Version: 1.5.0

_app-protocols

Application Protocols

The collector supports application-based identification, TCP port mapping, and UDP port mapping. The definition files for these respectively are placed in three locations under <vm_root>:

/user/definitions/app-definitions-{device-id}.csv (device-specific)
/user/definitions/app-definitions.csv (user-defined)
/package/definitions/app-definitions.csv (system defaults)
/user/definitions/tcp-definitions-{device-id}.csv (device-specific)
/user/definitions/tcp-definitions.csv (user-defined)
/package/definitions/tcp-definitions.csv (system defaults)
/user/definitions/udp-definitions-{device-id}.csv (device-specific)
/user/definitions/udp-definitions.csv (user-defined)
/package/definitions/udp-definitions.csv (system defaults):::warning

Definition files must be in CSV format with exactly two columns per row. :::

The contents of these files are:

app-definitions.csv:

SSH,Secure Shell
RDP,Remote Desktop
HTTP,Web Browsing
HTTPS,Secure Web

tcp-definitions.csv:

22,SSH
3389,RDP
80,HTTP
443,HTTPS

udp-definitions.csv:

53,DNS
67,DHCP
123,NTP
161,SNMP

note

The collector will fall back on the system defaults if the custom definition files are not found.

Application Protocols​

Application Protocols