1
0
mirror of https://github.com/pavel-odintsov/fastnetmon synced 2024-11-23 17:32:59 +01:00

Merge pull request #404 from henry-spanka/patch-1

Closes #403 - remove white spaces from configuration file
This commit is contained in:
Pavel Odintsov 2015-09-10 16:45:30 +03:00
commit df976fdd93

@ -24,12 +24,12 @@ process_outgoing_traffic = on
# How much packets we will collect from attack's traffic
ban_details_records_count = 500
# How long (in seconds) we should keep IP in blocked state
# How long (in seconds) we should keep IP in blocked state
# If you set 0 here it completely disables unban capability
ban_time = 1900
# We could check 'is attack still going' before triggering unban callback with this option
# If attack still going we will check it each run of unban watchdog
# If attack still going we will check it each run of unban watchdog
unban_only_if_attack_finished = on
# With this variable you could enable per subnet speed meters
@ -39,7 +39,7 @@ enable_subnet_counters = off
# In this file you should list all your networks in CIDR format
networks_list_path = /etc/networks_list
# In this file you could list networks in CIDR format which will be not monitored for attacks
# In this file you could list networks in CIDR format which will be not monitored for attacks
white_list_path = /etc/networks_whitelist
# How often we redraw client's screen
@ -75,7 +75,7 @@ mirror_netmap = off
# SnabbSwitch traffic capture
mirror_snabbswitch = off
# AF_PACKET capture engine
# AF_PACKET capture engine
# Please use it only with modern Linux kernels (3.6 and more)
# And please install birq for irq ditribution over cores
mirror_afpacket = off
@ -86,7 +86,7 @@ interfaces_snabbswitch = 0000:04:00.0,0000:04:00.1,0000:03:00.0,0000:03:00.1
# Port mirroring could be sampled
netmap_sampling_ratio = 1
# This option should be enabled if you are using Juniper with mirroring of first X bytes of packet: maximum-packet-length 110;
# This option should be enabled if you are using Juniper with mirroring of first X bytes of packet: maximum-packet-length 110;
netmap_read_packet_length_from_ip_header = off
# Pcap mode, very slow not suitable for production
@ -118,12 +118,12 @@ netflow_port = 2055
netflow_host = 0.0.0.0
# For bind to all interfaces for all protocols: not possible now
# For bind to all interfaces for specific protocol: :: or 0.0.0.0
# For bind to all interfaces for specific protocol: :: or 0.0.0.0
# For bind to localhost for specific protocol: ::1 or 127.0.0.1
# Netflow v9 and IPFIX agents uses different and very complex approaches for notifying about sample ratio
# Here you could specify sampling ratio for all this agents
# For NetFLOW v5 we extract sampling ratio from packets directely and this option not used
# For NetFLOW v5 we extract sampling ratio from packets directely and this option not used
netflow_sampling_ratio = 1
# In some cases with NetFlow we could get huge bursts related to aggregated data nature
@ -149,10 +149,10 @@ sflow_host = 0.0.0.0
### Actions when attack detected
###
# This script executed for ban, unban and atatck detailes collection
# This script executed for ban, unban and atatck detailes collection
notify_script_path = /usr/local/bin/notify_about_attack.sh
# With this flag we will pass attack details to notify_script with stdin
# With this flag we will pass attack details to notify_script with stdin
# We pass details only in case of "ban" call
# No details passed for "unban" call
notify_script_pass_details = on
@ -186,7 +186,7 @@ exabgp_community = 65001:666
# exabgp_community = [65001:666 65001:777]
# Also we could specify different communities for host and subnet announces
# exabgp_community_subnet = 65001:667
# exabgp_community_subnet = 65001:667
# exabgp_community_host = 65001:668
exabgp_next_hop = 10.0.3.114
@ -201,7 +201,7 @@ exabgp_announce_whole_subnet = off
# Announce Flow Spec rules when we could detect certain attack type
# Please we aware! Flow Spec announce triggered when we collect some details about attack,
# i.e. when we call attack_details script
# i.e. when we call attack_details script
# Please disable exabgp_announce_host and exabgp_announce_whole_subnet if you want this feature
# Please use ExaBGP v4 only (Git version), for more details: https://github.com/FastVPSEestiOu/fastnetmon/blob/master/docs/BGP_FLOW_SPEC.md
exabgp_flow_spec_announces = off
@ -217,11 +217,11 @@ graphite_port = 2003
graphite_prefix = fastnetmon
# With this option enabled we could add local IP addresses and aliases to monitoring list
# Works only for Linux
# Works only for Linux
monitor_local_ip_addresses = on
# We could create group of hosts with non standard thresholds
# You should create this groups before (in configuration file) specifying any limits
# You should create this groups before (in configuration file) specifying any limits
hostgroup = my_hosts:10.10.10.221/32,10.10.10.222/32
# Configure this group
@ -241,5 +241,5 @@ my_hosts_threshold_flows = 3500
# Field used for sorting in client, could be: packets, bytes or flows
sort_parameter = packets
# How much IP's we will list for incoming and outgoing channel eaters
# How much IP's we will list for incoming and outgoing channel eaters
max_ips_in_list = 7