]>
Commit | Line | Data |
---|---|---|
d31e0d15 | 1 | # |
2 | # Argus Software | |
3 | # Copyright (c) 2000-2007 QoSient, LLC | |
4 | # All rights reserved. | |
5 | # | |
6 | # This program is free software; you can redistribute it and/or modify | |
7 | # it under the terms of the GNU General Public License as published by | |
8 | # the Free Software Foundation; either version 2, or (at your option) | |
9 | # any later version. | |
10 | # | |
11 | # This program is distributed in the hope that it will be useful, | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | # GNU General Public License for more details. | |
15 | # | |
16 | # You should have received a copy of the GNU General Public License | |
17 | # along with this program; if not, write to the Free Software | |
18 | # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. | |
19 | # | |
20 | # | |
21 | # Example .rarc | |
22 | # | |
23 | # Ra* clients will open this file if its in the users HOME directory, | |
24 | # or in the $ARGUSHOME directory, and parse it to set common configuration | |
25 | # options. All of these values will be overriden by those options | |
26 | # set on the command line, or in the file specified using the -f option. | |
27 | # | |
28 | # Values can be quoted to make string denotation easier, however, the | |
29 | # parser does not require that string values be quoted. To support this, | |
30 | # the parse will remove '\"' characters from input strings, so do not | |
31 | # use this character in strings themselves. | |
32 | # | |
33 | # Values specified as "" will be treated as a NULL string, and the parser | |
34 | # will ignore the variable setting. | |
35 | ||
36 | # | |
37 | # All ra* clients can attach to a remote server, and collect argus data | |
38 | # in real time. This variable can be a name or a dot notation IP address. | |
39 | # | |
40 | #RA_ARGUS_SERVER=localhost:561 | |
41 | ||
42 | ||
43 | # All ra* clients can read Cicso Netflow records directly from Cisco | |
44 | # routers. Specifying this value will alert the ra* client to open | |
45 | # a UDP based socket listening for data on this port number. | |
46 | # | |
47 | #RA_CISCONETFLOW_PORT= | |
48 | ||
49 | ||
50 | # Any ra* program can generate a pid file, which can be | |
51 | # used to control the number of instances that the system | |
52 | # can support. However, creating a system pid file may | |
53 | # require priviledges that are inappropriate for all cases. | |
54 | # | |
55 | # When configured to generate a pid file, if a file called | |
56 | # ra*.pid (where ra* is the name of the program in question) | |
57 | # exists in the RA_PID_PATH directory, and a program | |
58 | # exists with a pid that matches the one contained in the | |
59 | # file, then the program will not start. If the pid does | |
60 | # not exist, then the ra* program replaces the value in the | |
61 | # file, with its own pid. If a pid file does not exist, | |
62 | # then the ra* program will create it in the RA_PID_PATH | |
63 | # directory, if it can. The end result is that the system | |
64 | # will support only one instanace of the program, based | |
65 | # on name, running at a time. | |
66 | # | |
67 | # The default value is to not generate a pid. The default | |
68 | # path for the pid file, is /var/run. | |
69 | # | |
70 | # No Commandline equivalent | |
71 | # | |
72 | # | |
73 | RA_SET_PID="no" | |
74 | RA_PID_PATH="/var/run" | |
75 | ||
76 | ||
77 | # Argus supports the use of SASL to provide strong | |
78 | # authentication and confidentiality protection. | |
79 | # | |
80 | # When argus is compiled with SASL support, ra* clients may be | |
81 | # required to authenticate to the argus server before the argus | |
82 | # will accept the connection. This variable will allow one to | |
83 | # set the user and authorization id's, if needed. Although | |
84 | # not recommended you can provide a password through the | |
85 | # RA_AUTH_PASS variable. The format for this variable is: | |
86 | # | |
87 | # RA_USER_AUTH="user_id/authorization_id" | |
88 | # | |
89 | #RA_USER_AUTH="user/user" | |
90 | #RA_AUTH_PASS="password" | |
91 | ||
92 | # The clients can specify a part of the negotiation of the | |
93 | # security policy that argus uses. This is controlled through | |
94 | # the use of a minimum and maximum allowable protection | |
95 | # strength values. Set these variable to control this policy. | |
96 | # | |
97 | ||
98 | RA_MIN_SSF=0 | |
99 | RA_MAX_SSF=128 | |
100 | ||
101 | ||
102 | ||
103 | # All ra* clients can support writing its output as Argus Records into | |
104 | # a file. Stdout can be specified using "-". | |
105 | # | |
106 | #RA_OUTPUT_FILE="" | |
107 | ||
108 | ||
109 | # All ra* clients can support filtering its input based on a time | |
110 | # range. The format is: | |
111 | # timeSpecification[-timeSpecification] | |
112 | # | |
113 | # where the format of a timeSpecification can be one of these: | |
114 | # [mm/dd[/yy].]hh[:mm[:ss]] | |
115 | # mm/dd[/yy] | |
116 | # | |
117 | #RA_TIMERANGE="" | |
118 | ||
119 | ||
120 | # All ra* clients can support running for a number of seconds, | |
121 | # while attached to a remote source of argus data. This is a type | |
122 | # of polling. The default is zero (0), which means run indefinately. | |
123 | # | |
124 | RA_RUN_TIME=0 | |
125 | ||
126 | ||
127 | # Most ra* clients are designed to print argus records out in ASCII, | |
128 | # with each client supporting its own output formats. For ra() like | |
129 | # clients, this variable will generate column headers as labels. | |
