable .Values.define_enable_val_yes }} + "switch": "on", + {{- else }} + "switch": "off", + {{- end }} + "async": "on", + "name": "RTP-PACKET-TRAFFIC-FILE-STREAM-RECORD", + "topic": "TRAFFIC-FILE-STREAM-RECORD", + "mode": [ + { + "channel": "kafka", + "format": [ + "mpack" + ] + } + ] + }, + { + {{- if eq .Values.define_enable_val_yes .Values.packet_capture.enable }} + "switch": "on", + {{- else }} + "switch": "off", + {{- end }} "async": "on", "name": "TROUBLESHOOTING-FILE-STREAM-RECORD", + "topic": "TROUBLESHOOTING-FILE-STREAM-RECORD", "mode": [ { "channel": "kafka", @@ -136,6 +276,7 @@ "switch": "on", "async": "off", "name": "DOS-SKETCH-RECORD", + "topic": "DOS-SKETCH-RECORD", "mode": [ { "channel": "kafka", @@ -149,6 +290,7 @@ "switch": "on", "async": "off", "name": "POLICY-RULE-METRIC", + "topic": "POLICY-RULE-METRIC", "mode": [ { "channel": "kafka", @@ -162,6 +304,7 @@ "switch": "on", "async": "off", "name": "NETWORK-TRAFFIC-METRIC", + "topic": "NETWORK-TRAFFIC-METRIC", "mode": [ { "channel": "kafka", @@ -175,6 +318,7 @@ "switch": "on", "async": "off", "name": "TRAFFIC-TOP-METRIC", + "topic": "TRAFFIC-TOP-METRIC", "mode": [ { "channel": "kafka", @@ -188,6 +332,7 @@ "switch": "on", "async": "off", "name": "STATISTICS-RULE-METRIC", + "topic": "STATISTICS-RULE-METRIC", "mode": [ { "channel": "kafka", @@ -201,6 +346,7 @@ "switch": "on", "async": "off", "name": "OBJECT-STATISTICS-METRIC", + "topic": "OBJECT-STATISTICS-METRIC", "mode": [ { "channel": "kafka", diff --git a/ansible/roles/traffic-engine/files/helm/conf/main.conf b/ansible/roles/traffic-engine/files/helm/conf/main.conf index 1900854e..532e431c 100644 --- a/ansible/roles/traffic-engine/files/helm/conf/main.conf +++ b/ansible/roles/traffic-engine/files/helm/conf/main.conf @@ -25,41 +25,6 @@ SEND_DNS_RR_SWITCH=1 {{- else }} SEND_DNS_RR_SWITCH=0 {{- end }} -SEND_INTERCEPT_LOG=1 -TCP_MIN_PKTS=3 -TCP_MIN_BYTES=5 -UDP_MIN_PKTS=3 -UDP_MIN_BYTES=5 -{{- if eq .Values.define_enable_val_yes .Values.transaction_record.enable_http }} -SEND_HTTP_TRANSACTION_RECORD=1 -{{- else }} -SEND_HTTP_TRANSACTION_RECORD=0 -{{- end }} -{{- if eq .Values.define_enable_val_yes .Values.transaction_record.enable_dns }} -SEND_DNS_TRANSACTION_RECORD=1 -{{- else }} -SEND_DNS_TRANSACTION_RECORD=0 -{{- end }} -{{- if eq .Values.define_enable_val_yes .Values.transaction_record.enable_mail }} -SEND_MAIL_TRANSACTION_RECORD=1 -{{- else }} -SEND_MAIL_TRANSACTION_RECORD=0 -{{- end }} -{{- if eq .Values.define_enable_val_yes .Values.voip_record.enable_sip }} -SEND_SIP_RECORD=1 -{{- else }} -SEND_SIP_RECORD=0 -{{- end }} -{{- if eq .Values.define_enable_val_yes .Values.voip_record.enable_rtp }} -SEND_RTP_RECORD=1 -{{- else }} -SEND_RTP_RECORD=0 -{{- end }} -{{- if eq .Values.define_enable_val_yes .Values.packet_capture.enable }} -ENFORCE_TROUBLESHOOTING_SWITCH=1 -{{- else }} -ENFORCE_TROUBLESHOOTING_SWITCH=0 -{{- end }} [SYSTEM] DATACENTER_ID={{ .Values.session_id_generator.snowflake_worker_id_base }}