Settings

Overview

You can make custom configuration changes to the Netify agent by modifying Netify's main configuration file, /etc/netifyd.conf. Changes made to this file remain persistent across reboots and upgrades.

The following list represents the supported sections in this ini-style configuration file:

  • netifyd
  • netify-api
  • capture-defaults
  • protocols
  • flow-hash-cache
  • dns-hint-cache
  • privacy-filter

On BSD-based systems, this file is located in /usr/local/etc/netifyd.conf.

Main

The main section name is:

[netifyd]

Auto Flow Expiry

Property auto_flow_expiry
Description When set to yes, TCP flows will not be tracked until a SYN+ACK has been captured.
Type string
Options yes, no
Default yes

Serial UUID Path

Property path_uuid_serial
Description The path to a script that returns a unique UUID for the agent. When set, this UUID will be sent in addition to the Agent UUID as a means of uniquely identifying the agent.
Type string

The path_uuid_serial field can be a regular file, containing a unique string, however this case is rarely used since the string must be exactly 32 bytes in length. More often, an integrator will add the path to an executable file that extracts the unique value. As an executable script, any length (providing enough entropy) can be used. Two examples are listed below:

Config
[netifyd]
..
.
path_uuid_serial = /usr/share/netifyd/get-serial.sh
Script Example 1 - Activation Key in File
/usr/share/netifyd/get-serial.sh
#/bin/sh
if [ -f /var/distro/activation ]; then
    cat /var/distro/activation
else
    echo '-'
fi
Script (get-serial.sh) Example 2 - Using Hardware Serial as Key
/usr/share/netifyd/get-serial.sh
#/bin/sh
dmidecode -s system-uuid

Netify API

Netify API is an optional RESTful API endpoint owned and maintained by eGloo Inc. for:

  • enabling application signature and category updates
  • enabling Netify Informatics
  • automating tracking/audit for OEM integrations

The API section is identified by:

[netify-api]
Property enable
Description By default, Netify API is disabled and will not connect to any resource outside of your network.
Type boolean
Options true, false
Default false
Property update_tick
Description Number of seconds between API check-ins.
Type integer
Default 30
Property update_interval
Description Number of seconds between API updates. An API update checks for things like a new application signature file.
Type integer
Default 86400
Property bootstrap_url
Description REST URL.
Type string
Default N/A - Please contact us for OEM details
Property tls_verify
Description Validate certificate - this should always be set to true or be undefined, except possibly in developer environments.
Type true, false
Default true
Property vendor
Description Vendor code.
Type string
Default N/A - Please contact us for OEM details

Protocols

The protocols section name is:

[protocols]
Property all
Description Enabling and disabling Protocol dissection can be an effective way to manage CPU resources.
Type string
Options include, exclude
Default include

DNS Hint Cache

The DNS Hint Cache (DHC) in the Netify Agent is a feature that is designed to aid or improve flow detection when protocol metadata may be lacking, for example, TLS without SNI.

The DHC system processes DNS responses. It stores the returned IP address and the associated domain name in a configurable LRU (least-recently used) cache. During the flow detection phase, if the flow remains unclassified, a look-up is performed in the DHC for the remote IP address. If a match is found, the associated domain name is used to improve application detection.

This cache is optionally saved to disk on exit (enabled by default) which will be reloaded on start-up, priming the cache. The DHC is saved as a CSV file. When save is set to persistent, the default location is /etc/netifyd/dns-cache.csv.

The DNS Hint Cache section name is:

[dns-hint-cache]
Property enable
Description Enabling and disabling the DNS Hint Cache.
Type string
Options no, yes
Default yes
Property save
Description The save option controls if and where the cache is saved. When set to volatile, the cache will be saved in volatile memory (tmpfs, /run/netifyd/) and will be lost across a reboot. The default is: persistent.
Type string
Options persistent, volatile, disabled
Default persistent
Property cache_size
Description Determines the maximum cache size, in bytes.
Type integer
Default 1000
Property partial_lookups
Description If set to yes, the Netify agent will apply DNS cache hinting only when a hostname is not extracted from the protocol. The practical implications of setting this field to yes typically results in slightly lower application classification rates.Unknown applications that use a Content Delivery Network or CDN to deliver content such as Cloudflare, Fastly etc. will no longer be classified as the CDN. The potential upside is fewer false positive rates due to shared IP usage across applications.
Type string
Options no, yes
Default no

Privacy

The privacy section name is:

[privacy_filter]

For information on Netify's privacy settings, please refer to the Privacy Settings section of the documentation.

Next Steps

Technical Support

Haven't found the answers you're looking for?

Contact Us