]>
Commit | Line | Data |
---|---|---|
f48b1c7c | 1 | # |
2 | # Argus Software | |
3 | # Copyright (c) 2000-2007 QoSient, LLC | |
4 | # All rights reserved. | |
5 | # | |
6 | # Example argus.conf | |
7 | # | |
8 | # Argus will open this argus.conf if its installed as /etc/argus.conf. | |
9 | # It will also search for this file as argus.conf in directories | |
10 | # specified in $ARGUSPATH, or $ARGUSHOME, $ARGUSHOME/lib, | |
11 | # or $HOME, $HOME/lib, and parse it to set common configuration | |
12 | # options. All values in this file can be overriden by command | |
13 | # line options, or other files of this format that can be read in | |
14 | # using the -F option. | |
15 | # | |
16 | # | |
17 | # Variable Syntax | |
18 | # | |
19 | # Variable assignments must be of the form: | |
20 | # | |
21 | # VARIABLE= | |
22 | # | |
23 | # with no white space between the VARIABLE and the '=' sign. | |
24 | # Quotes are optional for string arguements, but if you want | |
25 | # to embed comments, then quotes are required. | |
26 | # | |
27 | # | |
28 | # Variable Explanations | |
29 | # | |
30 | # The Argus can be configured to support a large number of | |
31 | # flow types. The Argus can provide either type, i.e. | |
32 | # uni-directional or bi-directional flow tracking and | |
33 | # the flow can be further defined by specifying the key. | |
34 | # The argus supports a set of well known key strategies, | |
35 | # such as 'CLASSIC_5_TUPLE', 'LAYER_3_MATRIX', 'LAYER_2_MATRIX', | |
36 | # 'MPLS', and/or 'VLAN', or the argus can be configured to | |
37 | # formulate key strategies from a list of the specific | |
38 | # objects that the Argus understands. See the man page for | |
39 | # a complete description. | |
40 | # | |
41 | # The default is the classic 5-tuple IP flow, CLASSIC_5_TUPLE. | |
42 | # | |
43 | ||
44 | ARGUS_FLOW_TYPE="Bidirectional" | |
45 | ARGUS_FLOW_KEY="CLASSIC_5_TUPLE" | |
46 | ||
47 | ||
48 | # Argus is capable of running as a daemon, doing all the right things | |
49 | # that daemons do. When this configuration is used for the system | |
50 | # daemon process, say for /etc/argus.conf, this variable should be | |
51 | # set to "yes". | |
52 | # | |
53 | # The default value is to not run as a daemon. | |
54 | # | |
55 | # This example is to support the ./support/Startup/argus script | |
56 | # which requires that this variable be set to "yes". | |
57 | # | |
58 | # Commandline equivalent -d | |
59 | # | |
60 | ||
61 | ARGUS_DAEMON=yes | |
62 | ||
63 | ||
64 | # Argus Monitor Data is uniquely identifiable based on the source | |
65 | # identifier that is included in each output record. This is to | |
66 | # allow you to work with Argus Data from multiple monitors at the | |
67 | # same time. The ID is 32 bits long, and so legitimate values are | |
68 | # 0 - 4294967296 but argus also supports IP addresses as values. | |
69 | # The configuration allows for you to use host names, however, do | |
70 | # have some understanding how `hostname` will be resolved by the | |
71 | # nameserver before commiting to this strategy completely. | |
72 | # | |
73 | # Commandline equivalent -e | |
74 | # | |
75 | ||
76 | ARGUS_MONITOR_ID=`hostname` | |
77 | ||
78 | ||
79 | # Argus monitors can provide a real-time remote access port | |
80 | # for collecting Argus data. This is a TCP based port service and | |
81 | # the default port number is tcp/561, the "experimental monitor" | |
82 | # service. This feature is disabled by default, and can be forced | |
83 | # off by setting it to zero (0). | |
84 | # | |
85 | # When you do want to enable this service, 561 is a good choice, | |
86 | # as all ra* clients are configured to try this port by default. | |
