Community Annotations
Hijack alerts can be optionally annotated with an additional user-defined tag, that is assigned automatically based on the communities that are present in the hijack BGP updates.
Sample configuration snippet (note that reserved keywords are marked in bold; the annotations themselves are user-specific, therefore not reserved):
- prefixes: - ... - ... origin_asns: - ... - ... neighbors: - ... - ... community_annotations: - critical: - in: - 'asn:value' - ... out: - ... - ... - in: - ... - medium: - in: - ... - ... out: - ... - ... - low: - out: - ...
Logic: For an incoming BGP update, for each possible annotation, check if:
in_communities <= bgp_update_communities and out_communities.isdisjoint(bgp_update_communities)
Note the the community annotation can be used in concert with logging customization, by editing the related .env variable HIJACK_LOG_FILTER
. As an example:
HIJACK_LOG_FILTER=[{"community_annotation":"critical"},{"community_annotation":"NA"}]