diff options
Diffstat (limited to 'net-analyzer')
-rw-r--r-- | net-analyzer/sancp/ChangeLog | 5 | ||||
-rw-r--r-- | net-analyzer/sancp/files/sguil_sancp.conf | 69 |
2 files changed, 73 insertions, 1 deletions
diff --git a/net-analyzer/sancp/ChangeLog b/net-analyzer/sancp/ChangeLog index 74d2feb4378d..abbe81a9dffe 100644 --- a/net-analyzer/sancp/ChangeLog +++ b/net-analyzer/sancp/ChangeLog @@ -1,6 +1,9 @@ # ChangeLog for net-analyzer/sancp # Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/sancp/ChangeLog,v 1.1 2005/10/08 13:52:29 strerror Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/sancp/ChangeLog,v 1.2 2005/10/10 00:16:45 strerror Exp $ + + 10 Oct 2005; Benjamin Smee <strerror@gentoo.org> +files/sguil_sancp.conf: + Added sguil_sancp.conf *sancp-1.6.1 (08 Oct 2005) diff --git a/net-analyzer/sancp/files/sguil_sancp.conf b/net-analyzer/sancp/files/sguil_sancp.conf new file mode 100644 index 000000000000..298a7b1a9043 --- /dev/null +++ b/net-analyzer/sancp/files/sguil_sancp.conf @@ -0,0 +1,69 @@ +# $Id: sguil_sancp.conf,v 1.1 2005/10/10 00:16:45 strerror Exp $ # +# +# This sancp.conf is distributed as part of sguil (http://sguil.sf.net). +# It's purpose is to define a default output that is compatible with table +# schema defined by sguil. Please read the README.sancp for more information +# +# sancp is copyrighted by John Curry and can be downloaded at: +# www.metre.net/sancp.html +# + +# SANCP VERSION 1.5.3 + +# Currently, sguil only supports the 'stats' output and we want it in +# timestamped fields +default stats tsfilename stats + +# Time in seconds we write a new file if expired cnxs are available +default flush_interval=30 +# This tells sancp to open new file handle, write, and close in one step +default burst_mode=enable + +# Default timeout: how many secs to wait after the last packet till we consider the cnx closed +default timeout=120 + +# Conforms with out sguil sancp table schema +format stats sancp_id,start_time_gmt,stop_time_gmt,duration,ip_proto,src_ip_decimal,src_port,dst_ip_decimal,dst_port,src_pkts,src_bytes,dst_pkts,dst_bytes,sflags,dflags + +# From here on you define what stats/cnxs/sessions/flows (whatever you +# want to call it) get logged. Please read the sancp documention for +# more information. Most of the below are examples of setting +# variables for complex rules. + +var ip 8 # ether proto 0x0800 # ip traffic + +# define some ip protocols + +var icmp 1 +var tcp 6 +var udp 17 + +# define some tcp protocols + +var http 80 +var https 443 +var smtp 25 +var dns 53 + +var HOME_NET 127.0.0.1 +#var WWW_NET 192.168.1.0/24 +#var MAIL_SERVER 192.168.1.2 +#var MAIL_SERVER2 192.168.1.3 + + +# Default output logging for each connection +# We don't use realtime or pcap logging at this point so we pass them +default realtime=pass +default pcap=pass + +# Here is where our "rules" start. We log all stats by default +# so this is defining exceptions. +# +# first six fields are required before rule options can be used +# +# eth_proto src_ip dst_ip ip_proto src_port dst_port +# + +# Here is an example if ignoring outbound HTTP stats. +#ip HOME_NET any tcp any http, stats pass +#ip HOME_NET any tcp any https, stats pass |