Filtering and Aggregating Traffic
This Public Stable API method allows you to handle broadcast and multicast traffic better, save storage in the traffic database, and reduce the stress of the whole data pipeline.
Windows-heavy environments can have a large amount of broadcast or multicast traffic, which can be as much as 50% in syslog data and 30% in traffic data. Because some broadcast and multicast data might not be useful for writing policies, this API provides a function to filter out or aggregate the broadcast and multicast traffic that is not useful.
Note
This API is implemented in Supercluster.
Note
Only administrators and users with appropriate privileges can make filtering changes.
Traffic Collector API Methods
Use these methods to get, create, update, or delete a traffic collector.
Functionality | HTTP | URI |
|---|---|---|
Get a traffic collector collection |
|
|
Get a specific collector instance |
|
|
Create a traffic collector |
|
|
Update a specific traffic collector instance |
|
|
Delete a specific traffic collector instance |
|
|
Query Parameters
Use the following parameters.
Parameters | Description | Type |
|---|---|---|
| Org ID | Integer |
| traffic_collector setting UUID | String |
Response Properties
Properties | Description | Type |
|---|---|---|
| URI of the destination | String |
| Transmission type: broadcast/multicast/unicast | String |
| Drop or aggregate the target traffic:
| String |
| Flow summary data source | String |
| The target object has the following properties:
If PUT method will fail If the traffic filter you want to modify has “ANY” in port or protocol field, and you want to modify other fields in this filter. The change will fail because the default port and protocol will not pass the validation step. Oracle flows are currently filtered via a runtime The collector filters now support | Object Integer Integer String String |
Examples for Traffic Collector
CURL Command for settings_traffic_collector_post
curl -i -u api_10415cd5bcc0e14cc:'2ac31cbee8cd3e8fa7ca79d32d39a0249636624ada675965dd2ec239e3ea8af0' --request POST --data '{"action":"drop","transmission":"unicast","target":{"proto":6,"src_ip":"10.1.2.3"}}' https://2x2testvc360.ilabs.io:8443/api/v2/orgs/2/settings/traffic_collector --header "Content-Type: application/json"Broadcast Transmission and Drop Action
curl 'https://pce.my-company.com:8443/api/v2/orgs/1/settings/traffic_collector' -H 'Origin: https://pce.my-company.com:8443' -H 'Accept-Encoding: gzip,deflate, br' -H 'content-type: application/json' -H 'accept: application/json' -H 'Referer: https://pce.my-company.com:8443/' -i -u api_1dfe2432a7b314ee6:'21c10ea1a4ad38d76ef22977e8ac45bc10839c5cc6ebffd650eae4f95dc5b364'--data-binary '{"transmission": "broadcast","action": "drop","target":{"proto": 17,"dst_port": 20, "dst_ip":"10.255.255.255"}}' --compressedMulticast Transmission and Aggregate Action
curl 'https://pce.my-company.com:8443/api/v2/orgs/1/settings/traffic_collector' -H 'Origin: https://pce.my-company.com:8443' -H 'Accept-Encoding: gzip, deflate, br' -H 'content-type: application/json' -H 'accept: application/json' -H 'Referer: https://pce.my-company.com:8443/' -i -u api_1dfe2432a7b314ee6:'21c10ea1a4ad38d76ef22977e8ac45bc10839c5cc6ebffd650eae4f95dc5b364'--data-binary '{"transmission": "multicast","action": "aggregate"} ' --compressedExample Response
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"required": ["href", "transmission", "action"],
"properties":{
"href": {
"description": "URI of the destination",
"type": "string"
},
"transmission":{
"description":"transmission type: broadcast/multicast",
"type":"string",
"enum":[
"broadcast",
"multicast"
]
},
"target":{
"type":"object",
"required":[
"proto"
],
"properties":{
"dst_port":{
"type":"integer"
},
"proto":{
"type":"integer"
},
"dst_ip":{
"type":"string",
"description": "single ip address or CIDR"
}
}
},
"action":{
"description":"drop or aggregate the target traffic",
"type":"string",
"enum":[
"drop",
"aggregate"
]
}
}
}