Settings
Settings
Overview
You can make custom configuration changes to the Netify agent by modifying Netify's main configuration file, /etc/netifyd.conf. Changes made
to this file remain persistent across reboots and upgrades.
The following list represents the supported sections in this ini-style configuration file:
- netifyd
- netify-api
- capture-defaults
- protocols
- flow-hash-cache
- dns-hint-cache
- privacy-filter
/usr/local/etc/netifyd.conf.Main
The main section name is:
[netifyd]Auto Flow Expiry
| Property | auto_flow_expiry |
|---|---|
| Description | When set to yes, TCP flows will not be tracked until a SYN+ACK has been captured. |
| Type | string |
| Options | yes, no |
| Default | yes |
Serial UUID Path
| Property | path_uuid_serial |
|---|---|
| Description | The path to a script that returns a unique UUID for the agent. When set, this UUID will be sent in addition to the Agent UUID as a means of uniquely identifying the agent. |
| Type | string |
The path_uuid_serial field can be a regular file, containing a unique string, however this case is rarely used since the string must be
exactly 32 bytes in length. More often, an integrator will add the path to an executable file that extracts the unique value. As an
executable script, any length (providing enough entropy) can be used. Two examples are listed below:
Config
[netifyd]
..
.
path_uuid_serial = /usr/share/netifyd/get-serial.shScript Example 1 - Activation Key in File
/usr/share/netifyd/get-serial.sh
#/bin/sh
if [ -f /var/distro/activation ]; then
cat /var/distro/activation
else
echo '-'
fiScript (get-serial.sh) Example 2 - Using Hardware Serial as Key
/usr/share/netifyd/get-serial.sh
#/bin/sh
dmidecode -s system-uuidNetify API
Netify API is an optional RESTful API endpoint owned and maintained by eGloo Inc. for:
- enabling application signature and category updates
- enabling Netify Informatics
- automating tracking/audit for OEM integrations
The API section is identified by:
[netify-api]| Property | enable |
|---|---|
| Description | By default, Netify API is disabled and will not connect to any resource outside of your network. |
| Type | boolean |
| Options | true, false |
| Default | false |
| Property | update_tick |
|---|---|
| Description | Number of seconds between API check-ins. |
| Type | integer |
| Default | 30 |
| Property | update_interval |
|---|---|
| Description | Number of seconds between API updates. An API update checks for things like a new application signature file. |
| Type | integer |
| Default | 86400 |
| Property | bootstrap_url |
|---|---|
| Description | REST URL. |
| Type | string |
| Default | N/A - Please contact us for OEM details |
| Property | tls_verify |
|---|---|
| Description | Validate certificate - this should always be set to true or be undefined, except possibly in developer environments. |
| Type | true, false |
| Default | true |
| Property | vendor |
|---|---|
| Description | Vendor code. |
| Type | string |
| Default | N/A - Please contact us for OEM details |
Protocols
The protocols section name is:
[protocols]| Property | all |
|---|---|
| Description | Enabling and disabling Protocol dissection can be an effective way to manage CPU resources. |
| Type | string |
| Options | include, exclude |
| Default | include |
DNS Hint Cache
The DNS Hint Cache (DHC) in the Netify Agent is a feature that is designed to aid or improve flow detection when protocol metadata may be lacking, for example, TLS without SNI.
The DHC system processes DNS responses. It stores the returned IP address and the associated domain name in a configurable LRU (least-recently used) cache. During the flow detection phase, if the flow remains unclassified, a look-up is performed in the DHC for the remote IP address. If a match is found, the associated domain name is used to improve application detection.
This cache is optionally saved to disk on exit (enabled by default) which will be reloaded on start-up, priming the cache. The DHC is saved as a CSV file.
When save is set to persistent, the default location is /etc/netifyd/dns-cache.csv.
The DNS Hint Cache section name is:
[dns-hint-cache]| Property | enable |
|---|---|
| Description | Enabling and disabling the DNS Hint Cache. |
| Type | string |
| Options | no, yes |
| Default | yes |
| Property | save |
|---|---|
| Description | The save option controls if and where the cache is saved. When set to volatile, the cache will be saved in volatile memory (tmpfs, /run/netifyd/) and will be lost across a reboot. The default is: persistent. |
| Type | string |
| Options | persistent, volatile, disabled |
| Default | persistent |
| Property | cache_size |
|---|---|
| Description | Determines the maximum cache size, in bytes. |
| Type | integer |
| Default | 1000 |
| Property | partial_lookups |
|---|---|
| Description | If set to yes, the Netify agent will apply DNS cache hinting only when a hostname is not extracted from the protocol. The practical implications of setting this field to yes typically results in slightly lower application classification rates.Unknown applications that use a Content Delivery Network or CDN to deliver content such as Cloudflare, Fastly etc. will no longer be classified as the CDN. The potential upside is fewer false positive rates due to shared IP usage across applications. |
| Type | string |
| Options | no, yes |
| Default | no |
Privacy
The privacy section name is:
[privacy_filter]For information on Netify's privacy settings, please refer to the Privacy Settings section of the documentation.