130 | # The number is the number of lines between repeated header output. | |
131 | # Setting this value to zero (0) will cause the labels to be printed | |
132 | # once. If you don't want labels, then comment this line out or | |
133 | # delete it. | |
134 | # | |
135 | # | |
136 | RA_PRINT_LABELS=0 | |
137 | ||
138 | ||
139 | # All ra* clients are designed to provide flexibility in what data | |
140 | # is printed when configured to generate ASCII output. | |
141 | # For ra() like clients, this variable overide the default field | |
142 | # printing specification. This is the equivalent to the "-s option". | |
143 | # The below example is the default field definition. | |
144 | # | |
145 | RA_FIELD_SPECIFIER="stime flgs proto saddr sport dir daddr dport pkts bytes state" | |
146 | ||
147 | ||
148 | # Most ra* clients are designed to print argus records out in ASCII, | |
149 | # with each client supporting its own output formats. For ra() like | |
150 | # clients, this variable can overide the default field delimiter, | |
151 | # which are variable spans of space (' '), to be any character. | |
152 | # The most common are expected to be '\t' for tabs, and ',' for | |
153 | # comma separated fields. | |
154 | # | |
155 | RA_FIELD_DELIMITER='' | |
156 | ||
157 | ||
158 | # For ra() like clients, this variable will control the | |
159 | # translation of numbers to names, such as resolving hostnames, | |
160 | # and print port or protocol names. There can be a huge performance | |
161 | # impact with name lookup, so the default is to not resolve hostnames. | |
162 | # | |
163 | # Valid options are 'none' to print no names, 'proto' | |
164 | # translate the protocol names, 'port' to translate | |
165 | # port names, and 'all' to translate all fields. An | |
166 | # invalid value will default to 'port', silently. | |
167 | # | |
168 | RA_PRINT_NAMES=port | |
169 | ||
170 | ||
171 | # For ra() like clients, this variable will include the response | |
172 | # data that is provided by Argus. This is protocol and state | |
173 | # specific. | |
174 | # | |
175 | RA_PRINT_RESPONSE_DATA=no | |
176 | ||
177 | ||
178 | # For ra() like clients, this variable will force the timestamp | |
179 | # to be in Unix time format, which is an integer representing the | |
180 | # number of elapsed seconds since the epoch. | |
181 | # | |
182 | RA_PRINT_UNIX_TIME=no | |
183 | ||
184 | ||
185 | # For ra() like clients, the format that is used to print | |
186 | # timestamps, is based on the strftime() library call, with | |
187 | # an extension to print fractions of a sec "%f". The | |
188 | # default is "%T.%f". You can overide this default time | |
189 | # format by setting this variable. This string must conform | |
190 | # to the format specified in strftime(). Malformed strings can | |
191 | # generate interesting output, so be aware with this one, and | |
192 | # don't forget the '.' when doing fractions of a second. | |
193 | # | |
194 | RA_TIME_FORMAT="%T.%f" | |
195 | ||
196 | ||
197 | # The timezone used for timestamps is specified by the | |
198 | # tzset() library routines, and is normally specified by | |
199 | # factors such as the TZ environment variable found on | |
200 | # most machines. You can override the TZ environment variable | |
201 | # by specifying a time zone using this variable. The format | |
202 | # of this string must conform to the format specified by | |
203 | # tzset(3). | |
204 | # | |
205 | #RA_TZ="EST5EDT4,M3.2.0/02,M11.1.0/02" | |
206 | ||
207 | ||
208 | # For ra() like clients, this variable is used to override the | |
209 | # time format of the timestamp. This variable specifies the | |
210 | # number of decimal places that will be printed as the fractional | |
211 | # part of the time. Argus collects usec precision, and so a | |
212 | # maximum value of 6 is supported. To not print the fractional | |
213 | # part, specify the value zero (0). | |
214 | # | |
215 | RA_USEC_PRECISION=6 | |
216 | ||
217 | ||
218 | # Argus can capture user data. When printing out the user data | |
219 | # contents, using tools such as raxml(), the type of encoding | |
220 | # can be specified here. Supported values are "Ascii", "Encode64", | |
221 | # or "Encode32". | |
222 | # | |
223 | #RA_USERDATA_ENCODE=Encode32 | |
224 | #RA_USERDATA_ENCODE=Encode64 | |
225 | RA_USERDATA_ENCODE=Ascii | |
226 | ||
227 | # If compiled to support this option, ra* clients are capable | |
228 | # of generating a lot of use [full | less | whatever] debug | |
229 | # information. The default value is zero (0). | |
230 | # | |
231 | RA_DEBUG_LEVEL=0 | |
232 | ||
233 | # Ra style clients use a non-blocking method to connect to | |
234 | # remote data sources, so the user can control how long to | |
235 | # wait if a remote source doesn't respond. This variable sets | |
236 | # the number of seconds to wait. This number should be set to | |
237 | # a reasonable value (5 < value < 60). The default value is | |
238 | # 10 seconds. | |
239 | # | |
240 | #RA_CONNECT_TIME=10 | |
241 | ||
242 | ||
243 | # You can provide a filter expression here, if you like. | |
244 | # It should be limited to 2K in length. The default is to | |
245 | # not filter. | |
246 | # | |
247 | #RA_FILTER="" | |
248 | ||
249 | ||
250 | # Some ra* clients have an interval based function. Ratop, as an | |
251 | # example, can refresh the screen at a fixed interval. This variable | |
252 | # can be set using the RA_UPDATE_INTERVAL variable, which is a | |
253 | # float in seconds. 0.5 seconds is the default. | |
254 | # | |
255 | #RA_UPDATE_INTERVAL=0.5 |