====== CIDR Flows Tagger ======

This article helps you with providing steps to install CIDR FLow Tagger in Trisul Network Analytics.

**
Create Automatic flow tags for all the network traffic with CIDR network tags and integrate them into the backend indices.
**

{{:tips:cidr-app.png?400|}}

===== Installing App =====

  - Login as Admin and install the app by selecting 'Flexible CIDR Flow Tagger' from //Web Admin > Manage > Apps//
  - Restart the Probe node.

{{:tips:cidr-app-admin.png?600|}}

===== Custom options:Specify Networks to tag =====

Specify the networks that you want to tag. By default CIDR tags the subnets /25,/26,/27,/28.

To do this,
  * Create a file named 'trisulnsm_cidr-tagger.lua' in /usr/local/var/lib/trisul-probe/domain0/probe0/context0/config.
  * put the lines below in that file
<code>return    {
            -- only tag these subnet networks
            tag_masks={26,27,28},

            -- only tag internalhosts 
            tag_internal_hosts_only = true
          } 
} 
</code>

You can search for specific subnetwork flows by adding the tag group called [cidr].
For example,

<code>tag=[cidr]192.17.20.32/27
</code>

Once the app is installed the CIDR tags automatically gets added to the flows.

{{:tips:cidr-app-screenshot.png?600|}}