blob: 32f62bbca0b62f54020afb6b5ba33cc69b6aadec (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
# Config file for /etc/init.d/fprobe
DAEMON=/usr/sbin/fprobe-ulog
# ULOG group bitwise mask (default 1)
# ULOG_GROUP=1
# If configured, only capture packets matching this tcpdump expression
#FILTER=""
# Flow state timers
#TIMER_EXPIRED=5
#TIMER_FRAGMENTED=30
#TIMER_IDLE=60
#TIMER_ACTIVE=300
# This is the default and should be left unless you know what you are doing
#FLOW_VER=5
# local ip. if configured fprobe will use this as the source IP for sending ALL flow data
# If you want to specify a specific source address per collecter, customize it below
#LOCALIP=
# SNMP iface id
SNMP_IFACE="${IFACE//eth}"
# Maximum number of concurrent flows to track
# using a specified amount of memory
#MEMBULK=10000
#MEMLIMIT=
# Pending queue
#PENDING=100
# Kernel capture buffer size (kB)
#KERNBUF=1024
# Realtime priority [0=disabled, 1..99]
#RTPRIO=0
# Delay N nanoseconds after each B bytes
#DELAY="0:0"
# How much of the start of each packet to grab
#SNAPLEN=256
# chroot() to this location after startup
CHROOT="/var/empty"
# User to run as. must have perms to the pidfile directory /var/run/fprobe/
USER=nobody
# logging level for syslog (0=EMERG, ..., 6=INFO, 7=DEBUG)
#LOGLEVEL=6
# If you want to run multiple instances of fprobe,
# You MUST set this variable to a unique INTEGER for each one!
PIDFILE_ID=''
# remote ip. this is where we send flows
REMOTEIP=127.0.0.1
# port to listen on
PORT=2055
# Collector type, see the manpage for valid types
TYPE=''
# If you want multiple collectors, just specify each one here
COLLECTORS="${REMOTEIP}:${PORT}/${LOCALIP}/${TYPE}"
|