CIDR Flows Tagger
- Installing App
- Custom options:Specify Networks to tag

CIDR Flows Tagger

This article helps you with providing steps to install CIDR FLow Tagger in Trisul Network Analytics.

Create Automatic flow tags for all the network traffic with CIDR network tags and integrate them into the backend indices.

Installing App

Login as Admin and install the app by selecting 'Flexible CIDR Flow Tagger' from Web Admin > Manage > Apps
Restart the Probe node.

Custom options:Specify Networks to tag

Specify the networks that you want to tag. By default CIDR tags the subnets /25,/26,/27,/28.

To do this,

Create a file named 'trisulnsm_cidr-tagger.lua' in /usr/local/var/lib/trisul-probe/domain0/probe0/context0/config.
put the lines below in that file

return    {
            -- only tag these subnet networks
            tag_masks={26,27,28},

            -- only tag internalhosts 
            tag_internal_hosts_only = true
          } 
}

You can search for specific subnetwork flows by adding the tag group called [cidr]. For example,

tag=[cidr]192.17.20.32/27

Once the app is installed the CIDR tags automatically gets added to the flows.

Table of Contents

CIDR Flows Tagger

Installing App

Custom options:Specify Networks to tag