Processor

NetObserv Trap introduces a new DSL Processor which is responsible for processing and enriching the incoming traps. The DSL Processor is a powerful tool that allows you to define custom rules for processing incoming traps. The processor is a simple, yet powerful, language that allows you to define rules that can be used to filter, transform, and enrich incoming traps.

EF_PROCESSOR_TRAP_DSL_ENUM_DEFINITIONS_DIRECTORY_PATH

The DSL Processor also supports enumerations for enrichment, which are used to define a set of constants that can be used in rules. Enumerations are defined in a set of files and are used to define a set of constants that can be used in rules.

• Default
  • /etc/elastiflow/trap/dsl/enums/

EF_PROCESSOR_TRAP_DSL_RULES_DIRECTORY_PATH

The DSL Processor is powered by a set of rules that are defined in a set of files. Each rule is defined in a separate file and is composed of a set of conditions and actions. The conditions are used to filter incoming traps, while the actions are used to transform and enrich the traps.

• Default
  • /etc/elastiflow/trap/dsl/rules/

EF_PROCESSOR_TRAP_DSL_ENTERPRISE_FILE_PATH

The Enterprise file is used as a mapping between Enterprise OIDs and rules files. The enterprise OIDs are used to identify the vendor of the trap.

• Default
  • /etc/elastiflow/trap/dsl/enterprises.yml