From c2a95c711b372db0c362ec7d81e8763d3f8f80c1 Mon Sep 17 00:00:00 2001 From: Henry Spanka Date: Thu, 10 Sep 2015 15:40:54 +0200 Subject: [PATCH] remove whitespaces from fastnetmon conf --- src/fastnetmon.conf | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/src/fastnetmon.conf b/src/fastnetmon.conf index 301f79c..bdc189b 100644 --- a/src/fastnetmon.conf +++ b/src/fastnetmon.conf @@ -24,12 +24,12 @@ process_outgoing_traffic = on # How much packets we will collect from attack's traffic ban_details_records_count = 500 -# How long (in seconds) we should keep IP in blocked state +# How long (in seconds) we should keep IP in blocked state # If you set 0 here it completely disables unban capability ban_time = 1900 # We could check 'is attack still going' before triggering unban callback with this option -# If attack still going we will check it each run of unban watchdog +# If attack still going we will check it each run of unban watchdog unban_only_if_attack_finished = on # With this variable you could enable per subnet speed meters @@ -39,7 +39,7 @@ enable_subnet_counters = off # In this file you should list all your networks in CIDR format networks_list_path = /etc/networks_list -# In this file you could list networks in CIDR format which will be not monitored for attacks +# In this file you could list networks in CIDR format which will be not monitored for attacks white_list_path = /etc/networks_whitelist # How often we redraw client's screen @@ -75,7 +75,7 @@ mirror_netmap = off # SnabbSwitch traffic capture mirror_snabbswitch = off -# AF_PACKET capture engine +# AF_PACKET capture engine # Please use it only with modern Linux kernels (3.6 and more) # And please install birq for irq ditribution over cores mirror_afpacket = off @@ -86,7 +86,7 @@ interfaces_snabbswitch = 0000:04:00.0,0000:04:00.1,0000:03:00.0,0000:03:00.1 # Port mirroring could be sampled netmap_sampling_ratio = 1 -# This option should be enabled if you are using Juniper with mirroring of first X bytes of packet: maximum-packet-length 110; +# This option should be enabled if you are using Juniper with mirroring of first X bytes of packet: maximum-packet-length 110; netmap_read_packet_length_from_ip_header = off # Pcap mode, very slow not suitable for production @@ -118,12 +118,12 @@ netflow_port = 2055 netflow_host = 0.0.0.0 # For bind to all interfaces for all protocols: not possible now -# For bind to all interfaces for specific protocol: :: or 0.0.0.0 +# For bind to all interfaces for specific protocol: :: or 0.0.0.0 # For bind to localhost for specific protocol: ::1 or 127.0.0.1 # Netflow v9 and IPFIX agents uses different and very complex approaches for notifying about sample ratio # Here you could specify sampling ratio for all this agents -# For NetFLOW v5 we extract sampling ratio from packets directely and this option not used +# For NetFLOW v5 we extract sampling ratio from packets directely and this option not used netflow_sampling_ratio = 1 # In some cases with NetFlow we could get huge bursts related to aggregated data nature @@ -149,10 +149,10 @@ sflow_host = 0.0.0.0 ### Actions when attack detected ### -# This script executed for ban, unban and atatck detailes collection +# This script executed for ban, unban and atatck detailes collection notify_script_path = /usr/local/bin/notify_about_attack.sh -# With this flag we will pass attack details to notify_script with stdin +# With this flag we will pass attack details to notify_script with stdin # We pass details only in case of "ban" call # No details passed for "unban" call notify_script_pass_details = on @@ -186,7 +186,7 @@ exabgp_community = 65001:666 # exabgp_community = [65001:666 65001:777] # Also we could specify different communities for host and subnet announces -# exabgp_community_subnet = 65001:667 +# exabgp_community_subnet = 65001:667 # exabgp_community_host = 65001:668 exabgp_next_hop = 10.0.3.114 @@ -201,7 +201,7 @@ exabgp_announce_whole_subnet = off # Announce Flow Spec rules when we could detect certain attack type # Please we aware! Flow Spec announce triggered when we collect some details about attack, -# i.e. when we call attack_details script +# i.e. when we call attack_details script # Please disable exabgp_announce_host and exabgp_announce_whole_subnet if you want this feature # Please use ExaBGP v4 only (Git version), for more details: https://github.com/FastVPSEestiOu/fastnetmon/blob/master/docs/BGP_FLOW_SPEC.md exabgp_flow_spec_announces = off @@ -217,11 +217,11 @@ graphite_port = 2003 graphite_prefix = fastnetmon # With this option enabled we could add local IP addresses and aliases to monitoring list -# Works only for Linux +# Works only for Linux monitor_local_ip_addresses = on # We could create group of hosts with non standard thresholds -# You should create this groups before (in configuration file) specifying any limits +# You should create this groups before (in configuration file) specifying any limits hostgroup = my_hosts:10.10.10.221/32,10.10.10.222/32 # Configure this group @@ -241,5 +241,5 @@ my_hosts_threshold_flows = 3500 # Field used for sorting in client, could be: packets, bytes or flows sort_parameter = packets -# How much IP's we will list for incoming and outgoing channel eaters +# How much IP's we will list for incoming and outgoing channel eaters max_ips_in_list = 7