- todo

[packages/argus.git] / argus.conf

# 
# Argus Software
# Copyright (c) 2000-2007 QoSient, LLC
# All rights reserved.
# 
# Example  argus.conf
#
# Argus will open this argus.conf if its installed as /etc/argus.conf.
# It will also search for this file as argus.conf in directories
# specified in $ARGUSPATH, or $ARGUSHOME, $ARGUSHOME/lib,
# or $HOME, $HOME/lib, and parse it to set common configuration
# options.  All values in this file can be overriden by command
# line options, or other files of this format that can be read in
# using the -F option.
#
#
# Variable Syntax
# 
# Variable assignments must be of the form:
#
#   VARIABLE=
#
# with no white space between the VARIABLE and the '=' sign.
# Quotes are optional for string arguements, but if you want
# to embed comments, then quotes are required.
#
#
# Variable Explanations
#
# The Argus can be configured to support a large number of
# flow types.  The Argus can provide either type, i.e.
# uni-directional or bi-directional flow tracking and
# the flow can be further defined by specifying the key.
# The argus supports a set of well known key strategies,
# such as 'CLASSIC_5_TUPLE', 'LAYER_3_MATRIX', 'LAYER_2_MATRIX',
# 'MPLS', and/or 'VLAN', or the argus can be configured to
# formulate key strategies from a list of the specific
# objects that the Argus understands.  See the man page for
# a complete description.
#
# The default is the classic 5-tuple IP flow, CLASSIC_5_TUPLE.
#

ARGUS_FLOW_TYPE="Bidirectional"
ARGUS_FLOW_KEY="CLASSIC_5_TUPLE"


# Argus is capable of running as a daemon, doing all the right things
# that daemons do.  When this configuration is used for the system
# daemon process, say for /etc/argus.conf, this variable should be
# set to "yes".
#
# The default value is to not run as a daemon.
#
# This example is to support the ./support/Startup/argus script
# which requires that this variable be set to "yes".
#
# Commandline equivalent   -d
#

ARGUS_DAEMON=yes


# Argus Monitor Data is uniquely identifiable based on the source
# identifier that is included in each output record.  This is to
# allow you to work with Argus Data from multiple monitors at the
# same time.  The ID is 32 bits long, and so legitimate values are
# 0 - 4294967296 but argus also supports IP addresses as values.
# The configuration allows for you to use host names, however, do
# have some understanding how `hostname` will be resolved by the
# nameserver before commiting to this strategy completely.
#
# Commandline equivalent   -e
#
                                          
ARGUS_MONITOR_ID=`hostname`
                                          

# Argus monitors can provide a real-time remote access port
# for collecting Argus data.  This is a TCP based port service and
# the default port number is tcp/561, the "experimental monitor"
# service.  This feature is disabled by default, and can be forced
# off by setting it to zero (0).
#
# When you do want to enable this service, 561 is a good choice,
# as all ra* clients are configured to try this port by default.
#
# Commandline equivalent   -P
#

ARGUS_ACCESS_PORT=561


# When remote access is enabled (see above), you can specify that Argus
# should bind only to a specific IP address. This is useful, for example,
# in restricting access to the local host, or binding to a private
# interface while capturing from another. The default is to bind to any
# IP address.
#
# Commandline equivalent  -B
#

#ARGUS_BIND_IP="127.0.0.1"


# By default, Argus will open the first appropriate interface on a
# system that it encounters.  For systems that have only one network
# interface, this is a reasonable thing to do.  But, when there are
# more than one suitable interface, you should specify which
# interface(s) Argus should read data from.
#
# Argus can read packets from multiple interfaces at the same time,
# although this is limited to 2 interfaces at this time.  Specify
# this in this file with multiple ARGUS_INTERFACE directives.
#
# Commandline equivalent   -i
#

#ARGUS_INTERFACE=


# By default, Argus will put its interface in promiscuous mode
# in order to monitor all the traffic that can be collected.
# This can put an undo load on systems. 
 
# If the intent is to monitor only the network activity of
# the specific system, say to measure the performance of
# an HTTP service or DNS service, you'll want to turn 
# promiscuous mode off.
#
# The default value is go into prmiscuous mode.
#
# Commandline equivalent   -p
#
 
#ARGUS_GO_PROMISCUOUS=yes


# By default, Argus will provide its own reliable output collection
# functions, which include writing out to multiple files, supporting
# multiple concurrent remote clients, independent output filtering and
# strong authentication and encryption. The support for each of these
# functions increases the CPU requirements of argus, and as such, in
# high load environments, may not be desireable.
# 
# When argus's collection functions are disabled, the only way to access
# data is through a socket, and as a result the ARGUS_ACCESS_PORT
# and ARGUS_BIND_ADDRESS mechanisms may need to be used.
#
# Commandline equivalent   -c
#
 
#ARGUS_COLLECTOR=yes


# Argus supports chroot(2) in order to control the file system that
# argus exists in and can access.  Generally used when argus is running
# with privileges, this limits the negative impacts that argus could
# inflict on its host machine. 
#
# This option will cause the output file names to be relative to this
# directory, and so consider this when trying to find your output files.
#
# Commandline equivalent   -C
#

#ARGUS_CHROOT_DIR=/chroot_dir


# Argus can be directed to change its user id using the setuid() system
# call.  This is can used when argus is started as root, in order to
# access privileged resources, but then after the resources are opened,
# this directive will cause argus to change its user id value to
# a 'lesser' capable account.  Recommended when argus is running as
# daemon.
#
# Commandline equivalent   -u
#

