summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBenjamin Smee <strerror@gentoo.org>2005-10-10 00:16:45 +0000
committerBenjamin Smee <strerror@gentoo.org>2005-10-10 00:16:45 +0000
commit772a01ac5de272e9877914677c5c85474b139183 (patch)
treeced86691aa191483875fdb46b0285296cec5ac12 /net-analyzer/sancp/files
parentAdded ~amd64 keyword. (diff)
downloadgentoo-2-772a01ac5de272e9877914677c5c85474b139183.tar.gz
gentoo-2-772a01ac5de272e9877914677c5c85474b139183.tar.bz2
gentoo-2-772a01ac5de272e9877914677c5c85474b139183.zip
Added sguil_sancp.conf
(Portage version: 2.0.51.22-r3)
Diffstat (limited to 'net-analyzer/sancp/files')
-rw-r--r--net-analyzer/sancp/files/sguil_sancp.conf69
1 files changed, 69 insertions, 0 deletions
diff --git a/net-analyzer/sancp/files/sguil_sancp.conf b/net-analyzer/sancp/files/sguil_sancp.conf
new file mode 100644
index 000000000000..298a7b1a9043
--- /dev/null
+++ b/net-analyzer/sancp/files/sguil_sancp.conf
@@ -0,0 +1,69 @@
+# $Id: sguil_sancp.conf,v 1.1 2005/10/10 00:16:45 strerror Exp $ #
+#
+# This sancp.conf is distributed as part of sguil (http://sguil.sf.net).
+# It's purpose is to define a default output that is compatible with table
+# schema defined by sguil. Please read the README.sancp for more information
+#
+# sancp is copyrighted by John Curry and can be downloaded at:
+# www.metre.net/sancp.html
+#
+
+# SANCP VERSION 1.5.3
+
+# Currently, sguil only supports the 'stats' output and we want it in
+# timestamped fields
+default stats tsfilename stats
+
+# Time in seconds we write a new file if expired cnxs are available
+default flush_interval=30
+# This tells sancp to open new file handle, write, and close in one step
+default burst_mode=enable
+
+# Default timeout: how many secs to wait after the last packet till we consider the cnx closed
+default timeout=120
+
+# Conforms with out sguil sancp table schema
+format stats sancp_id,start_time_gmt,stop_time_gmt,duration,ip_proto,src_ip_decimal,src_port,dst_ip_decimal,dst_port,src_pkts,src_bytes,dst_pkts,dst_bytes,sflags,dflags
+
+# From here on you define what stats/cnxs/sessions/flows (whatever you
+# want to call it) get logged. Please read the sancp documention for
+# more information. Most of the below are examples of setting
+# variables for complex rules.
+
+var ip 8 # ether proto 0x0800 # ip traffic
+
+# define some ip protocols
+
+var icmp 1
+var tcp 6
+var udp 17
+
+# define some tcp protocols
+
+var http 80
+var https 443
+var smtp 25
+var dns 53
+
+var HOME_NET 127.0.0.1
+#var WWW_NET 192.168.1.0/24
+#var MAIL_SERVER 192.168.1.2
+#var MAIL_SERVER2 192.168.1.3
+
+
+# Default output logging for each connection
+# We don't use realtime or pcap logging at this point so we pass them
+default realtime=pass
+default pcap=pass
+
+# Here is where our "rules" start. We log all stats by default
+# so this is defining exceptions.
+#
+# first six fields are required before rule options can be used
+#
+# eth_proto src_ip dst_ip ip_proto src_port dst_port
+#
+
+# Here is an example if ignoring outbound HTTP stats.
+#ip HOME_NET any tcp any http, stats pass
+#ip HOME_NET any tcp any https, stats pass