87 | # | |
88 | # Commandline equivalent -P | |
89 | # | |
90 | ||
91 | ARGUS_ACCESS_PORT=561 | |
92 | ||
93 | ||
94 | # When remote access is enabled (see above), you can specify that Argus | |
95 | # should bind only to a specific IP address. This is useful, for example, | |
96 | # in restricting access to the local host, or binding to a private | |
97 | # interface while capturing from another. The default is to bind to any | |
98 | # IP address. | |
99 | # | |
100 | # Commandline equivalent -B | |
101 | # | |
102 | ||
103 | #ARGUS_BIND_IP="127.0.0.1" | |
104 | ||
105 | ||
106 | # By default, Argus will open the first appropriate interface on a | |
107 | # system that it encounters. For systems that have only one network | |
108 | # interface, this is a reasonable thing to do. But, when there are | |
109 | # more than one suitable interface, you should specify which | |
110 | # interface(s) Argus should read data from. | |
111 | # | |
112 | # Argus can read packets from multiple interfaces at the same time, | |
113 | # although this is limited to 2 interfaces at this time. Specify | |
114 | # this in this file with multiple ARGUS_INTERFACE directives. | |
115 | # | |
116 | # Commandline equivalent -i | |
117 | # | |
118 | ||
119 | #ARGUS_INTERFACE= | |
120 | ||
121 | ||
122 | # By default, Argus will put its interface in promiscuous mode | |
123 | # in order to monitor all the traffic that can be collected. | |
124 | # This can put an undo load on systems. | |
125 | ||
126 | # If the intent is to monitor only the network activity of | |
127 | # the specific system, say to measure the performance of | |
128 | # an HTTP service or DNS service, you'll want to turn | |
129 | # promiscuous mode off. | |
130 | # | |
131 | # The default value is go into prmiscuous mode. | |
132 | # | |
133 | # Commandline equivalent -p | |
134 | # | |
135 | ||
136 | #ARGUS_GO_PROMISCUOUS=yes | |
137 | ||
138 | ||
139 | # By default, Argus will provide its own reliable output collection | |
140 | # functions, which include writing out to multiple files, supporting | |
141 | # multiple concurrent remote clients, independent output filtering and | |
142 | # strong authentication and encryption. The support for each of these | |
143 | # functions increases the CPU requirements of argus, and as such, in | |
144 | # high load environments, may not be desireable. | |
145 | # | |
146 | # When argus's collection functions are disabled, the only way to access | |
147 | # data is through a socket, and as a result the ARGUS_ACCESS_PORT | |
148 | # and ARGUS_BIND_ADDRESS mechanisms may need to be used. | |
149 | # | |
150 | # Commandline equivalent -c | |
151 | # | |
152 | ||
153 | #ARGUS_COLLECTOR=yes | |
154 | ||
155 | ||
156 | # Argus supports chroot(2) in order to control the file system that | |
157 | # argus exists in and can access. Generally used when argus is running | |
158 | # with privileges, this limits the negative impacts that argus could | |
159 | # inflict on its host machine. | |
160 | # | |
161 | # This option will cause the output file names to be relative to this | |
162 | # directory, and so consider this when trying to find your output files. | |
163 | # | |
164 | # Commandline equivalent -C | |
165 | # | |
166 | ||
167 | #ARGUS_CHROOT_DIR=/chroot_dir | |
168 | ||
169 | ||
170 | # Argus can be directed to change its user id using the setuid() system | |
171 | # call. This is can used when argus is started as root, in order to | |
172 | # access privileged resources, but then after the resources are opened, | |
173 | # this directive will cause argus to change its user id value to | |
174 | # a 'lesser' capable account. Recommended when argus is running as | |
