File: templates

package info (click to toggle)
wflogs 0.9.8-4
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 4,220 kB
  • ctags: 3,750
  • sloc: ansic: 12,166; sh: 8,047; cpp: 6,412; lex: 1,525; yacc: 1,430; makefile: 731; sed: 16
file content (267 lines) | stat: -rw-r--r-- 11,002 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
 
Template: wflogs/presentation
Type: note
_Description: Configuration of this package.
 You'll now choose the settings used to generate the report stored on disk.
 Then you'll be asked if you want to use the same settings for the report
 on email. If not, you'll be able to choose them.

Template: wflogs/email_more_questions
Type: note
_Description: Don't be surprised if you are asked some more questions.
 The email report will be in text mode, but the disk report will use a
 different output module, proposing different options.  So it may happen
 that some settings you choose for the disk report won't apply to the email
 report.

Template: wflogs/report_permissions
Type: boolean
Default: false
_Description: Do you want to set read permissions to www-data group?
 According to your previous choice, reports will be stored in
 /var/www/wflogs/. By default this package sets restrictive permissions to
 this directory and reports stored into it for security reasons. However if
 you want, you can add read access to the www-data group, so that you can
 visualize reports with a web browser.

Template: wflogs/report_generate
Type: boolean
Default: true 
_Description: Generate daily report on disk? 
 This package can generate a daily report stored on disk and can also produce
 an optional daily report sent by email. You'll be able to choose the
 output module used to generate the disk report, but if you want an email
 report it will be generated with text module. Both reports can be
 generated with the same settings or different ones.

Template: wflogs/email_send
Type: boolean
Default: false
_Description: Send daily report by mail?

Template: wflogs/email_address
Type: string
_Default: root
_Description: Email address to send the daily report to.

Template: wflogs/email_configuration
Type: boolean
Default: true
_Description: Should the daily email report have the same configuration?
 You just choosed the settings used to generate the daily report stored on
 disk.

Template: wflogs/input_file
Type: string
Default: /var/log/kern.log
_Description: Choose the input file
 This is the file which contains logs that have to be analyzed by wflogs.

Template: wflogs/input_type
Type: multiselect
_Choices: netfilter, ipchains, ipfilter, cisco_pix, cisco_ios, snort, all
Default: netfilter
_Description: Choose the input parsing modules.
 wflogs will use the corresponding modules to parse the logs. If you want
 to parse a log file with multiple formats mixed (typically a remote syslog
 file), you can specify several format module names, one being probed after
 another. Use special name `all' to try every available formats.

Template: wflogs/report_output_type
Type: select
_Choices: html, text, human, xml, netfilter, ipchains, ipfilter
Default: html
_Description: Choose the output module type.
 wflogs will produce the report using the following target. According to
 your choice report will be placed on different locations. If you choose
 html or email, the location will be /var/www/wflogs. In other case it will
 be /var/log/wflogs.

Template: wflogs/report_obfuscate
Type: string
_Default: nothing
_Description: Choose fields to obfuscate
 This option obfuscates some logging fields according to given criterias,
 separated by commas. These can be `date', `hostname', `ipaddr', or
 `macaddr' (or `all' for everything). If ipaddr is specified, output module
 options `resolve' and `whois_lookup' (if available) are set to no. If
 macaddr is specified, output module option `mac_vendor' (if available) is
 set to no.
 .
 Date order is conserved, hostnames are replaced by "hostx" (where x is a
 growing number), ipaddr belong to 0.0.0.0/8 network, macaddr are of the
 form 0:0:0:0:0:1, 0:0:0:0:0:2, etc. Note that for all obfuscated fields,
 each original value is associated with a new unique one (unicity is
 preserved).

Template: wflogs/email_obfuscate
Type: string
_Default: nothing
_Description: Choose fields to obfuscate
 This option obfuscates some logging fields according to given criterias,
 separated by commas. These can be `date', `hostname', `ipaddr', or
 `macaddr' (or `all' for everything). If ipaddr is specified, output module
 options `resolve' and `whois_lookup' (if available) are set to no. If
 macaddr is specified, output module option `mac_vendor' (if available) is
 set to no.
 .
 Date order is conserved, hostnames are replaced by "hostx" (where x is a
 growing number), ipaddr belong to 0.0.0.0/8 network, macaddr are of the
 form 0:0:0:0:0:1, 0:0:0:0:0:2, etc. Note that for all obfuscated fields,
 each original value is associated with a new unique one (unicity is
 preserved).

Template: wflogs/report_sort
Type: select
_Choices: Yes default order, Yes custom order, No
Default: Yes default order
_Description: Sort order of the output?
 By default output is sorted  by `-count,time,dipaddr,protocol,dport', but
 you can choose an other sort method.

Template: wflogs/email_sort
Type: select
_Choices: Yes default order, Yes custom order, No
Default: Yes default order
_Description: Sort order of the output?
 By default output is sorted  by `-count,time,dipaddr,protocol,dport', but
 you can choose an other sort method.

