diff options
author | 4le34n | 2017-07-31 14:26:03 +1100 |
---|---|---|
committer | 4le34n | 2017-07-31 14:26:03 +1100 |
commit | be12a597f62827cde22eef448a4bedabe013743e (patch) | |
tree | 3c2488eb3e9c1c05276bea87c22f45433d83f021 /nfsen.conf | |
download | aur-be12a597f62827cde22eef448a4bedabe013743e.tar.gz |
Initial import
Diffstat (limited to 'nfsen.conf')
-rw-r--r-- | nfsen.conf | 309 |
1 files changed, 309 insertions, 0 deletions
diff --git a/nfsen.conf b/nfsen.conf new file mode 100644 index 000000000000..93c912813806 --- /dev/null +++ b/nfsen.conf @@ -0,0 +1,309 @@ +############################## +# +# NfSen master config file +# +# $Id: nfsen-dist.conf 22 2007-11-20 12:27:38Z phaag $ +# +# Configuration of NfSen: +# Set all the values to fit your NfSen setup and run the 'install.pl' +# script from the nfsen distribution directory. +# +# The syntax must conform to Perl syntax. +# +############################## +# +# NfSen default layout: +# Any scripts, modules or profiles are installed by default under $BASEDIR. +# However, you may change any of these settings to fit your requested layout. + +# +# Required for default layout +$BASEDIR = "/opt/nfsen"; + +# +# Where to install the NfSen binaries +$BINDIR="${BASEDIR}/bin"; + +# +# Where to install the NfSen Perl modules +$LIBEXECDIR="${BASEDIR}/libexec"; + +# +# Where to install the config files +$CONFDIR="/etc"; + +# +# NfSen html pages directory: +# All php scripts will be installed here. +# URL: Entry point for nfsen: http://<webserver>/nfsen/nfsen.php +$HTMLDIR = "/srv/http/nfsen/"; + +# +# Where to install the docs +$DOCDIR="${HTMLDIR}/doc"; + +# +# Var space for NfSen +$VARDIR="/var/lib/nfsen"; + +# directory for all pid files +$PIDDIR="/run/nfsen"; +# +# Filter directory +FILTERDIR="${VARDIR}/filters"; +# + +# FORMATDIR for custom printing formats +FORMATDIR="${VARDIR}/fmt"; +# + +# +# The Profiles stat directory, where all profile information +# RRD DBs and png pictures of the profile are stored +$PROFILESTATDIR="${BASEDIR}/profiles-stat"; + +# +# The Profiles directory, where all netflow data is stored +$PROFILEDATADIR="${BASEDIR}/profiles-data"; + +# +# Where go all the backend plugins +$BACKEND_PLUGINDIR="${BASEDIR}/plugins"; + +# +# Where go all the frontend plugins +$FRONTEND_PLUGINDIR="${HTMLDIR}/plugins"; + +# +# nfdump tools path +$PREFIX = '/usr'; + +# +# nfsend communication socket +$COMMSOCKET = "${PIDDIR}/nfsen.comm"; + +# BASEDIR unrelated vars: +# +# Run nfcapd as this user +# This may be a different or the same uid than your web server. +# Note: This user must be in group $WWWGROUP, otherwise nfcapd +# is not able to write data files! +$USER = "netflow"; + +# user and group of the web server process +# All netflow processing will be done with this user +$WWWUSER = "http"; +$WWWGROUP = "http"; + +# Receive buffer size for nfcapd - see man page nfcapd(1) +$BUFFLEN = 200000; + +# list of extensions for each collector. See argument -T +# for nfcapd(1) for more detailes. +# defaults to empty -> compatible to nfdump-1.5.8 +# $EXTENSIONS = ''; +# Example: +# $EXTENSIONS = 'all'; +# $EXTENSIONS = '+3,+4'; +# +# Directory sub hierarchy layout: +# Possible layouts: +# +# 0 default no hierachy levels - flat layout - compatible with pre NfSen versions +# 1 %Y/%m/%d year/month/day +# 2 %Y/%m/%d/%H year/month/day/hour +# 3 %Y/%W/%u year/week_of_year/day_of_week +# 4 %Y/%W/%u/%H year/week_of_year/day_of_week/hour +# 5 %Y/%j year/day-of-year +# 6 %Y/%j/%H year/day-of-year/hour +# 7 %Y-%m-%d year-month-day +# 8 %Y-%m-%d/%H year-month-day/hour +$SUBDIRLAYOUT = 1; + +# Compress flows while collecting 0 or 1 +$ZIPcollected = 1; + +# Compress flows in profiles 0 or 1 +$ZIPprofiles = 1; + +# Interrupt expire -- not yet enabled as not yet fully tested +#$InterruptExpire = 0; + +# number of nfprofile processes to spawn during the profiling phase +# depends on how busy your system is and how many CPUs you have +# on very busy systems increase it to a higher value +$PROFILERS = 2; + +# if the PROFILEDATADIR is filled up to this percentage, a warning message will be printed. +# set to 0 to disable the test +$DISKLIMIT = 98; + +# number of nfprofile processes to spawn during the profiling phase +$PROFILERS = 6; + +# Some Perl Versions/Builds have memory leaks for unknown reason. +# Therefore nfsend will increase its memory footprint over time. +# In order to reset nfsend, it automatically reloads after 1 day +# if PERL_HAS_MEMLEAK is set to 1 +# $PERL_HAS_MEMLEAK=0; + +# Netflow sources +# Define an ident string, port and colour per netflow source +# +# Required parameters: +# ident identifies this netflow source. e.g. the router name, +# Upstream provider name etc. +# port nfcapd listens on this port for netflow data for this source +# set port to '0' if you do not want a collector to be started +# col colour in nfsen graphs for this source +# +# Optional parameters +# type Collector type needed for this source. Can be 'netflow' or 'sflow'. Default is netflow +# optarg Optional args to the collector at startup +# +# Syntax: +# 'ident' => { 