nDPId Docker Image for deep packet inspection. As described in nDPId, we split the image into producer and consumer image for a more generic purpose. For the producer, the image starts the UNIX and UDP socket and nDPId respectively. Via environment variables, users can adapt the nDPId daemon and nDPIsrvd. As by now, we support all current nDPId parameters.
| Project License |
|
| Continuous Integration |
|
Install using PyPi:
cd ./heidpi-logger && cmake . && makeUse the CLI for quick usage:
> ./heidpi_cpp -h
usage: heidpi_cpp [-h] [--host HOST | --unix UNIX] [--port PORT] [--write WRITE]
[--config CONFIG] [--filter FILTER]
[--show-daemon-events]
[--show-packet-events]
[--show-error-events]
[--show-flow-events]
In order to run this container you'll need docker installed.
Pull images:
docker pull stefan96/heidpi-producer:main
docker pull stefan96/heidpi-consumer:mainRun producer and consumer separately from each other using UDP socket:
docker run -p 127.0.0.1:7000:7000 --net host stefan96/heidpi-producer:main
docker run -e HOST=127.0.0.1 --net host stefan96/heidpi-consumer:mainor use the docker-compose.yml:
docker-compose upAdditionally, you use a UNIX socket:
docker run -v ${PWD}/heidpi-data:/tmp/ --net host stefan96/heidpi-producer:main
docker run -v ${PWD}/heidpi-data:/tmp/ -v ${PWD}/heidpi-logs:/var/log -e UNIX=/tmp/nDPIsrvd-daemon-distributor.sock --net host stefan96/heidpi-consumer:main| Variable | Type | Default |
|---|---|---|
UNIX |
string |
|
HOST |
string |
|
PORT |
int |
7000 |
JSON_PATH |
string |
/var/log/nDPIdsrvd.json |
SHOW_ERROR_EVENTS |
int |
0 |
SHOW_DAEMON_EVENTS |
int |
0 |
SHOW_PACKET_EVENTS |
int |
0 |
SHOW_FLOW_EVENTS |
int |
1 |
MAX_BUFFERED_LINES |
int |
1024 |
You can change the default configuration by mounting a config file /app/config.yml:
flow_event:
ignore_fields: []
flow_event_name:
- update
- end
- idle
- detected
filename: flow_event
threads: 25This project is licensed under the GPL-3.0 license - see the LICENSE.md file for details.