diff options
author | Benjamin Smee <strerror@gentoo.org> | 2005-10-10 00:16:45 +0000 |
---|---|---|
committer | Benjamin Smee <strerror@gentoo.org> | 2005-10-10 00:16:45 +0000 |
commit | 772a01ac5de272e9877914677c5c85474b139183 (patch) | |
tree | ced86691aa191483875fdb46b0285296cec5ac12 /net-analyzer/sancp/files | |
parent | Added ~amd64 keyword. (diff) | |
download | gentoo-2-772a01ac5de272e9877914677c5c85474b139183.tar.gz gentoo-2-772a01ac5de272e9877914677c5c85474b139183.tar.bz2 gentoo-2-772a01ac5de272e9877914677c5c85474b139183.zip |
Added sguil_sancp.conf
(Portage version: 2.0.51.22-r3)
Diffstat (limited to 'net-analyzer/sancp/files')
-rw-r--r-- | net-analyzer/sancp/files/sguil_sancp.conf | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/net-analyzer/sancp/files/sguil_sancp.conf b/net-analyzer/sancp/files/sguil_sancp.conf new file mode 100644 index 000000000000..298a7b1a9043 --- /dev/null +++ b/net-analyzer/sancp/files/sguil_sancp.conf @@ -0,0 +1,69 @@ +# $Id: sguil_sancp.conf,v 1.1 2005/10/10 00:16:45 strerror Exp $ # +# +# This sancp.conf is distributed as part of sguil (http://sguil.sf.net). +# It's purpose is to define a default output that is compatible with table +# schema defined by sguil. Please read the README.sancp for more information +# +# sancp is copyrighted by John Curry and can be downloaded at: +# www.metre.net/sancp.html +# + +# SANCP VERSION 1.5.3 + +# Currently, sguil only supports the 'stats' output and we want it in +# timestamped fields +default stats tsfilename stats + +# Time in seconds we write a new file if expired cnxs are available +default flush_interval=30 +# This tells sancp to open new file handle, write, and close in one step +default burst_mode=enable + +# Default timeout: how many secs to wait after the last packet till we consider the cnx closed +default timeout=120 + +# Conforms with out sguil sancp table schema +format stats sancp_id,start_time_gmt,stop_time_gmt,duration,ip_proto,src_ip_decimal,src_port,dst_ip_decimal,dst_port,src_pkts,src_bytes,dst_pkts,dst_bytes,sflags,dflags + +# From here on you define what stats/cnxs/sessions/flows (whatever you +# want to call it) get logged. Please read the sancp documention for +# more information. Most of the below are examples of setting +# variables for complex rules. + +var ip 8 # ether proto 0x0800 # ip traffic + +# define some ip protocols + +var icmp 1 +var tcp 6 +var udp 17 + +# define some tcp protocols + +var http 80 +var https 443 +var smtp 25 +var dns 53 + +var HOME_NET 127.0.0.1 +#var WWW_NET 192.168.1.0/24 +#var MAIL_SERVER 192.168.1.2 +#var MAIL_SERVER2 192.168.1.3 + + +# Default output logging for each connection +# We don't use realtime or pcap logging at this point so we pass them +default realtime=pass +default pcap=pass + +# Here is where our "rules" start. We log all stats by default +# so this is defining exceptions. +# +# first six fields are required before rule options can be used +# +# eth_proto src_ip dst_ip ip_proto src_port dst_port +# + +# Here is an example if ignoring outbound HTTP stats. +#ip HOME_NET any tcp any http, stats pass +#ip HOME_NET any tcp any https, stats pass |