Added sguil_sancp.conf

Package-Manager: portage-2.0.51.22-r3

3 files changed, 75 insertions, 2 deletions

diff --git a/net-analyzer/sancp/ChangeLog b/net-analyzer/sancp/ChangeLog
index 74d2feb4378d..abbe81a9dffe 100644
--- a/net-analyzer/sancp/ChangeLog
+++ b/net-analyzer/sancp/ChangeLog
@@ -1,6 +1,9 @@
 # ChangeLog for net-analyzer/sancp
 # Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/sancp/ChangeLog,v 1.1 2005/10/08 13:52:29 strerror Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/sancp/ChangeLog,v 1.2 2005/10/10 00:16:45 strerror Exp $
+
+  10 Oct 2005; Benjamin Smee <strerror@gentoo.org> +files/sguil_sancp.conf:
+  Added sguil_sancp.conf
 
 *sancp-1.6.1 (08 Oct 2005)
 
diff --git a/net-analyzer/sancp/Manifest b/net-analyzer/sancp/Manifest
index 92adfc9d27d6..6462787fc0d4 100644
--- a/net-analyzer/sancp/Manifest
+++ b/net-analyzer/sancp/Manifest
@@ -1,6 +1,7 @@
 MD5 dcbac3909ccb1f3db2270023669e8e4c sancp-1.6.1.ebuild 1406
-MD5 8f165305da87ad300f768c0f85985e2d ChangeLog 418
+MD5 67e6253e9839e165ca8a1df00c2e3028 ChangeLog 520
 MD5 277c9d1d9522b7e2519bd07c003dc700 metadata.xml 238
 MD5 5b34fcdc64bdbee4ab2ccaa57e72bc3e files/sancp.rc1 967
 MD5 d58263b185630aa4738adbd4d79e0cbb files/sancp.confd 275
+MD5 3b34df10774a182a4cc3b848c35ccc94 files/sguil_sancp.conf 2133
 MD5 5a29e0856415b398e93b6aa72172fa50 files/digest-sancp-1.6.1 62
diff --git a/net-analyzer/sancp/files/sguil_sancp.conf b/net-analyzer/sancp/files/sguil_sancp.conf
new file mode 100644
index 000000000000..298a7b1a9043
--- /dev/null
+++ b/net-analyzer/sancp/files/sguil_sancp.conf
@@ -0,0 +1,69 @@
+# $Id: sguil_sancp.conf,v 1.1 2005/10/10 00:16:45 strerror Exp $ #
+#
+# This sancp.conf is distributed as part of sguil (http://sguil.sf.net).
+# It's purpose is to define a default output that is compatible with table
+# schema defined by sguil. Please read the README.sancp for more information
+#
+# sancp is copyrighted by John Curry and can be downloaded at:
+# www.metre.net/sancp.html
+#
+
+# SANCP VERSION 1.5.3
+
+# Currently, sguil only supports the 'stats' output and we want it in
+# timestamped fields
+default stats tsfilename stats
+
+# Time in seconds we write a new file if expired cnxs are available
+default flush_interval=30
+# This tells sancp to open new file handle, write, and close in one step
+default burst_mode=enable
+
+# Default timeout: how many secs to wait after the last packet till we consider the cnx closed
+default timeout=120
+				
+# Conforms with out sguil sancp table schema
+format stats sancp_id,start_time_gmt,stop_time_gmt,duration,ip_proto,src_ip_decimal,src_port,dst_ip_decimal,dst_port,src_pkts,src_bytes,dst_pkts,dst_bytes,sflags,dflags
+
+# From here on you define what stats/cnxs/sessions/flows (whatever you 
+# want to call it) get logged. Please read the sancp documention for 
+# more information. Most of the below are examples of setting 
+# variables for complex rules.
+
+var ip 8                # ether proto 0x0800  # ip traffic
+
+# define some ip protocols
+
+var icmp 1
+var tcp 6
+var udp 17
+
+# define some tcp protocols
+
+var http 80
+var https 443
+var smtp 25
+var dns 53
+
+var HOME_NET 127.0.0.1
+#var WWW_NET 192.168.1.0/24
+#var MAIL_SERVER 192.168.1.2
+#var MAIL_SERVER2 192.168.1.3
+
+
+# Default output logging for each connection
+# We don't use realtime or pcap logging at this point so we pass them
+default realtime=pass
+default pcap=pass
+
+# Here is where our "rules" start. We log all stats by default
+# so this is defining exceptions.
+#
+# first six fields are required before rule options can be used
+#
+#     eth_proto src_ip dst_ip ip_proto src_port dst_port
+#
+
+# Here is an example if ignoring outbound HTTP stats.
+#ip HOME_NET any tcp any http, stats pass
+#ip HOME_NET any tcp any https, stats pass