fprobe-ulog.confd 1.56 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68
# Config file for /etc/init.d/fprobe
DAEMON=/usr/sbin/fprobe-ulog

# Do we want the interface in promiscous mode [yes/no]
#PROMISC=no

# If configured, only capture packets matching this tcpdump expression
#FILTER=""

# Flow state timers
#TIMER_EXPIRED=5
#TIMER_FRAGMENTED=30
#TIMER_IDLE=60
#TIMER_ACTIVE=300

# This is the default and should be left unless you know what you are doing
#FLOW_VER=5

# local ip. if configured fprobe will use this as the source IP for sending ALL flow data
# If you want to specify a specific source address per collecter, customize it below
#LOCALIP=

# SNMP iface id
SNMP_IFACE="${IFACE//eth}"

# Maximum number of concurrent flows to track
# using a specified amount of memory
#MEMBULK=10000
#MEMLIMIT=

# Pending queue
#PENDING=100

# Kernel capture buffer size (kB)
#KERNBUF=1024

# Realtime priority [0=disabled, 1..99]
#RTPRIO=0

# Delay N nanoseconds after each B bytes
#DELAY="0:0"

# How much of the start of each packet to grab
#SNAPLEN=256

# chroot() to this location after startup
CHROOT="/var/empty"

# User to run as. must have perms to the pidfile directory /var/run/fprobe/
USER=nobody

# logging level for syslog (0=EMERG, ..., 6=INFO, 7=DEBUG)
#LOGLEVEL=6

# If you want to run multiple instances of fprobe,
# You MUST set this variable to a unique INTEGER for each one!
PIDFILE_ID=''

# remote ip. this is where we send flows
REMOTEIP=127.0.0.1
# port to listen on
PORT=2055
# Collector type, see the manpage for valid types
TYPE=''

# If you want multiple collectors, just specify each one here
COLLECTORS="${REMOTEIP}:${PORT}/${LOCALIP}/${TYPE}"