Using TLS In Flow Collection/Export
By default nProbe uses UDP to collect and export flows. However it also supports
UDP
TCP
TLS
SCTP (on selected platforms, only for flow export)
You can select the protocol with -n (flow export) and -3 (flow collection) using the format <method>://<address>. Example:
udp://127.0.0.1:1234
tls://127.0.0.1:1234
When using TLS, it is compulsory to have a valid TLS certificate that is validated during handshake. The following sections explain how to generate a TLS certificate and what are the command line options available for TLS.
TLS Certificates Validation
When nProbe is used for flow collection over TLS, nProbe needs a valid certificate file. While you can generate certificates using commercial CA (Certification Authorities), sometimes you want to use a self-signed TLS certificate for testing. It can be generated as follows: openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365
The above command will generate two files: key.pem that is the private file, and cert.pem that is the certificate file. Such files needs to be stored on a prototected place and they can be passed to nProbe as follows:
--tls-priv-key <key.pem path>
--tls-cert <cert.pem path>
For example the following command collects flows on localhost:2055: nprobe --tls-priv-key tls/key.pem --tls-cert tls/cert.pem -n none -i none -b 2 -3 tls://localhost:2055
nProbe can export flows to the above command as follows: nprobe -i en3 -b2 -t 3 -d 3 -s 3 -n tls://localhost:2055
If the nProbe collector has been started with a self-signed or non-valid (e.g. expired) certificate, the --tls-insecure
option can be used to skip TLS certificate validation. Please remember to set –tls-insecure before -n.