README: add example configuration files and sample IPFIX data

Author: Lukas955

doc/data/configs/multiOutput.xml

@@ -0,0 +1,60 @@
+<!--
+  Receive flow data over TCP and store them in a nfdump compatible format on
+  a local drive and simultaneously send to a remote host as JSON.
+-->
+<ipfixcol2>
+  <!-- Input plugins -->
+  <inputPlugins>
+    <input>
+      <name>TCP collector</name>
+      <plugin>tcp</plugin>
+      <params>
+        <!-- List on port 4739 -->
+        <localPort>4739</localPort>
+        <!-- Bind to all local adresses -->
+        <localIPAddress></localIPAddress>
+      </params>
+    </input>
+  </inputPlugins>
+
+  <!-- Output plugins -->
+  <outputPlugins>
+    <output>
+      <name>LNF output</name>
+      <plugin>lnfstore</plugin>
+      <params>
+        <storagePath>/tmp/ipfixcol/lnf/</storagePath> <!-- WARNING: the directory MUST exist before start -->
+        <compress>yes</compress>
+        <dumpInterval>
+          <timeWindow>300</timeWindow>
+          <align>yes</align>
+        </dumpInterval>
+      </params>
+    </output>
+
+    <output>
+      <name>JSON output</name>
+      <plugin>json</plugin>
+      <params>
+        <tcpFlags>formatted</tcpFlags>
+        <timestamp>formatted</timestamp>
+        <protocol>formatted</protocol>
+        <ignoreUnknown>true</ignoreUnknown>
+        <ignoreOptions>false</ignoreOptions>
+        <nonPrintableChar>true</nonPrintableChar>
+
+        <!-- Output methods -->
+        <outputs>
+          <!-- Send to a remove host on IP address 127.0.0.1:8000 -->
+          <send>
+            <name>Send to a remove host</name>
+            <ip>127.0.0.1</ip>
+            <port>8000</port>
+            <protocol>tcp</protocol>
+            <blocking>no</blocking>
+          </send>
+        </outputs>
+      </params>
+    </output>
+  </outputPlugins>
+</ipfixcol2>

doc/data/configs/odidFilter.xml

@@ -0,0 +1,73 @@
+<!--
+  Receive flow data over UDP and store flows from different ODIDs to different
+  locations (multiple instances of the same output plugin)
+-->
+<ipfixcol2>
+  <!-- Input plugins -->
+  <inputPlugins>
+    <input>
+      <name>UDP collector</name>
+      <plugin>udp</plugin>
+      <params>
+        <!-- List on port 4739 -->
+        <localPort>4739</localPort>
+        <!-- Bind to all local adresses -->
+        <localIPAddress></localIPAddress>
+      </params>
+    </input>
+  </inputPlugins>
+
+  <!-- Output plugins -->
+  <outputPlugins>
+    <output>
+      <name>JSON output (ODID 1)</name>
+      <plugin>json</plugin>
+      <odidOnly>1</odidOnly>     <!-- Process only flows with ODID 1 -->
+      <params>
+        <outputs>
+          <file>
+            <name>Store to files</name>
+            <path>/tmp/ipfixcol/odid1/%Y/%m/%d/</path>
+            <prefix>json.</prefix>
+            <timeWindow>300</timeWindow>
+            <timeAlignment>yes</timeAlignment>
+          </file>
+        </outputs>
+      </params>
+    </output>
+
+    <output>
+      <name>JSON output (ODID 2-5)</name>
+      <plugin>json</plugin>
+      <odidOnly>2-5</odidOnly>    <!-- Process only flows with ODID 2 - 5 -->
+      <params>
+        <outputs>
+          <file>
+            <name>Store to files</name>
+            <path>/tmp/ipfixcol/odid2-5/%Y/%m/%d/</path>
+            <prefix>json.</prefix>
+            <timeWindow>300</timeWindow>
+            <timeAlignment>yes</timeAlignment>
+          </file>
+        </outputs>
+      </params>
+    </output>
+
+    <output>
+      <name>JSON output (ODID others)</name>
+      <plugin>json</plugin>
+      <odidExcept>1-5</odidExcept>     <!-- Process only flows with ODID different from 1 - 5 -->
+      <params>
+        <outputs>
+          <file>
+            <name>Store to files</name>
+            <path>/tmp/ipfixcol/odidOthers/%Y/%m/%d/</path>
+            <prefix>json.</prefix>
+            <timeWindow>300</timeWindow>
+            <timeAlignment>yes</timeAlignment>
+          </file>
+        </outputs>
+      </params>
+    </output>
+  </outputPlugins>
+</ipfixcol2>

