Sophie

Sophie

distrib > Mandriva > 9.1 > i586 > by-pkgid > 329d351f5b738af7fbe87388b67ad3f8 > files > 1

fwlogwatch-0.9-1mdk.i586.rpm

# $Id: fwlogwatch.config,v 1.47 2002/07/25 15:47:46 bw Exp $
#
# Sample fwlogwatch configuration file
#
# The values filled in or mentioned in the description are the default values,
# you only need to uncomment an option if you change it's value.
# Valid parameters to binary options are on/yes/true and off/no/false.
# Whitespace and comments are ignored anywhere in the file, case does not
# matter.


### Include files ###
# The option 'include_file' can be used to include external configuration
# files.
#
#include_file =


### Global options ###
# Use 'verbose' if you want extra information and log messages.
# Use it twice for even more info. fwlogwatch is quiet by default.
# Command line option: -v
#
#verbose = no
#verbose = no

# Use 'resolve_hosts' if you want IP addresses looked up in the DNS (slow).
# 'resolve_services' enables lookup of port numbers in /etc/services.
# Command line options: -n / -N
#
#resolve_hosts = no
#resolve_services = no

# Specify the input file if you don't want to use the default. Compressed
# files (gzip) are supported. You can use '-' for standard input (stdin).
# In realtime response mode the daemon needs the full path to the file.
# Command line option: -f <file>
#
#input = /var/log/messages


### Evaluation options ###
# You can select which parsers you want to use if you don't want fwlogwatch
# to check for all known log formats. You can choose one or a combination
# of:
#
# i ipchains
# n netfilter
# f ipfilter
# c Cisco IOS
# p Cisco PIX
# e NetScreen
# w Windows XP
# l Elsa Lancom
# s Snort
#
# Command line option: -P <format>
#
#parser = infcp

# The following six options define which criteria will be considered when
# comparing logged packets. You can turn off the source or destination IP
# address distinction ('src_ip'/'dst_ip') or activate the protocol, source
# and destination port and TCP option distinction
# ('protocol'/'src_port'/'dst_port'/'tcp_opts').
# Command line options: -S / -D / -p / -s / -d / -y
#
#src_ip = on
#dst_ip = on
#protocol = off
#src_port = off
#dst_port = off
#tcp_opts = off

# The following eight options permit to select and/or exclude certain
# hosts or ports, multiple instances of the rules are permitted. Source
# and destination hosts and ports are differentiated.
#
#exclude_src_host =
#exclude_src_port =
#exclude_dst_host =
#exclude_dst_port =
#include_src_host =
#include_src_port =
#include_dst_host =
#include_dst_port =

# The following four options permit to include and/or exclude chain and
# branch (target) strings such as "input", "forward", "output" and
# "accept", "deny", "pass", "block", "p", etc. Use one string per line
# without quotes. Including a string causes all others to be excluded.
#
#exclude_chain =
#include_chain =
#exclude_branch =
#include_branch =


### Sorting options ###
# Since the sort algorithm used is stable you can sort several times,
# entries that are equal for the primary criteria will be sorted by the
# next criteria. The sort string can be composed of 11 fields of the form
# 'ab' where 'a' is the sort criteria:
#
# c count
# t start time
# e end time
# z duration
# n target name
# p protocol
# b byte count
# S source host
# s source port
# D destination host
# d destination port
#
# and 'b' the order:
#
# a ascending
# d descending
#
# Sorting is done in the given sequence, so the last option is the primary
# criteria. If you don't use the 'sort_order' option the summary mode
# default 'tacd' will be used (start with the highest count, if two counts
# match list the one earlier in time first), of which 'ta' is built in, so
# if you specify an empty sort string or everything else is equal entries
# will be sorted ascending by time. In realtime response mode the default
# is 'cd'.
#
# Command line option: -O <order>
#
#sort_order =


### Output options ###
# With the option 'title' you can change the title of the summary and the
# status page and the subject of summaries sent by email.
# The default title in summary mode is 'fwlogwatch summary' and in realtime
# response mode it is 'fwlogwatch status'.
#
#title =

# With the option 'stylesheet' you can make fwlogwatch omit the inline CSS
# used to define the page colors and reference an external stylesheet.
#
#stylesheet =

# With the following four options you can customize the colors of the HTML
# output (summary and realtime response status page), use the RGB value
# with '#' or directly one of the 16 basic HTML color names (aqua black
# blue fuchsia gray green lime maroon navy olive purple red silver teal
# white yellow).
#
#textcolor = white
#bgcolor = black
#rowcolor1 = #555555
#rowcolor2 = #333333


### Log summary mode ###
# Use 'data_amount' if you want so see the sum of total packet lengths for
# each entry (this obviously only works with log formats that contain this
# information).
# Command line option: -b
#
#data_amount = no

# Use 'start_times' and/or 'last times' if you want to see the timestamp
# of the first and/or last logged packet of each entry.
# Command line options: -t / -e
#
#start_times = no
#end_times = no

# Use 'duration' if you want to see the time interval between the first and
# the last connection attempt of the current entry.
# Command line option: -z
#
#duration = no

# Use 'html' to enable HTML output.
# Command line option: -w
#
#html = no

# Specify the name of an output file
# Command line option: -o <file>
#
#output =

# Use 'recent' to ignore events older than a certain time (off by default).
# The default unit is seconds.
# Units: m = minutes, h = hours, d = days, w = weeks, M = months, y = years.
# Command line option: -l <time>
#
#recent =