175 | # daemon. | |
176 | # | |
177 | # Commandline equivalent -u | |
178 | # | |
179 | ||
180 | #ARGUS_SETUSER_ID=user | |
181 | ||
182 | ||
183 | # Argus can be directed to change its group id using the setgid() system | |
184 | # call. This is can used when argus is started as root, in order to | |
185 | # access privileged resources, but then after the resources are opened, | |
186 | # this directive can be used to change argu's group id value to | |
187 | # a 'lesser' capable account. Recommended when argus is running as | |
188 | # daemon. | |
189 | # | |
190 | # Commandline equivalent -g | |
191 | # | |
192 | ||
193 | #ARGUS_SETGROUP_ID=group | |
194 | ||
195 | ||
196 | # Argus can write its output to one or a number of files. | |
197 | # The default limit is 5 concurrent files, each with their | |
198 | # own independant filters. | |
199 | # | |
200 | # The format is: | |
201 | # ARGUS_OUTPUT_FILE=/full/path/file/name | |
202 | # ARGUS_OUTPUT_FILE="/full/path/file/name filter" | |
203 | # | |
204 | # Most sites will have argus write to a file, for reliablity. | |
205 | # The example file name is used here as supporting programs, | |
206 | # such as ./support/Archive/argusarchive are configured to use | |
207 | # this file (with any chroot'd directory prepended). | |
208 | # | |
209 | # Commandline equivalent -w | |
210 | # | |
211 | ||
212 | #ARGUS_OUTPUT_FILE=/var/log/argus/argus.out | |
213 | ||
214 | ||
215 | # When Argus is configured to run as a daemon, with the -d | |
216 | # option, Argus can store its pid in a file, to aid in | |
217 | # managing the running daemon. However, creating a system | |
218 | # pid file requires priviledges that may not be appropriate | |
219 | # for all cases. | |
220 | # | |
221 | # When configured to generate a pid file, if Argus cannot | |
222 | # create the pid file, it will fail to run. This variable | |
223 | # is available to override the default, in case this gets | |
224 | # in your way. | |
225 | # | |
226 | # The default value is to generate a pid. The default | |
227 | # path for the pid file, is '/var/run'. | |
228 | # | |
229 | # No Commandline equivalent | |
230 | # | |
231 | ||
232 | ARGUS_SET_PID=yes | |
233 | ARGUS_PID_PATH="/var/run" | |
234 | ||
235 | ||
236 | # Argus will periodically report on a flow's activity every | |
237 | # ARGUS_FLOW_STATUS_INTERVAL seconds, as long as there is | |
238 | # new activity on the flow. This is so that you can get a | |
239 | # multiple status reports into the activity of a flow. The | |
240 | # default is 5 seconds, but this number may be too low or | |
241 | # too high depending on your uses. Argus does suppport | |
242 | # a minimum value of 0.000001 seconds. Values under 1 sec | |
243 | # are very useful for doing measurements in a controlled | |
244 | # experimental environment where the number of flows is small. | |
245 | # | |
246 | # Because the status interval affects the memory utilization | |
247 | # of the monitor, find the minimum acceptable value is | |
248 | # recommended. | |
249 | # | |
250 | # Commandline equivalent -S | |
251 | # | |
252 | ||
253 | ARGUS_FLOW_STATUS_INTERVAL=5 | |
254 | ||
255 | ||
256 | # Argus will periodically report on a its own health, providing | |
257 | # interface status, total packet and bytes counts, packet drop | |
258 | # rates, and flow oriented statistics. | |
259 | # | |
260 | # These records can be used as "keep alives" for periods when | |
261 | # there is no network traffic to be monitored. | |
262 | # | |
263 | # The default value is 300 seconds, but a value of 60 seconds is | |
264 | # very common. | |
265 | # | |
266 | # Commandline equivalent -M | |
267 | # | |
268 | ||
