conntrack: Add conntrack docs to README.md #291
Conversation
Codecov Report
@@ Coverage Diff @@
## main #291 +/- ##
=======================================
Coverage 67.39% 67.39%
=======================================
Files 73 73
Lines 4278 4278
=======================================
Hits 2883 2883
Misses 1212 1212
Partials 183 183
Flags with carried forward coverage won't be shown. Click here to find out more. Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
README.md
Outdated
| fieldGroups: | ||
| - name: src | ||
| fields: | ||
| - SrcIP |
There was a problem hiding this comment.
Above you use SrcAddr and DstAddr rather than SrcIP and DstIP.
| - newConnection | ||
| - endConnection | ||
| - updateConnection | ||
| - flowLog |
There was a problem hiding this comment.
The flowlog parameter is not described above.
|
|
||
| Notice that all output records contain `_RecordType` and `_HashId` fields. | ||
| Output fields that set `splitAB: true` (like in `Bytes`) are split into 2 fields `Bytes_AB` and `Bytes_BA` which | ||
| aggregate values separately based on direction A->B and B->A respectively. |
There was a problem hiding this comment.
and also adds a XX_total field ?
Is there other fields than Bytes ?
There was a problem hiding this comment.
and also adds a
XX_totalfield ?
The Bytes_total field is created because it was specified explicitly in the config snippet.
It's not auto-generated by the conntrack module. I created an issue to discuss this: #280
Is there other fields than
Bytes?
In this config snippet, Bytes is the only field that is set with splitAB: true.
For all the other output fields, the default is set to false.
I'll add a sentence for the default case.
No description provided.