Главная   Изменения   Спек   Патчи   Исходники   Загрузить   Gear   Bugs and FR  Repocop 

# -*- mode: sh -*-

# To fully understand options meaning see fprobe-ulog(8) and
# /etc/init.d/fprobe-ulog script. This setting works for me, customize
# for your needs please. Also, you can safely comment/delete (almost)
# any of following params. Compiled-in defaults will be used when
# possible. However, at least one collector definion is mandatory.

# If you really want to use package, don't forget to use something
# like following:
# iptables -I FORWARD -j ULOG
# iptables -I OUTPUT -j ULOG
# iptables -I INPUT -j ULOG
# and run some NetFlow collector (like flow-capture from same name
# package) to really dump NetFlow.

# ULOG group bitwise mask. [default=1]
#MASK=1

# How often scan for expired flows. [default=5]
# Unit is seconds
#SCAN_TIME=5

# Fragmented flow lifetime. [default=30]
# Unit is seconds
#LIFE_TIME=30

# Idle flow lifetime (inactive timer). [default=60]
# Unit is seconds
#IDLE_TIME=60

# Active flow lifetime (active timer). [default=300]
# Unit is seconds
#ACTIVE_TIME=300

# NetFlow version for use (1, 5, 7). [default=5]
#NF_VERSION=5

# Use address as source for NetFlow flow.
#SRC_IP="127.0.0.1"

# Interface name to SNMP-index conversion rules. Each rule consists of
# interface base name and SNMP-index base separated by colon (e.g.
# ppp:200). Final SNMP-index is sum of corresponding SNMP- index base
# and interface number. In the above example SNMP-index of interface
# ppp11 is 211.

# If interface name did not fit to any of conversion rules then
# SNMP-index will be taken from kernel.
# FIXME/TODO: add more interface types here.
CONV_RULES="eth:100,ppp:200"

# Use the netfilter mark as Type Of Service value [default=no]. Set to
# non-empty value to activate.
#USE_FWMARK_AS_TOS=1

# Memory bulk size. [default=200 or 10000]
# Note that maximum and default values depends on compiling options
# (--with-membulk parameter).
#BULK_SIZE=

# Memory limit for flows cache (0=no limit). [default=0]
# Units is kilobytes
#MEM_LIMIT_CACHE=0

# Pending queue length. [default=100]
# Each captured packet at first puts into special buffer called
# `pending queue'. Purpose of this buffer is to separate most
# time-critical packet capture thread from other.
QUEUE_LEN=10000

# Kernel capture buffer size (0=don't change). [default=0]
# Increase kernel capture buffer size is most adequate way to prevent
# packets loss. Note that maximum allowed size of the buffer in Linux
# limited and generally relatively small, so it should need to change
# the maximum: sysctl -w net/core/rmem_max=4194304
# Unit is kilobytes.
CAPTURE_BUFFER_SIZE=2048

# Real-time priority (0=disabled). [default=0]
# If parameter greater then zero fprobe-ulog will use real-time
# scheduling policy to prevent packets loss. Note that possible values
# for this option depends on operating system.
REALTIME=1

# Emitting rate limit (0:0=no limit). [default=0:0]
# Produce N nanosecond delay after each B bytes sent. This option may
# be useful with slow interfaces and slow collectors. Note that the
# suspension time may be longer than requested because the argument
# value is rounded up to an integer multiple of the sleep resolution
# (it depends on operating system and hardware) or because of the
# scheduling of other activity by the system.
RATE_LIMIT=10000:10000000

# Directory to chroot to (Will not be created if not exist!).
# Set to empty to disable chroot-ing.
CHROOT_TO=/var/lib/fprobe-ulog

# User to run as. User must have permissions to write pidfile to
# ${CHROOT_TO}/var/run
USER=nobody

# Maximum displayed log level. (0=EMERG, 1=ALERT, 2=CRIT, 3=ERR,
# 4=WARNING, 5=NOTICE, 6=INFO, 7=DEBUG) [default=6]
#VERBOSITY=6

# Log destination (0=none, 1=syslog, 2=stdout, 3=both) and log/pidfile
# identifier. [default=1]
# This option allows to select opportune log destination and process
# identifier. The identifier helps to dis tinguish pidfile and logs of
# one fprobe-ulog process from other.
# Note that if log destination contains `stdout' (equal 2 or 3)
# fprobe-ulog will run in foreground.
#LOG=1

########## Collector definion start ##########
# Generic form for define collector is "remote:port/local/type"
# local and type is optional.
# Parameters remote and port are respectively define address and port
# of the NetFlow collector.
# The local parameter allows binding certain local IP address with
# specified collector. If the parameter is omitted the value (if any)
# of -a option will be used.
# The type parameter determines emitting behavior. It may be `m' for
# mirroring (by default) and `r' for collec tors round-robin rotating.
# You may specify multiple collectors.

# I will define only one collector to work by default. Add raw
# command-args to ARGS to define your own (See fprobe-ulog(8) for
# details, again).

# Address of NetFlow collector. Default is localhost
COLLECTOR_ADDR=localhost

# Port of NetFlow collector. I set it to 5555 to work by default with
# my flow-capture package.
PORT=5555

# Local parameter (will override -a option if non-empty)
# Not used by me (yet)
LOCAL=

# Type parameter
# Not used by me (yet)
TYPE=

# You can override collector definion here:
# For example: 'COLLECTOR="192.168.22.11:23001/192.168.22.10/r"' will
# override COLLECTOR_ADDR and PORT params (cause LOCAL and TYPE not
# used by default).

COLLECTOR=$COLLECTOR_ADDR:$PORT

########## Collector definion end ##########

# Raw command-args (will be added in the end of program invocation)
ARGS=""