doc/data/configs/tcp2anon2json.xml

@@ -0,0 +1,58 @@
+<!--
+  Receive flow data over TCP, anonymize them and store in JSON format
+  on a local drive.
+-->
+<ipfixcol2>
+  <!-- Input plugins -->
+  <inputPlugins>
+    <input>
+      <name>TCP collector</name>
+      <plugin>tcp</plugin>
+      <params>
+        <!-- List on port 4739 -->
+        <localPort>4739</localPort>
+        <!-- Bind to all local adresses -->
+        <localIPAddress></localIPAddress>
+      </params>
+    </input>
+  </inputPlugins>
+
+  <!-- Intermediate plugins -->
+  <intermediatePlugins>
+    <intermediate>
+      <name>Flow anonymization</name>
+      <plugin>anonymization</plugin>
+      <params>
+        <type>truncation</type>
+      </params>
+    </intermediate>
+  </intermediatePlugins>
+
+  <!-- Output plugins -->
+  <outputPlugins>
+    <output>
+      <name>JSON output</name>
+      <plugin>json</plugin>
+      <params>
+        <tcpFlags>formatted</tcpFlags>
+        <timestamp>formatted</timestamp>
+        <protocol>formatted</protocol>
+        <ignoreUnknown>true</ignoreUnknown>
+        <ignoreOptions>false</ignoreOptions>
+        <nonPrintableChar>true</nonPrintableChar>
+
+        <!-- Output methods -->
+        <outputs>
+          <!-- Store as files into /tmp/ipfixcol/... -->
+          <file>
+            <name>Store to files</name>
+            <path>/tmp/ipfixcol/flow/%Y/%m/%d/</path>
+            <prefix>json.</prefix>
+            <timeWindow>300</timeWindow>
+            <timeAlignment>yes</timeAlignment>
+          </file>
+        </outputs>
+      </params>
+    </output>
+  </outputPlugins>
+</ipfixcol2>

doc/data/configs/tcpUdp2lnf.xml

@@ -0,0 +1,47 @@
+<!--
+  Receive flow data simultaneously over TCP and UDP and store them on a local
+  drive in a nfdump compatible format (multiple instances of the same input
+  plugin).
+-->
+<ipfixcol2>
+  <!-- Input plugins -->
+  <inputPlugins>
+    <input>
+      <name>TCP collector</name>
+      <plugin>tcp</plugin>
+      <params>
+        <!-- List on port 4739 -->
+        <localPort>4739</localPort>
+        <!-- Bind to all local adresses -->
+        <localIPAddress></localIPAddress>
+      </params>
+    </input>
+
+    <input>
+      <name>UDP collector</name>
+      <plugin>udp</plugin>
+      <params>
+        <!-- List on port 4739 -->
+        <localPort>4739</localPort>
+        <!-- Bind to all local adresses -->
+        <localIPAddress></localIPAddress>
+      </params>
+    </input>
+  </inputPlugins>
+
+  <!-- Output plugins -->
+  <outputPlugins>
+    <output>
+      <name>LNF output</name>
+      <plugin>lnfstore</plugin>
+      <params>
+        <storagePath>/tmp/ipfixcol/</storagePath> <!-- WARNING: the directory MUST exist before start -->
+        <compress>yes</compress>
+        <dumpInterval>
+          <timeWindow>300</timeWindow>
+          <align>yes</align>
+        </dumpInterval>
+      </params>
+    </output>
+  </outputPlugins>
+</ipfixcol2>

