<?xml version="1.0" encoding="UTF-8"?> <!-- flow-accounting configuration --> <interfaceDefinition> <node name="system"> <children> <node name="flow-accounting" owner="${vyos_conf_scripts_dir}/flow_accounting_conf.py"> <properties> <help>Flow accounting settings</help> <priority>990</priority> </properties> <children> <leafNode name="buffer-size"> <properties> <help>Buffer size</help> <valueHelp> <format>u32</format> <description>Buffer size in MiB</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-4294967295" /> </constraint> </properties> </leafNode> <leafNode name="enable-egress"> <properties> <help>Enable egress flow accounting</help> <valueless /> </properties> </leafNode> <leafNode name="disable-imt"> <properties> <help>Disable in memory table plugin</help> <valueless /> </properties> </leafNode> <leafNode name="syslog-facility"> <properties> <help>Syslog facility for flow-accounting</help> <completionHelp> <list>auth authpriv cron daemon kern lpr mail mark news protocols security syslog user uucp local0 local1 local2 local3 local4 local5 local6 local7 all</list> </completionHelp> <valueHelp> <format>auth</format> <description>Authentication and authorization</description> </valueHelp> <valueHelp> <format>authpriv</format> <description>Non-system authorization</description> </valueHelp> <valueHelp> <format>cron</format> <description>Cron daemon</description> </valueHelp> <valueHelp> <format>daemon</format> <description>System daemons</description> </valueHelp> <valueHelp> <format>kern</format> <description>Kernel</description> </valueHelp> <valueHelp> <format>lpr</format> <description>Line printer spooler</description> </valueHelp> <valueHelp> <format>mail</format> <description>Mail subsystem</description> </valueHelp> <valueHelp> <format>mark</format> <description>Timestamp</description> </valueHelp> <valueHelp> <format>news</format> <description>USENET subsystem</description> </valueHelp> <valueHelp> <format>protocols</format> <description>Routing protocols (local7)</description> </valueHelp> <valueHelp> <format>security</format> <description>Authentication and authorization</description> </valueHelp> <valueHelp> <format>syslog</format> <description>Authentication and authorization</description> </valueHelp> <valueHelp> <format>user</format> <description>Application processes</description> </valueHelp> <valueHelp> <format>uucp</format> <description>UUCP subsystem</description> </valueHelp> <valueHelp> <format>local0</format> <description>Local facility 0</description> </valueHelp> <valueHelp> <format>local1</format> <description>Local facility 1</description> </valueHelp> <valueHelp> <format>local2</format> <description>Local facility 2</description> </valueHelp> <valueHelp> <format>local3</format> <description>Local facility 3</description> </valueHelp> <valueHelp> <format>local4</format> <description>Local facility 4</description> </valueHelp> <valueHelp> <format>local5</format> <description>Local facility 5</description> </valueHelp> <valueHelp> <format>local6</format> <description>Local facility 6</description> </valueHelp> <valueHelp> <format>local7</format> <description>Local facility 7</description> </valueHelp> <valueHelp> <format>all</format> <description>Authentication and authorization</description> </valueHelp> <constraint> <regex>^(auth|authpriv|cron|daemon|kern|lpr|mail|mark|news|protocols|security|syslog|user|uucp|local0|local1|local2|local3|local4|local5|local6|local7|all)$</regex> </constraint> </properties> </leafNode> <leafNode name="interface"> <properties> <help>Interface for flow-accounting [REQUIRED]</help> <completionHelp> <script>${vyos_completion_dir}/list_interfaces.py</script> </completionHelp> <multi/> </properties> </leafNode> <node name="netflow"> <properties> <help>NetFlow settings</help> </properties> <children> <leafNode name="engine-id"> <properties> <help>NetFlow engine-id</help> <valueHelp> <format>0-255 or 0-255:0-255</format> <description>NetFlow engine-id for v5</description> </valueHelp> <valueHelp> <format>u32</format> <description>NetFlow engine-id for v9 / IPFIX</description> </valueHelp> <constraint> <regex>(\d|[1-9]\d{1,8}|[1-3]\d{9}|4[01]\d{8}|42[0-8]\d{7}|429[0-3]\d{6}|4294[0-8]\d{5}|42949[0-5]\d{4}|429496[0-6]\d{3}|4294967[01]\d{2}|42949672[0-8]\d|429496729[0-5])$|^(\d|[1-9]\d|1\d{2}|2[0-4]\d|25[0-5]):(\d|[1-9]\d|1\d{2}|2[0-4]\d|25[0-5])$</regex> </constraint> </properties> </leafNode> <leafNode name="max-flows"> <properties> <help>NetFlow maximum flows</help> <valueHelp> <format>u32</format> <description>NetFlow maximum flows</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-4294967295" /> </constraint> </properties> </leafNode> <leafNode name="sampling-rate"> <properties> <help>NetFlow sampling-rate</help> <valueHelp> <format>u32</format> <description>Sampling rate (1 in N packets)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-4294967295" /> </constraint> </properties> </leafNode> <leafNode name="source-ip"> <properties> <help>IPv4 or IPv6 source address of NetFlow packets</help> <valueHelp> <format>ipv4</format> <description>IPv4 source address of NetFlow packets</description> </valueHelp> <valueHelp> <format>ipv6</format> <description>IPv6 source address of NetFlow