mirror of
https://github.com/pavel-odintsov/fastnetmon
synced 2024-11-23 17:32:59 +01:00
Merge pull request #404 from henry-spanka/patch-1
Closes #403 - remove white spaces from configuration file
This commit is contained in:
commit
df976fdd93
@ -24,12 +24,12 @@ process_outgoing_traffic = on
|
||||
# How much packets we will collect from attack's traffic
|
||||
ban_details_records_count = 500
|
||||
|
||||
# How long (in seconds) we should keep IP in blocked state
|
||||
# How long (in seconds) we should keep IP in blocked state
|
||||
# If you set 0 here it completely disables unban capability
|
||||
ban_time = 1900
|
||||
|
||||
# We could check 'is attack still going' before triggering unban callback with this option
|
||||
# If attack still going we will check it each run of unban watchdog
|
||||
# If attack still going we will check it each run of unban watchdog
|
||||
unban_only_if_attack_finished = on
|
||||
|
||||
# With this variable you could enable per subnet speed meters
|
||||
@ -39,7 +39,7 @@ enable_subnet_counters = off
|
||||
# In this file you should list all your networks in CIDR format
|
||||
networks_list_path = /etc/networks_list
|
||||
|
||||
# In this file you could list networks in CIDR format which will be not monitored for attacks
|
||||
# In this file you could list networks in CIDR format which will be not monitored for attacks
|
||||
white_list_path = /etc/networks_whitelist
|
||||
|
||||
# How often we redraw client's screen
|
||||
@ -75,7 +75,7 @@ mirror_netmap = off
|
||||
# SnabbSwitch traffic capture
|
||||
mirror_snabbswitch = off
|
||||
|
||||
# AF_PACKET capture engine
|
||||
# AF_PACKET capture engine
|
||||
# Please use it only with modern Linux kernels (3.6 and more)
|
||||
# And please install birq for irq ditribution over cores
|
||||
mirror_afpacket = off
|
||||
@ -86,7 +86,7 @@ interfaces_snabbswitch = 0000:04:00.0,0000:04:00.1,0000:03:00.0,0000:03:00.1
|
||||
# Port mirroring could be sampled
|
||||
netmap_sampling_ratio = 1
|
||||
|
||||
# This option should be enabled if you are using Juniper with mirroring of first X bytes of packet: maximum-packet-length 110;
|
||||
# This option should be enabled if you are using Juniper with mirroring of first X bytes of packet: maximum-packet-length 110;
|
||||
netmap_read_packet_length_from_ip_header = off
|
||||
|
||||
# Pcap mode, very slow not suitable for production
|
||||
@ -118,12 +118,12 @@ netflow_port = 2055
|
||||
netflow_host = 0.0.0.0
|
||||
|
||||
# For bind to all interfaces for all protocols: not possible now
|
||||
# For bind to all interfaces for specific protocol: :: or 0.0.0.0
|
||||
# For bind to all interfaces for specific protocol: :: or 0.0.0.0
|
||||
# For bind to localhost for specific protocol: ::1 or 127.0.0.1
|
||||
|
||||
# Netflow v9 and IPFIX agents uses different and very complex approaches for notifying about sample ratio
|
||||
# Here you could specify sampling ratio for all this agents
|
||||
# For NetFLOW v5 we extract sampling ratio from packets directely and this option not used
|
||||
# For NetFLOW v5 we extract sampling ratio from packets directely and this option not used
|
||||
netflow_sampling_ratio = 1
|
||||
|
||||
# In some cases with NetFlow we could get huge bursts related to aggregated data nature
|
||||
@ -149,10 +149,10 @@ sflow_host = 0.0.0.0
|
||||
### Actions when attack detected
|
||||
###
|
||||
|
||||
# This script executed for ban, unban and atatck detailes collection
|
||||
# This script executed for ban, unban and atatck detailes collection
|
||||
notify_script_path = /usr/local/bin/notify_about_attack.sh
|
||||
|
||||
# With this flag we will pass attack details to notify_script with stdin
|
||||
# With this flag we will pass attack details to notify_script with stdin
|
||||
# We pass details only in case of "ban" call
|
||||
# No details passed for "unban" call
|
||||
notify_script_pass_details = on
|
||||
@ -186,7 +186,7 @@ exabgp_community = 65001:666
|
||||
# exabgp_community = [65001:666 65001:777]
|
||||
|
||||
# Also we could specify different communities for host and subnet announces
|
||||
# exabgp_community_subnet = 65001:667
|
||||
# exabgp_community_subnet = 65001:667
|
||||
# exabgp_community_host = 65001:668
|
||||
|
||||
exabgp_next_hop = 10.0.3.114
|
||||
@ -201,7 +201,7 @@ exabgp_announce_whole_subnet = off
|
||||
|
||||
# Announce Flow Spec rules when we could detect certain attack type
|
||||
# Please we aware! Flow Spec announce triggered when we collect some details about attack,
|
||||
# i.e. when we call attack_details script
|
||||
# i.e. when we call attack_details script
|
||||
# Please disable exabgp_announce_host and exabgp_announce_whole_subnet if you want this feature
|
||||
# Please use ExaBGP v4 only (Git version), for more details: https://github.com/FastVPSEestiOu/fastnetmon/blob/master/docs/BGP_FLOW_SPEC.md
|
||||
exabgp_flow_spec_announces = off
|
||||
@ -217,11 +217,11 @@ graphite_port = 2003
|
||||
graphite_prefix = fastnetmon
|
||||
|
||||
# With this option enabled we could add local IP addresses and aliases to monitoring list
|
||||
# Works only for Linux
|
||||
# Works only for Linux
|
||||
monitor_local_ip_addresses = on
|
||||
|
||||
# We could create group of hosts with non standard thresholds
|
||||
# You should create this groups before (in configuration file) specifying any limits
|
||||
# You should create this groups before (in configuration file) specifying any limits
|
||||
hostgroup = my_hosts:10.10.10.221/32,10.10.10.222/32
|
||||
|
||||
# Configure this group
|
||||
@ -241,5 +241,5 @@ my_hosts_threshold_flows = 3500
|
||||
|
||||
# Field used for sorting in client, could be: packets, bytes or flows
|
||||
sort_parameter = packets
|
||||
# How much IP's we will list for incoming and outgoing channel eaters
|
||||
# How much IP's we will list for incoming and outgoing channel eaters
|
||||
max_ips_in_list = 7
|
||||
|
Loading…
Reference in New Issue
Block a user