Skip to content

Config File

IXpect is configured using a YAML based configuration file. By default the file is loaded from /etc/ixpect/ixpect.conf.yaml and needs to comply to the IXpect configuration JSON schema:

Adding the following line to the configuration file instructs editors and IDEs using the YAML Language Server to load the IXpect schema automatically:

# yaml-language-server: $schema=https://ixpect.net/0.1/schema/ixpect.conf.schema.json

Example#

# yaml-language-server: $schema=https://ixpect.net/0.1/schema/ixpect.conf.schema.json

# probe configurations
probes:
  arp_bogon:
    # enable this probe
    enable: true
    # list of prefixes that are connected
    prefixes:
    - 192.0.2.0/24

  arp_neighbor:
    # enable this probe
    enable: true
    # enable learning dynamic resolutions
    dynamic_enable: true
    # list of static resolutions
    static_resolutions:
    - ip: 192.0.2.1
      mac: 00:00:5e:00:53:01
    - ip: 192.0.2.42
      mac: 00:00:5e:00:53:2a

  bum_rate:
    # enable this probe
    enable: true
    # observation time window
    window: 15s
    # absolute packet thresholds by type
    # within `window`
    thresholds:
      broadcast: 500
      multicast: 500
      unicast: 500

  ether_type:
    # enable this probe
    enable: true
    # list of expected EtherType values
    allowed_ether_types:
     - 0x0800 # IPv4
     - 0x0806 # ARP
     - 0x86dd # IPv6

  ipv6_bogon:
    # enable this probe
    enable: true
    # list of prefixes that are connected
    prefixes:
      - 2001:db8::/32
    # do not ignore fe80::/64
    #ignore_link_local: false

  ipv6_neighbor:
    # enable this probe
    enable: true
    # learn dynamic resolutions
    dynamic_enable: true
    # list of static resolutions
    static_resolutions:
    - ip: 2a02::1
      mac: 00:00:5e:00:53:01
    - ip: 2a02::2
      mac: 00:00:5e:00:53:2a

  ipv6_router:
    # enable this probe
    enable: true

  stp:
    # enable this probe
    enable: true

# event notifications
event:
  notifiers:
    email:
      # enable mail notifications
      enable: true
      # mail server setup
      smtp:
        host: mailin.example.net
      # from address
      from: noreply+ixpect@example.net
      channels:
        # send important events to the NOC
        - to:
            - alert@example.net
          events:
            - ARP_NEIGHBOR_UNKNOWN
            - IPV6_NEIGHBOR_UNKNOWN
        # catch-all
        - to:
            - bulk@example.net

    log:
      # enable event logging
      enable: true

    http:
      # enable HTTP callout
      enable: true
      channels:
        # send important events to HTTP API
        - url: https://example.net/call-in/foo
          # HTTP method
          method: POST
          # HTTP content type header
          content_type: application/json
          # MiniJinja template for HTTP body
          template: custom-http.json
          # event filter
          events:
            - ARP_NEIGHBOR_UNKNOWN
            - IPV6_NEIGHBOR_UNKNOWN

    matrix:
      # enable matrix notifications
      enable: true
      channels:
          # Matrix server and access token to send messages from
        - server: https://matrix.example.net
          access_token:
            file: /run/secrets/room_access_token
          # Matrix room ID
          internal_room_id: local_room_id:server.example.net
          # event filter
          events:
            - ARP_NEIGHBOR_UNKNOWN
            - IPV6_NEIGHBOR_UNKNOWN

    slack:
      # enable Slack notifications
      enable: true
      channels:
        # Slack access details
        - webhook:
            file: /run/secrets/slack_webhook_with_secret
          # event filter
          events:
            - ARP_NEIGHBOR_UNKNOWN
            - IPV6_NEIGHBOR_UNKNOWN