How to read socket when using sink-socket plugin
Hi, I'm trying to use the sink-socket plugin to write flows to a dedicated socket (/var/run/netifyd/netifyd.sock), but when I read with nc, it shows nothing. Could you recommend any options or configurations to read flows from a UNIX socket? I used to read them in a JSON format in the previous version (v4.4.x).
This is my current configuration:
netifyd.conf:
# Netify Agent configuration
# Copyright (C) 2016-2023 eGloo Incorporated
#
# This is free software, licensed under the GNU General Public License v3.
#
# Read the netifyd.conf(5) man page for documentation.
# See /usr/share/netifyd/netifyd-sample.conf for all possible options.
#
##############################################################################
[netifyd]
# Don't track TCP flows until a SYN+ACK has been captured.
syn_scan_protection = no
# Where to store "volatile" data (temporary state files).
# The value for this attribute can be referenced throughout this configuration
# file using the ${path_state_volatile} variable.
path_state_volatile = /var/run/netifyd
# Where to store "persistent" data (configuration files).
# The value for this attribute can be referenced throughout this configuration
# file using the ${path_state_persistent} variable.
path_state_persistent = /etc/netifyd
# Where to save our PID for: netifyd --status
path_pid_file = ${path_state_volatile}/netifyd.pid
update_interval = 7
max_detection_pkts = 16
ttl_idle_flow = 15
ttl_idle_tcp_flow = 150
# Protocol Dissector Options
##############################################################################
[protocols]
# Enable all DPI protocol dissectors
all=include
# Capture Defaults
##############################################################################
[capture-defaults]
# Default capture method for -I and -E command-line options.
# Valid types include: pcap, tpv3
capture_type = pcap
# vim: set ft=dosini :netifyd:
# Netify Agent command-line options
# Copyright (C) 2016-2022 eGloo Incorporated
#
# This is free software, licensed under the GNU General Public License v3.
#
# See the netifyd(8) manual for common options.
# Auto-detect (when possible) network ineterface roles (yes/no)?
NETIFYD_AUTODETECT="no"
# Set desired custom options here:
# NETIFYD_EXTRA_OPTS="-j /home/ubuntu/capture.json"
# Define internal network interfaces and if needed, corresponding network
# addresses. Normally network addresses are discovered via Netlink but for
# cases where Netlink is unavailable or when capturing from a mirrored port,
# they should be specified as a comma-delimited list as shown below:
# NETIFYD_INTNET="eth1 eth2 eth3,192.168.0.0/24,10.0.0.0/16"
NETIFYD_INTNET="wg0"
# Define external network interfaces. For PPPoE interfaces, you can optionally
# specify the associated physical ethernet interface to set the MAC address.
# NETIFYD_EXTNET="eth4 ppp0,eth5"
NETIFYD_EXTNET="enp0s3"netify-sink-socket-json:
{
"default_port": 1750,
"channels": {
"default": {
"enable": true,
"bind_address": "unix://${path_state_volatile}/netifyd.sock"
},
"example-tcp": {
"enable": false,
"bind_address": "tcp://0.0.0.0:1750"
},
"example-ws": {
"enable": false,
"bind_address": "ws://0.0.0.0:1760"
}
}
}10-netify-sink-socket.conf:
# Netify Agent Socket Sink Plugin Loader
# Copyright (C) 2023 eGloo Incorporated
#
# This is free software, licensed under the GNU General Public License v3.
#
##############################################################################
[sink-socket]
enable = yes
plugin_library = /usr/lib/libnetify-sink-socket.so.0.0.0
conf_filename = ${path_state_persistent}/netify-sink-socket.json
# vim: set ft=dosini :netifyd status:
The problem occurred when I did the following command (hostname is blurred out for security reason):