269 | ARGUS_MAR_STATUS_INTERVAL=60 | |
270 | ||
271 | ||
272 | # If compiled to support this option, Argus is capable of | |
273 | # generating a lot of debug information. | |
274 | # | |
275 | # The default value is zero (0). | |
276 | # | |
277 | # Commandline equivalent -D | |
278 | # | |
279 | ||
280 | ARGUS_DEBUG_LEVEL=0 | |
281 | ||
282 | ||
283 | # Argus can be configured to report on flows in a manner than | |
284 | # provides the best information for calculating application | |
285 | # reponse times and network round trip times. | |
286 | # | |
287 | # The default value is to not generate this data. | |
288 | # | |
289 | # Commandline equivalent -R | |
290 | # | |
291 | ||
292 | ARGUS_GENERATE_RESPONSE_TIME_DATA=no | |
293 | ||
294 | ||
295 | # Argus can be configured to generate packet jitter information | |
296 | # on a per flow basis. The default value is to not generate | |
297 | # this data. | |
298 | # | |
299 | # Commandline equivalent -J | |
300 | # | |
301 | ||
302 | ARGUS_GENERATE_JITTER_DATA=no | |
303 | ||
304 | ||
305 | # Argus can be configured to provide MAC addresses in | |
306 | # it audit data. The default value is to not generate | |
307 | # this data. | |
308 | # | |
309 | # Commandline equivalent -m | |
310 | # | |
311 | ||
312 | ARGUS_GENERATE_MAC_DATA=yes | |
313 | ||
314 | ||
315 | # Argus can be configured to generate metrics that include | |
316 | # the application byte counts as well as the packet count | |
317 | # and byte counters. | |
318 | # | |
319 | # No commandline equivalent | |
320 | # | |
321 | ||
322 | ARGUS_GENERATE_APPBYTE_METRIC=no | |
323 | ||
324 | ||
325 | # Argus by default, generates extended metrics for TCP | |
326 | # that include the connection setup time, window sizes, | |
327 | # base sequence numbers, and retransmission counters. | |
328 | # You can suppress this detailed information using this | |
329 | # variable. | |
330 | # | |
331 | # No commandline equivalent | |
332 | # | |
333 | ||
334 | #ARGUS_GENERATE_TCP_PERF_METRIC=yes | |
335 | ||
336 | ||
337 | # Argus can be configured to capture a number of user data | |
338 | # bytes from the packet stream. | |
339 | # | |
340 | # The default value is to not generate this data. | |
341 | # | |
342 | # Commandline equivalent -U | |
343 | # | |
344 | ||
345 | ARGUS_CAPTURE_DATA_LEN=32 | |
346 | ||
347 | ||
348 | # Argus uses the packet filter capabilities of libpcap. If | |
349 | # there is a need to not use the libpcap filter optimizer, | |
350 | # you can turn it off here. The default is to leave it on. | |
351 | # | |
352 | # Commandline equivalent -O | |
353 | # | |
354 | ||
355 | ARGUS_FILTER_OPTIMIZER=yes | |
356 | ||
357 | ||
358 | # You can provide a filter expression here, if you like. | |
359 | # It should be limited to 2K in length. The default is to | |
360 | # not filter. | |
361 | # | |
362 | # No Commandline equivalent | |
363 | # | |
364 | ||
365 | ARGUS_FILTER="" | |
366 | ||
367 | ||
368 | # Argus allows you to capture packets in tcpdump() format | |
369 | # if the source of the packets is a tcpdump() formatted | |
370 | # file or live packet source. | |
371 | # | |
372 | # Specify the path to the packet capture file here. | |
373 | # | |
374 | ||
375 | #ARGUS_PACKET_CAPTURE_FILE="/var/log/argus/packet.out" | |
376 | ||
377 | ||
378 | # Argus supports the use of SASL to provide strong | |
379 | # authentication and confidentiality protection. | |
380 | # | |
381 | # The policy that argus uses is controlled through | |
382 | # the use of a minimum and maximum allowable protection | |
383 | # strength. Set these variable to control this policy. | |
384 | # | |
385 | ||
386 | #ARGUS_MIN_SSF=40 | |
387 | #ARGUS_MAX_SSF=128 | |
388 |