fix(ja4ebpf): split bpf2go generate into Ja4Tc + Ja4Ssl, fix RPM systemd-rpm-macros
- Use two separate //go:generate directives (Ja4Tc for tc_capture.c, Ja4Ssl
for uprobe_ssl.c) to avoid duplicate LICENSE symbol and multi-file clang issue
- Update loader.go to hold tcObjs/sslObjs separately with correct field names:
UprobeSslSetFd, UprobeSslReadEntry, UretprobeSslReadExit,
KprobeAccept4Entry, KretprobeAccept4Exit
- Add systemd-rpm-macros to all three RPM build stages (el8/el9/el10)
so that %{_unitdir} macro resolves correctly
- RPMs now build successfully for el8, el9, el10
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
toto
57
old/services/sentinel/config.yml.example
Normal file
57
old/services/sentinel/config.yml.example
Normal file
@ -0,0 +1,57 @@
|
||||
# Sample configuration file for ja4sentinel
|
||||
# Copy to config.yml and adjust as needed
|
||||
|
||||
core:
|
||||
# Network interface to capture traffic from
|
||||
# "any" captures on all interfaces (default, recommended)
|
||||
# Or specify a specific interface (e.g., eth0, ens192, etc.)
|
||||
interface: any
|
||||
|
||||
# TCP ports to monitor for TLS handshakes
|
||||
listen_ports:
|
||||
- 443
|
||||
- 8443
|
||||
|
||||
# Optional BPF filter (leave empty for auto-generated filter based on listen_ports and local_ips)
|
||||
bpf_filter: ""
|
||||
|
||||
# Local IP addresses to monitor (traffic destined to these IPs will be captured)
|
||||
# Leave empty for auto-detection (recommended) - excludes loopback addresses
|
||||
# Or specify manually: ["192.168.1.10", "10.0.0.5", "2001:db8::1"]
|
||||
local_ips: []
|
||||
|
||||
# Source IP addresses or CIDR ranges to exclude from capture
|
||||
# Useful for filtering out internal traffic, health checks, or monitoring systems
|
||||
# Examples: ["10.0.0.0/8", "192.168.1.1", "172.16.0.0/12"]
|
||||
exclude_source_ips: []
|
||||
|
||||
# Timeout in seconds for TLS handshake extraction (default: 30)
|
||||
flow_timeout_sec: 30
|
||||
|
||||
# Buffer size for packet channel (default: 1000, increase for high-traffic environments)
|
||||
packet_buffer_size: 1000
|
||||
|
||||
# Log level: debug, info, warn, error (default: info)
|
||||
# Can be overridden by JA4SENTINEL_LOG_LEVEL environment variable
|
||||
log_level: info
|
||||
|
||||
outputs:
|
||||
# Output to UNIX socket (for systemd/journald or other consumers)
|
||||
# Only JSON LogRecord data is sent - no diagnostic logs
|
||||
- type: unix_socket
|
||||
enabled: true
|
||||
params:
|
||||
socket_path: /var/run/logcorrelator/network.socket
|
||||
|
||||
# Output to stdout (JSON lines)
|
||||
# Diagnostic logs (error, debug, warning) should go here
|
||||
# - type: stdout
|
||||
# enabled: false
|
||||
# params: {}
|
||||
|
||||
# Output to file
|
||||
# Only JSON LogRecord data is sent - no diagnostic logs
|
||||
# - type: file
|
||||
# enabled: false
|
||||
# params:
|
||||
# path: /var/log/ja4sentinel/ja4.log
|
||||
Reference in New Issue
Block a user