To create a new view, you first need to access the configuration section of Talaia by clicking on the configuration icon appearing in the lower left of the Talaia interface.
Then, on the Traffic views row, click Add.
You'll get this dialog:
When creating a new view, special attention must be paid to the Filter field. The filter configuration must use the following syntax:
all accept all flows
(filter) group filters using braces
filter or filter boolean operations: or, ...
filter and filter ... and ...
not filter ... not.
router a.b.c.d router that sends the flow
router a.b.c.d iface_in x router + ingress interface
router a.b.c.d iface_out x router + egress interface
router a.b.c.d iface x router + in/egress interface
asn x src or dest ASN id of flow
src asn x source autonomous system id
dst asn x dest autonomous system id
net a.b.c.d/mask src or dest network of flow
src net a.b.c.d/mask source network
dst net a.b.c.d/mask dest network
vlan x vlan id associated with interface
src vlan x vlan id associated with ingress interface
dst vlan x vlan id associated with egress interface
recv_port x port on which traffic is rec'd by Talaia
- Important: if iface, iface_in, or iface_out are used, instead of a human-readable name like GigabitEthernet0/1 you must specify the SNMP interface index. More information on that can be found here.
Filters can be as simple or as complex as you'd like. Here's an example:
(src net 192.168.0.0/16) and (router 188.8.131.52 iface_in 8) and (dst net 10.0.0.0/8 or dst net 192.168.6.0/24)
This filter will match only:
- Traffic addressed from 192.168.0.0/16
- to 10.0.0.0/8 OR to 192.168.6.0/24
- that is exported from input interface 8
- of the router sending traffic to Talaia from the IP address 184.108.40.206.
Finally, note that view names may carry an important implication: complementary views with names ending with in and out (for example, LAN in and LAN out) are automatically paired in the user interface. This means that, by default, when a user selects one of these views, its traffic will be shown alongside its counterpart. (This behaviour can be disabled by clicking the lock button between the two in the view dropdown.)
After creating or modifying a view, you must push the changes to the core of the system in order for the views to begin collecting traffic.
A newly created view also needs to be assigned to the user(s) requiring access to that view.
If you want to use the new view immediately, reload the page to refresh the list of views in the dropdown. It can take up to 10 minutes for data to begin appearing in a view after changes to views are pushed to the core.
If you get stuck, let us know. We're here to help!