# Use 'at_least' to hide entries that have a small number of counts (useful
# when analyzing large log files).
# Command line option: -m <count>
#
#at_least = 1

# Use 'maximum' to limit the number of entries shown (e.g. for a "top 20"),
# restricted by the 'at_least' option. Zero shows all entries.
# Command line option: -M <number>
#
#maximum = 0

# Use 'whois_lookup' if you want information about the source IP addresses
# looked up in the whois database (this is slow, please don't stress the
# registry with too many queries).
# Command line option: -W
#
#whois_lookup = no


### Interactive report mode ###
# Use 'interactive' to turn this mode on, a summary of entries that exceed
# the threshold will be shown first, then you will be presented with each
# report and options to modify and send it.
# Command line option: -i <count>
#
#interactive =

# Use 'sender' to specify your email address for abuse reports.
# The default is <user>@<hostname>.
# Command line option: -F <email>
#
#sender =

# Use 'recipient' to specify the email address of the abuse contact or CERT
# you want to send reports to. If used in log summary mode the summary will
# be sent to this address by email (in plain text or HTML as selected with
# the -w option and the content of the title option as subject).
# Command line option: -T <email>
#
#recipient =

# You can use 'cc' to send a carbon copy of the report (e.g. to you for
# your archives or a second abuse or CERT contact).
# Command line option: -C <email>
#
#cc =

# Use 'template' to specify the template file you want to use to surround
# the report if you don't want to use the default.
# The line '# insert report here' in the template will be
# replaced with the report.
# Command line option: -I <file>
#
#template = /etc/fwlogwatch.template


### Realtime response mode ###
# Use 'realtime_response' to turn this mode on. You can change the
# configuration file while fwlogwatch is running and have it reread it
# by sending the HUP signal.
# Command line option: -R
#
#realtime_response = no

# If 'ipchains_check' is activated (and the ipchains parser is selected),
# fwlogwatch will verify that ipchains rules are set up correctly.
#
#ipchains_check = no

# With the 'pidfile' option you can specify a file fwlogwatch will use to
# keep it's PID so it can receive signals from scripts. If not specified it
# will not be created.
# Suggested value: /var/run/fwlogwatch.pid
#
#pidfile =

# Use the 'run_as' option to make fwlogwatch capable of binding a
# privileged port and opening a protected log file as root and then (as
# daemon) change it's user and group ID to a non-privileged user (a security
# feature). Please note that reopening a protected log file (e.g. after a
# kill -USR1) will not be possible once privileges are released. Also
# remember that you can use fwlogwatch without status web server or with an
# unprivileged port and with enough permissions to read a log file to run it
# entirely as user, but you will not be able to execute response scripts
# that need root privileges (e.g. to modify a firewall).
# Suggested value: nobody
#
#run_as =

# Use 'alert_threshold' to define how many connections must happen (within
# the 'forget' time range) to activate an alert/response.
# Command line option: -a <count>
#
#alert_threshold = 5

# Use the option 'recent' as in log summary mode above to control how long
# an event should be relevant. After the specified time it is forgotten and
# if another connection attempt is started it is treated as new. The default
# for 'recent' in realtime response mode is 1 day.
# Command line option: -l
#
#recent =

# An alert is logged to syslog by default, you can add predefined and/or
# custom notification and response functions using the fwlw_notify and
# fwlw_respond scripts that are executed if 'notify' and 'respond'
# respectively are specified here.
# Command line options: -A / -B
#
#notify = no
#respond = no

# Alternative paths for the notification and response scripts can be
# specified with the 'notification_script' and 'response_script' options.
#
#notification_script = /usr/local/sbin/fwlw_notify
#response_script = /usr/local/sbin/fwlw_respond

# Known hosts are those that will not be warned about or actions taken
# against, even if they match the alert/response criteria.
# Use 'known_host' for your trusted gateways, peers and DNS servers (this
# is an anti-spoofing measure). You can specify single IP addresses or
# networks in CIDR notation (e.g. 192.168.1.0/24).
# Command line option: -k <IP/net>
#
#known_host =
#known_host =

# You can see which hosts fwlogwatch knows about and which ones it is
# watching at any time through it's web interface. Use the 'server_status'
# option to activate the web server in fwlogwatch, 'bind_to' is the IP
# address of the interface to be bound (defaults to the local host, 0.0.0.0
# means all), 'listen_port' is the port it will listen on. 'listen_to'
# allows to restrict access to a single IP address. fwlogwatch will want to
# authenticate the user, that's what 'status_user' and 'status_password'
# are for. The password must be a standard Unix DES encrypted password
# including salt, you can for example use
# htpasswd -nb user password
# to generate one. Finally, 'refresh' activates automatic reloading of the
# status page, the parameter is the time in seconds.
# Command line option: -X
#
#server_status = no
#bind_to = 127.0.0.1
#listen_port = 888
#listen_to =
#status_user = admin
#status_password = 2fi4nEVVz0IXo
#refresh =


### Show log times mode ###
# Use this mode to display the number of lines and the time of the first and
# last entry in a log file. Unlike the summary mode report this does not show
# the time of the first and last packet log entry but the time of the first
# and last entry overall. No other action is performed. Compressed files
# (gzip) are supported.
# Command line option: -L <file>
#
#show_log_times =


### EOF ###

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional