/* ** $Id: example-iplog.conf,v 1.1 2000/07/03 18:32:42 odin Exp $ ** ** Example iplog configuration file. ** Edit me and copy me to /etc/iplog.conf ** ** See iplog.conf(5) for details on syntax and a full description ** of available options. */ # Run as user "nobody." user nobody # Run with group "nobody." group nogroup # # Log to file or syslog, not both # # Log to /var/log/iplog logfile /var/log/iplog # Use the syslog(3) facility log_daemon. #facility log_daemon # Use the syslog(3) priority (level) log_info. #priority log_info # Log the IP address as well as the hostname of packets. set log_ip false # Do not log the destination of packets. set log_dest false # Use custom DNS cache set dns_cache true # Listen on eth0 and eth1 #interface eth0,eth1 #interface eth0 # Operate in promiscuous mode and watch the 192.168.0.x network # promisc 192.168.0.0/24 # Resolve ip addresses set udp_resolve true set tcp_resolve true set icmp_resolve true # Ignore DNS traffic from nameservers in /etc/resolv.conf. set ignore_dns true # Perform ident lookup on connections for listening port # note: not compatible with promisc flag set get_ident false # Log vanilla TCP, UDP, and ICMP set tcp true set udp true set icmp true # Detect port scans set fin_scan true set udp_scan true set portscan true set xmas_scan true set null_scan true # Try to fool nmap's OS detection set fool_nmap true # Detect attacks set frag true set smurf true set bogus true set syn_flood true set ping_flood true # Enable detecting only scans and floods set scans_only false # Detect traceroute set traceroute true # Ignore ntp ignore tcp dport 123 ignore udp dport 123 # Ignore ftp-data connections from to ports 1024 and above. ignore tcp dport 1024: sport 20 # Ignore WWW connections, if you're running a WWW server. #ignore tcp dport 80 # Ignore ICMP unreach. ignore icmp type unreach # Ignore all ICMP except ICMP echo packets. #ignore icmp type !echo # Ignore UDP traffic from the 127.1.2 network #ignore udp from 127.1.2/24 # or #ignore udp from 127.1.2/255.255.255.0