connectors: - file: connectorRIS name: ris params: carefulSubscription: true url: ws://ris-live.ripe.net/v1/ws/ perMessageDeflate: true authorizationHeader: null subscription: moreSpecific: true type: UPDATE host: socketOptions: includeRaw: false # - file: connectorRISDump # name: dmp monitors: - file: monitorHijack channel: hijack name: basic-hijack-detection params: thresholdMinPeers: 3 # - file: monitorNewPrefix # channel: newprefix # name: prefix-detection # params: # thresholdMinPeers: 3 - file: monitorPath channel: path name: path-matching params: thresholdMinPeers: 1 - file: monitorVisibility channel: visibility name: withdrawal-detection params: thresholdMinPeers: 40 - file: monitorAS channel: misconfiguration name: asn-monitor params: thresholdMinPeers: 3 - file: monitorRPKI channel: rpki name: rpki-monitor params: thresholdMinPeers: 3 checkUncovered: false checkDisappearing: false - file: monitorROAS channel: roa name: rpki-diff params: enableDiffAlerts: true enableExpirationAlerts: true enableExpirationCheckTA: true enableDeletedCheckTA: true roaExpirationAlertHours: 2 checkOnlyASns: true toleranceDeletedRoasTA: 20 toleranceExpiredRoasTA: 20 - file: monitorPathNeighbors channel: path name: path-neighbors params: thresholdMinPeers: 3 reports: - file: reportFile channels: - hijack - newprefix - visibility - path - misconfiguration - rpki - roa params: persistAlertData: false alertDataDirectory: alertdata/ # - file: reportEmail # channels: # - hijack # - newprefix # - visibility # - path # - misconfiguration # - rpki # - roa # params: # showPaths: 5 # Amount of AS_PATHs to report in the alert # senderEmail: bgpalerter@xxxx # # BGPalerter uses nodemailer. # # The smtp section can be configured with all the parameters available at https://nodemailer.com/smtp/ # # the following are just the most useful one # smtp: # host: localhost # port: 25 # secure: false # If true the connection will use TLS when connecting to server. If false it will be still possible doing connection upgrade via STARTTLS # ignoreTLS: false # If true TLS will be completely disabled, including STARTTLS. Set this to true if you see certificate errors in the logs. # auth: # user: username # pass: password # type: login # tls: # rejectUnauthorized: true # Reject unauthorized certificates # notifiedEmails: # default: # - admin@example.org # noc: # - joe@example.org # - seb@example.org # - file: reportSlack # channels: # - hijack # - newprefix # - visibility # - path # - misconfiguration # - rpki # - roa # params: # showPaths: 0 # Amount of AS_PATHs to report in the alert # colors: # hijack: '#d60b1c' # newprefix: '#fa9548' # visibility: '#fad648' # path: '#42cbf5' # rpki: '#d892f0' # roa: '#d892f0' # hooks: # default: _YOUR_SLACK_WEBHOOK_URL_ # noc: _YOUR_SLACK_WEBHOOK_URL_ # - file: reportKafka # channels: # - hijack # - newprefix # - visibility # - path # - misconfiguration # - rpki # - roa # params: # host: localhost # port: 9092 # topics: # default: bgpalerter # - file: reportSyslog # channels: # - hijack # - newprefix # - visibility # - path # - asn-monitor # - misconfiguration # - rpki # - roa # params: # host: 127.0.0.1 # port: 514 # transport: udp # templates: # See here how to write a template https://github.com/nttgin/BGPalerter/blob/main/docs/context.md # default: "++BGPalerter-3-${type}: ${summary}|${earliest}|${latest}" # hijack: "++BGPalerter-5-${type}: ${summary}|${prefix}|${description}|${asn}|${newprefix}|${neworigin}|${earliest}|${latest}|${peers}" # newprefix: "++BGPalerter-4-${type}: ${summary}|${prefix}|${description}|${asn}|${newprefix}|${neworigin}|${earliest}|${latest}|${peers}" # visibility: "++BGPalerter-5-${type}: ${summary}|${prefix}|${description}|${asn}|${earliest}|${latest}|${peers}" # misconfiguration: "++BGPalerter-3-${type}: ${summary}|${asn}|${prefix}|${earliest}|${latest}" # - file: reportAlerta # channels: # - hijack # - newprefix # - visibility # - path # - misconfiguration # - rpki # - roa # params: # severity: # hijack: critical # newprefix: informational # visibility: debug # path: trace # resourceTemplates: # See here how to write a template https://github.com/nttgin/BGPalerter/blob/main/docs/context.md # default: "${type}" # hijack: "hijack::${prefix}@@${asn}" # newprefix: "newprefix::${prefix}@@${asn}" # visibility: "visibility::${prefix}@@${asn}" # urls: # default: _YOUR_ALERTA_API_URL_ # noc: _YOUR_ALERTA_API_URL_ # - file: reportWebex # channels: # - hijack # - newprefix # - visibility # - path # - misconfiguration # - rpki # - roa # params: # hooks: # default: _YOUR_WEBEX_WEBHOOK_URL_ # noc: _YOUR_WEBEX_WEBHOOK_URL_ # - file: reportHTTP # channels: # - hijack # - newprefix # - visibility # - path # - misconfiguration # - rpki # - roa # params: # templates: # See here how to write a template https://github.com/nttgin/BGPalerter/blob/main/docs/context.md # default: '{"text": "${summary}"}' # headers: # isTemplateJSON: true # showPaths: 0 # Amount of AS_PATHs to report in the alert # hooks: # default: _YOUR_WEBHOOK_URL_ # noc: _YOUR_WEBHOOK_URL_ # - file: reportTelegram # channels: # - hijack # - newprefix # - visibility # - path # - misconfiguration # - rpki # - roa # params: # showPaths: 0 # Amount of AS_PATHs to report in the alert # botUrl: https://api.telegram.org/bot<_BOT_ID_>/sendMessage # chatIds: # default: _CHAT_ID_ # noc: _CHAT_ID_ # - file: reportPullAPI # channels: # - hijack # - newprefix # - visibility # - path # - misconfiguration # - rpki # - roa # params: # maxAlertsAmount: 25 ############################ # Notification settings: # - notificationIntervalSeconds # Defines the amount of seconds after which an alert can be repeated. An alert is repeated only if the event that # triggered it is not yet solved. # - persistStatus # Persist the status of BGPalerter. If the process is restarted, the list of alerts already sent is recovered # and they are not repeated. The process must be able to write on disc, this option will create a file inside .cache/ notificationIntervalSeconds: 86400 persistStatus: true ############################ # REST API settings: # - rest.host # The IP address the server will listen. The default value is localhost, this means the API will not be reachable # from another host. To make it public use null or 0.0.0.0. # - rest.port # The port the server will listen rest: host: localhost port: 8011 logging: directory: logs logRotatePattern: YYYY-MM-DD maxRetainedFiles: 10 maxFileSizeMB: 15 compressOnRotation: false useUTC: true checkForUpdatesAtBoot: true generatePrefixListEveryDays: 0 ############################ # Process monitoring settings: # Uncomment or add classes under processMonitors if you want to monitor or send logs about the status of the BGPalerter process #processMonitors: # - file: uptimeApi # params: # useStatusCodes: true # # - file: uptimeHealthcheck # params: # url: url_to_poll # intervalSeconds: 300 # method: get # # - file: sentryModule # params: # dsn: https://@sentry.io/ ############################ # The files containing the monitored prefixes. Please see prefixes.yml for an example. # This is an array (use new lines and dashes!) monitoredPrefixesFiles: - prefixes.yml ############################ # The file containing the user groups. # User groups can be specified # 1) directly above, in each report module; or # 2) inside an external file, as specified below (disabled by default). # Using an external file allows BGPalerter to auto-reload the user group definitions # when the external file is changed. # groupsFile: groups.yml.example ############################ # HTTP proxy setting: # Allow to run BGPalerter behind an HTTP/HTTPS proxy. # You can also specify which module can bypass the proxy. # More information here: https://github.com/nttgin/BGPalerter/blob/main/docs/http-proxy.md # httpProxy: http://username:password@127.0.0.1:9000 ############################ # RPKI settings: # Global RPKI settings shared across all monitors requiring RPKI data # More information here: https://github.com/nttgin/BGPalerter/blob/main/docs/rpki.md # # To enable ROA expiration alerts, you need VRPs including expiration timestamps. # "rpkiclient" is the default vrpProvider since is the only one supporting ROAs expiration data. rpki: vrpProvider: rpkiclient preCacheROAs: true refreshVrpListMinutes: 15 markDataAsStaleAfterMinutes: 120 ############################ # Advanced settings (Don't touch here!) # Please, refer to the documentation to know the meaning of the following parameters. alertOnlyOnce: false fadeOffSeconds: 360 checkFadeOffGroupsSeconds: 30 pidFile: bgpalerter.pid maxMessagesPerSecond: 6000 multiProcess: false environment: production configVersion: 2