#ARGUS_SETUSER_ID=user


# Argus can be directed to change its group id using the setgid() system
# call.  This is can used when argus is started as root, in order to
# access privileged resources, but then after the resources are opened,
# this directive can be used to change argu's group id value to
# a 'lesser' capable account.  Recommended when argus is running as
# daemon.
#
# Commandline equivalent   -g
#

#ARGUS_SETGROUP_ID=group
 

# Argus can write its output to one or a number of files.
# The default limit is 5 concurrent files, each with their
# own independant filters.
#
# The format is:
#      ARGUS_OUTPUT_FILE=/full/path/file/name
#      ARGUS_OUTPUT_FILE="/full/path/file/name filter"
#
# Most sites will have argus write to a file, for reliablity.
# The example file name is used here as supporting programs,
# such as ./support/Archive/argusarchive are configured to use
# this file (with any chroot'd directory prepended).
#
# Commandline equivalent   -w
#

#ARGUS_OUTPUT_FILE=/var/log/argus/argus.out


# When Argus is configured to run as a daemon, with the -d
# option, Argus can store its pid in a file, to aid in
# managing the running daemon.  However, creating a system
# pid file requires priviledges that may not be appropriate
# for all cases.
#
# When configured to generate a pid file, if Argus cannot
# create the pid file, it will fail to run.  This variable
# is available to override the default, in case this gets
# in your way.
#
# The default value is to generate a pid.  The default
# path for the pid file, is '/var/run'.
#
# No Commandline equivalent   
#

ARGUS_SET_PID=yes
ARGUS_PID_PATH="/var/run"


# Argus will periodically report on a flow's activity every
# ARGUS_FLOW_STATUS_INTERVAL seconds, as long as there is
# new activity on the flow.  This is so that you can get a
# multiple status reports into the activity of a flow.  The
# default is 5 seconds, but this number may be too low or
# too high depending on your uses.  Argus does suppport
# a minimum value of 0.000001 seconds.  Values under 1 sec
# are very useful for doing measurements in a controlled
# experimental environment where the number of flows is small.
# 
# Because the status interval affects the memory utilization
# of the monitor, find the minimum acceptable value is 
# recommended.
#
# Commandline equivalent   -S
#

ARGUS_FLOW_STATUS_INTERVAL=5


# Argus will periodically report on a its own health, providing
# interface status, total packet and bytes counts, packet drop
# rates, and flow oriented statistics.
#
# These records can be used as "keep alives" for periods when
# there is no network traffic to be monitored.
#
# The default value is 300 seconds, but a value of 60 seconds is
# very common.
#
# Commandline equivalent   -M
#

ARGUS_MAR_STATUS_INTERVAL=60


# If compiled to support this option, Argus is capable of
# generating a lot of debug information.
#
# The default value is zero (0).
#
# Commandline equivalent   -D
#

ARGUS_DEBUG_LEVEL=0


# Argus can be configured to report on flows in a manner than
# provides the best information for calculating application
# reponse times and network round trip times.
#
# The default value is to not generate this data.
#
# Commandline equivalent   -R
#
 
ARGUS_GENERATE_RESPONSE_TIME_DATA=no


# Argus can be configured to generate packet jitter information
# on a per flow basis.  The default value is to not generate
# this data.
#
# Commandline equivalent   -J
#
 
ARGUS_GENERATE_JITTER_DATA=no 


# Argus can be configured to provide MAC addresses in
# it audit data. The default value is to not generate
# this data.
#
# Commandline equivalent   -m
#
 
ARGUS_GENERATE_MAC_DATA=yes


# Argus can be configured to generate metrics that include
# the application byte counts as well as the packet count
# and byte counters.
#
# No commandline equivalent
#

ARGUS_GENERATE_APPBYTE_METRIC=no


# Argus by default, generates extended metrics for TCP
# that include the connection setup time, window sizes,
# base sequence numbers, and retransmission counters.
# You can suppress this detailed information using this
# variable.
# 
# No commandline equivalent
# 

#ARGUS_GENERATE_TCP_PERF_METRIC=yes


# Argus can be configured to capture a number of user data
# bytes from the packet stream.
#
# The default value is to not generate this data.
#
# Commandline equivalent   -U
#
 
ARGUS_CAPTURE_DATA_LEN=32


# Argus uses the packet filter capabilities of libpcap.  If
# there is a need to not use the libpcap filter optimizer,
# you can turn it off here.  The default is to leave it on.
#
# Commandline equivalent   -O
#

ARGUS_FILTER_OPTIMIZER=yes


# You can provide a filter expression here, if you like.
# It should be limited to 2K in length.  The default is to
# not filter.
#
# No Commandline equivalent
#

ARGUS_FILTER=""


# Argus allows you to capture packets in tcpdump() format
# if the source of the packets is a tcpdump() formatted
# file or live packet source.
#
# Specify the path to the packet capture file here.
#

#ARGUS_PACKET_CAPTURE_FILE="/var/log/argus/packet.out"


# Argus supports the use of SASL to provide strong 
# authentication and confidentiality protection.
#
# The policy that argus uses is controlled through
# the use of a minimum and maximum allowable protection
# strength.  Set these variable to control this policy.
#

#ARGUS_MIN_SSF=40
#ARGUS_MAX_SSF=128