packets</description> </valueHelp> <constraint> <validator name="ipv4-address"/> <validator name="ipv6-address"/> </constraint> </properties> </leafNode> <leafNode name="version"> <properties> <help>NetFlow version to export</help> <completionHelp> <list>5 9 10</list> </completionHelp> <valueHelp> <format>5</format> <description>NetFlow version 5</description> </valueHelp> <valueHelp> <format>9</format> <description>NetFlow version 9 (default)</description> </valueHelp> <valueHelp> <format>10</format> <description>Internet Protocol Flow Information Export (IPFIX)</description> </valueHelp> </properties> </leafNode> <tagNode name="server"> <properties> <help>Server to export NetFlow [REQUIRED]</help> <valueHelp> <format>ipv4</format> <description>IPv4 server to export NetFlow</description> </valueHelp> <valueHelp> <format>ipv6</format> <description>IPv6 server to export NetFlow</description> </valueHelp> <constraint> <validator name="ipv4-address"/> <validator name="ipv6-address"/> </constraint> </properties> <children> <leafNode name="port"> <properties> <help>NetFlow port number</help> <valueHelp> <format>u32:1025-65535</format> <description>NetFlow port number (default 2055)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1025-65535" /> </constraint> </properties> </leafNode> </children> </tagNode> <node name="timeout"> <properties> <help>NetFlow timeout values</help> </properties> <children> <leafNode name="expiry-interval"> <properties> <help>Expiry scan interval</help> <valueHelp> <format>0-2147483647</format> <description>Expiry scan interval (default 60)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-2147483647" /> </constraint> </properties> </leafNode> <leafNode name="flow-generic"> <properties> <help>Generic flow timeout value</help> <valueHelp> <format>0-2147483647</format> <description>Generic flow timeout in seconds (default 3600)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-2147483647" /> </constraint> </properties> </leafNode> <leafNode name="icmp"> <properties> <help>ICMP timeout value</help> <valueHelp> <format>0-2147483647</format> <description>ICMP timeout in seconds (default 300)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-2147483647" /> </constraint> </properties> </leafNode> <leafNode name="max-active-life"> <properties> <help>Max active timeout value</help> <valueHelp> <format>0-2147483647</format> <description>Max active timeout in seconds (default 604800)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-2147483647" /> </constraint> </properties> </leafNode> <leafNode name="tcp-fin"> <properties> <help>TCP finish timeout value</help> <valueHelp> <format>0-2147483647</format> <description>TCP FIN timeout in seconds (default 300)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-2147483647" /> </constraint> </properties> </leafNode> <leafNode name="tcp-generic"> <properties> <help>TCP generic timeout value</help> <valueHelp> <format>0-2147483647</format> <description>TCP generic timeout in seconds (default 3600)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-2147483647" /> </constraint> </properties> </leafNode> <leafNode name="tcp-rst"> <properties> <help>TCP reset timeout value</help> <valueHelp> <format>0-2147483647</format> <description>TCP RST timeout in seconds (default 120)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-2147483647" /> </constraint> </properties> </leafNode> <leafNode name="udp"> <properties> <help>UDP timeout value</help> <valueHelp> <format>0-2147483647</format> <description>UDP timeout in seconds (default 300)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-2147483647" /> </constraint> </properties> </leafNode> </children> </node> </children> </node> <node name="sflow"> <properties> <help>sFlow settings</help> </properties> <children> <leafNode name="agent-address"> <properties> <help>sFlow agent IPv4 address</help> <valueHelp> <format>auto</format> <description>auto select sFlow agent-address (default)</description> </valueHelp> <valueHelp> <format>ipv4</format> <description>sFlow IPv4 agent address</description> </valueHelp> <constraint> <validator name="ipv4-address"/> <regex>^auto$</regex> </constraint> </properties> </leafNode> <leafNode name="sampling-rate"> <properties> <help>sFlow sampling-rate</help> <valueHelp> <format>u32</format> <description>Sampling rate (1 in N packets)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 0-4294967295" /> </constraint> </properties> </leafNode> <tagNode name="server"> <properties> <help>Server to export sFlow [REQUIRED]</help> <valueHelp> <format>ipv4</format> <description>IPv4 server to export sFlow</description> </valueHelp> <valueHelp> <format>ipv6</format> <description>IPv6 server to export sFlow</description> </valueHelp> <constraint> <validator name="ipv4-address"/> <validator name="ipv6-address"/> </constraint> </properties> <children> <leafNode name="port"> <properties> <help>sFlow port number</help> <valueHelp> <format>u32:1025-65535</format> <description>sFlow port number (default 6343)</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1025-65535" /> </constraint> </properties> </leafNode> </children> </tagNode> </children> </node> </children> </node> </children> </node> </interfaceDefinition>