'port' => '<portnum>', 'col' => '<colour>', 'type' => '<type>' } +# Ident strings must be 1 to 19 characters long only, containing characters [a-zA-Z0-9_]. + +%sources = ( + 'upstream1' => { 'port' => '9995', 'col' => '#0000ff', 'type' => 'netflow' }, + 'peer1' => { 'port' => '9996', 'IP' => '172.16.17.18' }, + 'peer2' => { 'port' => '9996', 'IP' => '172.16.17.19' }, +); + +# +# Low water mark: When expiring files, delete files until +# size = $low_water % of max_size +# typically 90 +$low_water = 90; + +# +# syslog facility for periodic jobs +# nfsen uses level 'debug', 'info', 'warning' and 'err' +# Note: nfsen is very chatty for level 'debug' and 'info' +# For normal operation, you may set the logging level in syslog.conf +# to warning or error unless you want to debug NfSen +$syslog_facility = 'local3'; + +# +# SYSLOG mess +# Log socket type: Most *NIX such as LINUX and *BSD are fine with 'unix' +# which is the default. You need to change that to 'stream' or 'inet' for +# some Solaris version 8/9, AIX and others .. +# You may set it to undef to prevent calling Sys::Syslog::setlogsock at all +# ( works for Solaris 10 and newer Sys::Syslog module +# +# If not defined at all, 'unix' is assumed unless for Solaris, which defaults to 'stream' +# $LogSocket = 'unix'; + +# +# Plugins +# Plugins extend NfSen for the purpose of: +# Periodic data processing, alerting-condition and alerting-action +# For data processing a plugin may run for any profile or for a specific profile only. +# Syntax: [ 'profile list', 'module' ] +# profile list: ',' separated list of profiles ( 'profilegroup/profilename' ), +# or '*' for any profile, '!' for no profile +# module: Perl Module name, equal to plugin name +# The profile list '!' make sense for plugins, which only provide alerting functions +# +# The module follows the standard Perl module conventions, with at least one +# function: Init(). See demoplugin.pm for a simple template. +# +# A file with the same name in the FRONTEND_PLUGINDIR and .php extension is automatically +# recongized as frontend plugin. +# +# Plugins are installed under +# $BACKEND_PLUGINDIR and $FRONTEND_PLUGINDIR + +@plugins = ( + # profile # module + # [ '*', 'demoplugin' ], +); + +%PluginConf = ( + # For plugin demoplugin + demoplugin => { + # scalar + param2 => 42, + # hash + param1 => { 'key' => 'value' }, + }, + # for plugin otherplugin + otherplugin => [ + # array + 'mary had a little lamb' + ], +); + +# +# Alert module: email alerting: +# Use this from address +$MAIL_FROM = 'your@from.example.net'; + +# Use this SMTP server +$SMTP_SERVER = 'localhost'; + +# Use this email body: +# You may have multiple lines of text. +# Var substitution: +# @alert@ replaced by alert name +# @timeslot@ replaced by timeslot alert triggered +$MAIL_BODY = q{ +Alert '@alert@' triggered at timeslot @timeslot@ +}; + +###################################################### +# +# For the NfSen simulator include the section below. +# +###################################################### +# +# Nfsen Simulator +# The simulator requires, that you have already installed +# and configured NfSen. The simulation is based on already +# pre-colleted data, which you may get from another live +# NfSen system. +# +# Steps to setup the NfSen simulator: +# 1. Configure the sources of the live profile with the +# same names of the NfSen system, you take netflow data +# for the simulation. Set the port for each netflow source +# to 0 to prevent a collector to be started. +# Install NfSen with this config in a seperate directory +# 2. Copy the pre-collected data into the appropriate +# netflow directory of the live profile. +# 3. Configure the simulator using the parameters below +# Enable Simulation mode => $SIMmode = 1 +# Configure the time window of the pre-collected data. +# tstart => Start of time window. yyyymmddhhmm +# tbegin => Optional parameter. Start of simulation +# profile exists already between tstart - tbegin +# tend => End of time window. yyyymmddhhmm +# cycletime => simulation time in seconds of a 5min slot +# Setting cycletime = 0 processes the cycles as fast as +# possible. Please note, if you test plugings, your +# cycletime needs to be at least the time required to +# process all plugins. +# 4. Start nfsen: ../nfsen start +# Simulation starts +# +# The simulator runs from tstart to tend and stops when tend +# is reached. You may stop the simulation at any given time +# using ./nfsen stop. To continue the simulation start NfSen +# again: ./nfsen start. You may reset the simulator at any +# given time using ./nfsen abort-reset. This stops the sumulation +# and rolls back to tstart. All profiles/alerts are deleted, +# so you may start from scratch again. +# +# Configure simulator parameters +# +# $SIMmode = 1; +# %sim = ( +# 'tstart' => '200707100000', # Simulation data available from July 10th 2007 00:00 +# 'tbegin' => '200707110000', # Simulation begins at July 11th 2007 00:00 +# 'tend' => '200707112355', # Simulation ends at July 11th 2007 23:55 +# 'cycletime' => '30', # 30s per 5min slot +# ); + +1; |