File: ipfm.conf.sample

package info (click to toggle)
ipfm 0.11.5-4.2
  • links: PTS
  • area: main
  • in suites: bullseye, buster, sid, stretch
  • size: 356 kB
  • ctags: 129
  • sloc: ansic: 1,148; yacc: 328; sh: 210; makefile: 146; lex: 130
file content (50 lines) | stat: -rw-r--r-- 1,278 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# Global variables

# IPFM can monitor only one device.
#DEVICE eth0

# UTC to output times in UTC, not local time
#UTC

# analyses configurations

##### FIRST LOGGING CONFIGURATION #####

#log subnet 10.10.10.0 when not in relation with subnet 10.10.0.0
LOG 10.10.10.0/255.255.255.0 NOT WITH 10.10.0.0/255.255.0.0
#do not log 10.10.10.10 when in relation with 10.10.10.20
LOG NONE 10.10.10.10 WITH 10.10.10.20

FILENAME "/var/log/ipfm/%Y_%d_%m/%H_%M"

# log every hour at exactly 0:05, 1:05, 2:05 etc.
DUMP EVERY 1 hour AFTER 5 minutes
# clear statistics each day (at 00:05 UTC)
CLEAR EVERY 24 hour
SORT IN
RESOLVE


##### SECOND LOGGING CONFIGURATION #####
# We want to log data exchanged with our subnet but ignore 2 other subnets.
NEWLOG

# Log only local IPs (IPs that will apear in log file)
LOG 192.168.200.0/255.255.255.0

# Do not log local traffic
LOG NONE 192.168.200.0/255.255.255.0 WITH 192.168.200.0/255.255.255.0

# Do not log traffic with my ISP
LOG NONE 192.168.200.0/255.255.255.0 WITH 192.168.201.0/255.255.255.0
LOG NONE 192.168.200.0/255.255.255.0 WITH 192.168.202.0/255.255.255.0


FILENAME "/var/log/ipfm/subnet/%Y_%d_%m_%H"
# Log every hour
DUMP EVERY 1 hour
# Clear statistics every day at 2:00am UTC
CLEAR EVERY 1 day AFTER 2 hours
SORT TOTAL
RESOLVE