Advanced Agent Settings
Advanced Agent Settings
Override Auto Configuration
When starting the Netify daemon, the default configuration will be for Netify to attempt to detect which interfaces to listen on and how those interfaces are defined - internal/LAN or external/WAN. These settings will ultimately determine what flow data you see in the Netify Informatics Cloud Portal and how it is classified.
There may be cases where you wish to override this behaviour.
To override the auto configuration, you will first need to find the autoconf file for the platform you are on:
- ClearOS, CentOS, RedHat Linux -
- Ubuntu, Debian, Unifi USG -
- OpenWRT -
- Unifi UDM -
A sample config is provided below that has the autoconf settings enabled, by default.
# Netify Agent command-line options # Copyright (C) 2016-2020 eGloo, Incorporated # # This is free software, licensed under the GNU General Public License v3. # # See the netifyd(8) manual for common options. # Auto-detect (when possible) network ineterface roles (yes/no)? NETIFYD_AUTODETECT="yes" # # Set desired custom options here: # NETIFYD_EXTRA_OPTS="" # # Define internal network interfaces and if needed, corresponding network # addresses. Normally network addresses are discovered via Netlink but for # cases where Netlink is unavailable or when capturing from a mirrored port, # they should be specified as a comma-delimited list as shown below: # NETIFYD_INTNET="eth1 eth2 eth3,192.168.0.0/24,10.0.0.0/16" # # Define external network interfaces. For PPPoE interfaces, you can optionally # specify the associated physical ethernet interface to set the MAC address. # NETIFYD_EXTNET="eth4 ppp0,eth5"
To disable auto detection of interfaces, set
NETIFYD_AUTODETECT to "no". Edit
NETIFYD_EXTNET to set your Internal (LAN) and External (WAN) interfaces, respectively.
You can use the interface name (ex. eth1) or an IP and subnet mask combination (ex. 192.168.0.0/24). After making any changes to this file, restart the Netify daemon using a command appropriate for the platform you're using.
For example, on systems supporting systemd:
systemctl restart netifyd
For systems using init scripts, use:
service netifyd restart
Applying Berkeley Packet Filter (BPF)
The Netify agent is fully compliant with Berkeley Packet Filter (BPF). This allows advanced configuration and precise control over which flows are seen by the DPI engine, and which are not.
Similar to the situation where you want to manually configure which interfaces to listen (see above), applying BPF filters requires you to disable Netify autodetect by setting:
In addition, make sure to comment out (prefix the line with a hash) both NETIFYD_INTNET and NETIFYD_EXTINT configuration parameters.
Once done, specify the role of the interface (-I for Internal/LAN, -E for External/WAN), the interface name (eth0) or IP/subnet (192.168.0.0/24) and the BPF filter to be applied using the -F flag using the NETIFYD_EXTRA_OPTS attribute. For example, to listen on an internal (LAN) interface named eth0 but remove all traffic not on the 10.0.0.0/24 subnet, your configuration would be:
NETIFYD_EXTRA_OPTS=-I eth0 -F 'not net 10.0.0.0/24
This can be extremely useful to filter out large amounts of data that you are not interested in analyzing - for example, traffic going through a VPN or MPLS circuit to a remote office that has another Netify agent on the other side.