Template: wflogs/report_sort_options
Type: string
_Default: -count,time,dipaddr,protocol,dport
_Description: Choose sorting order of the output.
 Set output lines sort order according to the multilevel sort specified by
 the sequence of keys key1,key2,... Syntax is [+|-]key1[,[+|-]key2[,...]].
 Choose a key from the following ones:
    count         sort by count (number of original log entries)
    time          sort by log entry date (if count != 1, the date of the
 first original log line)
    timeend       sort by log entry end date (if count != 1, the date of
 the last original log line)
    input_iface   sort by input interface name
    output_iface  sort by output interface name
    sipaddr       sort by source IP address
    dipaddr       sort by destination IP address
    smacaddr      sort by source MAC address
    dmacaddr      sort by destination MAC address
    protocol      sort by protocol number
    sport         sort by source port number (if available)
    dport         sort by destination port number (if available)
    tcpflags      sort by TCP flags
    hostname      sort by hostname
    chainlabel    sort by chain label
    branchname    sort by branch name
    datalen       sort by data length
    format        sort by firewalling tool format
    none          do not sort
 `-' reverses direction only on the key it precedes. The `+' is really
 optional since default direction is increasing numerical or lexicographic
 order. For example dport,-time sorts according to destination port number,
 then reverse time (for a given port number). If one of the keys is `none',
 the output is not sorted.

Template: wflogs/email_sort_options
Type: string
_Default: -count,time,dipaddr,protocol,dport
_Description: Choose sorting order of the output
 Set output lines sort order according to the multilevel sort specified by
 the sequence of keys key1,key2,... Syntax is [+|-]key1[,[+|-]key2[,...]].
 Choose a key from the following ones:
    count         sort by count (number of original log entries)
    time          sort by log entry date (if count != 1, the date of the
 first original log line)
    timeend       sort by log entry end date (if count != 1, the date of
 the last original log line)
    input_iface   sort by input interface name
    output_iface  sort by output interface name
    sipaddr       sort by source IP address
    dipaddr       sort by destination IP address
    smacaddr      sort by source MAC address
    dmacaddr      sort by destination MAC address
    protocol      sort by protocol number
    sport         sort by source port number (if available)
    dport         sort by destination port number (if available)
    tcpflags      sort by TCP flags
    hostname      sort by hostname
    chainlabel    sort by chain label
    branchname    sort by branch name
    datalen       sort by data length
    format        sort by firewalling tool format
    none          do not sort
 `-' reverses direction only on the key it precedes. The `+' is really
 optional since default direction is increasing numerical or lexicographic
 order. For example dport,-time sorts according to destination port number,
 then reverse time (for a given port number). If one of the keys is `none',
 the output is not sorted.

Template: wflogs/report_output_summary
Type: boolean
Default: true
_Description: Summarize logs in the report?
 The report can be a summary (similar log events are grouped).

Template: wflogs/email_output_summary
Type: boolean
Default: true
_Description: Summarize logs in the report?
 The report can be a summary (similar log events are grouped).

Template: wflogs/report_output_whois
Type: select
_Choices: no whois lookups, always do whois lookups, do whois lookups only if no DNS name could be found
Default: do whois lookups only if no DNS name could be found
_Description: What do you want to do concerning the inclusion of whois in the report?
 This option determine the inclusion of whois lookups in the report.

Template: wflogs/email_output_whois
Type: select
_Choices: no whois lookups, always do whois lookups, do whois lookups only if no DNS name could be found
Default: do whois lookups only if no DNS name could be found
_Description: What do you want to do concerning the inclusion of whois in the report?
 This option determine the inclusion of whois lookups in the report.

Template: wflogs/report_output_mac_vendor
Type: boolean
Default: false
_Description: Would you like to show the MAC vendor?
 The MAC vendor can be determined by using the prefix of the MAC address if
 it is available.

Template: wflogs/email_output_mac_vendor
Type: boolean
Default: false
_Description: Would you like to show the MAC vendor?
 The MAC vendor can be determined by using the prefix of the MAC address if
 it is available.

Template: wflogs/report_output_mac
Type: boolean
Default: false
_Description: Would you like to show MAC addresses?
 Destination and sources MAC addresses can be displayed in the report.

Template: wflogs/email_output_mac
Type: boolean
Default: false
_Description: Would you like to show MAC addresses?
 Destination and sources MAC addresses can be displayed in the email.

Template: wflogs/report_output_src_mac
Type: boolean
Default: false
_Description: Would you like to show the source MAC address?

Template: wflogs/email_output_src_mac
Type: boolean
Default: false
_Description: Would you like to show the source MAC address?

Template: wflogs/report_output_duration
Type: boolean
Default: false
_Description: Would you like to show duration between the first packet and the last one (if there are several packets).

Template: wflogs/email_output_duration
Type: boolean
Default: false
_Description: Would you like to show duration between the first packet and the last one (if there are several packets).