3 # Copyright (c) 2000-2007 QoSient, LLC
6 # This program is free software; you can redistribute it and/or modify
7 # it under the terms of the GNU General Public License as published by
8 # the Free Software Foundation; either version 2, or (at your option)
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
16 # You should have received a copy of the GNU General Public License
17 # along with this program; if not, write to the Free Software
18 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 # Ra* clients will open this file if its in the users HOME directory,
24 # or in the $ARGUSHOME directory, and parse it to set common configuration
25 # options. All of these values will be overriden by those options
26 # set on the command line, or in the file specified using the -f option.
28 # Values can be quoted to make string denotation easier, however, the
29 # parser does not require that string values be quoted. To support this,
30 # the parse will remove '\"' characters from input strings, so do not
31 # use this character in strings themselves.
33 # Values specified as "" will be treated as a NULL string, and the parser
34 # will ignore the variable setting.
37 # All ra* clients can attach to a remote server, and collect argus data
38 # in real time. This variable can be a name or a dot notation IP address.
40 #RA_ARGUS_SERVER=localhost:561
43 # All ra* clients can read Cicso Netflow records directly from Cisco
44 # routers. Specifying this value will alert the ra* client to open
45 # a UDP based socket listening for data on this port number.
47 #RA_CISCONETFLOW_PORT=
50 # Any ra* program can generate a pid file, which can be
51 # used to control the number of instances that the system
52 # can support. However, creating a system pid file may
53 # require priviledges that are inappropriate for all cases.
55 # When configured to generate a pid file, if a file called
56 # ra*.pid (where ra* is the name of the program in question)
57 # exists in the RA_PID_PATH directory, and a program
58 # exists with a pid that matches the one contained in the
59 # file, then the program will not start. If the pid does
60 # not exist, then the ra* program replaces the value in the
61 # file, with its own pid. If a pid file does not exist,
62 # then the ra* program will create it in the RA_PID_PATH
63 # directory, if it can. The end result is that the system
64 # will support only one instanace of the program, based
65 # on name, running at a time.
67 # The default value is to not generate a pid. The default
68 # path for the pid file, is /var/run.
70 # No Commandline equivalent
74 RA_PID_PATH="/var/run"
77 # Argus supports the use of SASL to provide strong
78 # authentication and confidentiality protection.
80 # When argus is compiled with SASL support, ra* clients may be
81 # required to authenticate to the argus server before the argus
82 # will accept the connection. This variable will allow one to
83 # set the user and authorization id's, if needed. Although
84 # not recommended you can provide a password through the
85 # RA_AUTH_PASS variable. The format for this variable is:
87 # RA_USER_AUTH="user_id/authorization_id"
89 #RA_USER_AUTH="user/user"
90 #RA_AUTH_PASS="password"
92 # The clients can specify a part of the negotiation of the
93 # security policy that argus uses. This is controlled through
94 # the use of a minimum and maximum allowable protection
95 # strength values. Set these variable to control this policy.
103 # All ra* clients can support writing its output as Argus Records into
104 # a file. Stdout can be specified using "-".
109 # All ra* clients can support filtering its input based on a time
110 # range. The format is:
111 # timeSpecification[-timeSpecification]
113 # where the format of a timeSpecification can be one of these:
114 # [mm/dd[/yy].]hh[:mm[:ss]]
120 # All ra* clients can support running for a number of seconds,
121 # while attached to a remote source of argus data. This is a type
122 # of polling. The default is zero (0), which means run indefinately.
127 # Most ra* clients are designed to print argus records out in ASCII,
128 # with each client supporting its own output formats. For ra() like
129 # clients, this variable will generate column headers as labels.
130 # The number is the number of lines between repeated header output.
131 # Setting this value to zero (0) will cause the labels to be printed
132 # once. If you don't want labels, then comment this line out or
139 # All ra* clients are designed to provide flexibility in what data
140 # is printed when configured to generate ASCII output.
141 # For ra() like clients, this variable overide the default field
142 # printing specification. This is the equivalent to the "-s option".
143 # The below example is the default field definition.
145 RA_FIELD_SPECIFIER="stime flgs proto saddr sport dir daddr dport pkts bytes state"
148 # Most ra* clients are designed to print argus records out in ASCII,
149 # with each client supporting its own output formats. For ra() like
150 # clients, this variable can overide the default field delimiter,
151 # which are variable spans of space (' '), to be any character.
152 # The most common are expected to be '\t' for tabs, and ',' for
153 # comma separated fields.
155 RA_FIELD_DELIMITER=''
158 # For ra() like clients, this variable will control the
159 # translation of numbers to names, such as resolving hostnames,
160 # and print port or protocol names. There can be a huge performance
161 # impact with name lookup, so the default is to not resolve hostnames.
163 # Valid options are 'none' to print no names, 'proto'
164 # translate the protocol names, 'port' to translate
165 # port names, and 'all' to translate all fields. An
166 # invalid value will default to 'port', silently.
171 # For ra() like clients, this variable will include the response
172 # data that is provided by Argus. This is protocol and state
175 RA_PRINT_RESPONSE_DATA=no
178 # For ra() like clients, this variable will force the timestamp
179 # to be in Unix time format, which is an integer representing the
180 # number of elapsed seconds since the epoch.
182 RA_PRINT_UNIX_TIME=no
185 # For ra() like clients, the format that is used to print
186 # timestamps, is based on the strftime() library call, with
187 # an extension to print fractions of a sec "%f". The
188 # default is "%T.%f". You can overide this default time
189 # format by setting this variable. This string must conform
190 # to the format specified in strftime(). Malformed strings can
191 # generate interesting output, so be aware with this one, and
192 # don't forget the '.' when doing fractions of a second.
194 RA_TIME_FORMAT="%T.%f"
197 # The timezone used for timestamps is specified by the
198 # tzset() library routines, and is normally specified by
199 # factors such as the TZ environment variable found on
200 # most machines. You can override the TZ environment variable
201 # by specifying a time zone using this variable. The format
202 # of this string must conform to the format specified by
205 #RA_TZ="EST5EDT4,M3.2.0/02,M11.1.0/02"
208 # For ra() like clients, this variable is used to override the
209 # time format of the timestamp. This variable specifies the
210 # number of decimal places that will be printed as the fractional
211 # part of the time. Argus collects usec precision, and so a
212 # maximum value of 6 is supported. To not print the fractional
213 # part, specify the value zero (0).
218 # Argus can capture user data. When printing out the user data
219 # contents, using tools such as raxml(), the type of encoding
220 # can be specified here. Supported values are "Ascii", "Encode64",
223 #RA_USERDATA_ENCODE=Encode32
224 #RA_USERDATA_ENCODE=Encode64
225 RA_USERDATA_ENCODE=Ascii
227 # If compiled to support this option, ra* clients are capable
228 # of generating a lot of use [full | less | whatever] debug
229 # information. The default value is zero (0).
233 # Ra style clients use a non-blocking method to connect to
234 # remote data sources, so the user can control how long to
235 # wait if a remote source doesn't respond. This variable sets
236 # the number of seconds to wait. This number should be set to
237 # a reasonable value (5 < value < 60). The default value is
243 # You can provide a filter expression here, if you like.
244 # It should be limited to 2K in length. The default is to
250 # Some ra* clients have an interval based function. Ratop, as an
251 # example, can refresh the screen at a fixed interval. This variable
252 # can be set using the RA_UPDATE_INTERVAL variable, which is a
253 # float in seconds. 0.5 seconds is the default.
255 #RA_UPDATE_INTERVAL=0.5