doc/data/configs/udp2json.xml

@@ -0,0 +1,46 @@
+<!-- 
+  Receive flow data over UDP, convert them into JSON and provide them as
+  a server on local port
+-->
+<ipfixcol2>
+  <!-- Input plugins -->
+  <inputPlugins>
+    <input>
+      <name>UDP collector</name>
+      <plugin>udp</plugin>
+      <params>
+        <!-- List on port 4739 -->
+        <localPort>4739</localPort>
+        <!-- Bind to all local adresses -->
+        <localIPAddress></localIPAddress>
+      </params>
+    </input>
+  </inputPlugins>
+
+  <!-- Output plugins -->
+  <outputPlugins>
+    <output>
+      <name>JSON output</name>
+      <plugin>json</plugin>
+      <params>
+        <!-- JSON format paramters -->
+        <tcpFlags>formatted</tcpFlags>
+        <timestamp>formatted</timestamp>
+        <protocol>formatted</protocol>
+        <ignoreUnknown>false</ignoreUnknown>
+        <ignoreOptions>true</ignoreOptions>
+        <nonPrintableChar>true</nonPrintableChar>
+
+        <!-- Output methods -->
+        <outputs>
+          <!-- Create a local server on port 8000 -->
+          <server>
+            <name>Local server</name>
+            <port>8000</port>
+            <blocking>no</blocking>
+          </server>
+        </outputs>
+      </params>
+    </output>
+  </outputPlugins>
+</ipfixcol2>

doc/data/ipfix/example_flows.ipfix

@@ -167,17 +167,17 @@ Example configuration files
 In this section you can see various example configuration files that demonstrate possibilities
 of IPFIXcol. Always keep in mind that you should modify a configuration to fit you needs.
 
-:`udp2json <TODO>`_:
+:`udp2json <../data/configs/udp2json.xml>`_:
     Receive flow data over UDP, convert them into JSON and provide them as a server on local port.
-:`tcp2anon2json <TODO>`_:
+:`tcp2anon2json <../data/configs/tcp2anon2json.xml>`_:
     Receive  flow data over TCP, anonymize them and store in JSON format on a local drive.
-:`tcpUdp2lnf <TODO>`_:
+:`tcpUdp2lnf <../data/configs/tcpUdp2lnf.xml>`_:
     Receive flow data simultaneously over TCP and UDP and store them on a local drive in
-    a nfdump compatible format (multiple instances of the same input plugin).
-:`odidFilter <TODO>`_:
-    Receive flow data over TCP and store flows from different ODIDs to different locations
+    a nfdump compatible format (multiple instances of input plugins).
+:`odidFilter <../data/configs/odidFilter.xml>`_:
+    Receive flow data over UDP and store flows from different ODIDs to different locations
     (multiple instances of the same output plugin).
-:`multiOutput <TODO>`_:
+:`multiOutput <../data/configs/multiOutput.xml>`_:
     Receive flow data over TCP and store them in a nfdump compatible format on a local drive
     and simultaneously send to a remote host as JSON.
 
@@ -198,10 +198,11 @@ increasing verbosity level to see also warning messages (parameter "``-v``") dur
   Note: Receiving flow data from an exporter *over UDP transport
   protocol* may lead due to IPFIX protocol structure to a situation when the collector
   is unable to interpret data immediately after start.
-  For more information, see documentation of `UDP <TODO>`_ plugin.
+  For more information, see documentation of `UDP <../../src/plugins/input/udp>`_ plugin.
 
 We prepared a file with few anonymized IPFIX flows, so you can try your configurations,
-even without running a flow exporter. Just download the `file <TODO>`_ and use ``ipfixsend2`` tool
+even without running a flow exporter. Just download the `file <../data/ipfix/example_flows.ipfix>`_
+and use ``ipfixsend2`` tool
 (distributed and installed together with IPFIXcol). For example, to send flow records over UDP
 protocol with real-time simulation use:
 
@@ -254,8 +255,12 @@ shown below. The same approach applies to other types of instances too.
 
 Available verbosity levels:
 
-:none:    Hide all messages
-:error:   Show only error messages (i.e. something went really wrong)
-:warning: Show error and warning messages (i.e. something is not right, but an action can continue)
-:info:    Show all previous types of messages and informational (status) messages
-:debug:   Show all types of messages (i.e. include messages interesting only for developers)
+=========== =========================================================================================
+Verbosity   Description
+=========== =========================================================================================
+``none``    Hide all messages
+``error``   Show only error messages (i.e. something went really wrong)
+``warning`` Show error and warning messages (i.e. something is not right, but an action can continue)
+``info``    Show all previous types of messages and informational (status) messages
+``debug``   Show all types of messages (i.e. include messages interesting only for developers)
+=========== =========================================================================================