68 lines
2.1 KiB
Plaintext
68 lines
2.1 KiB
Plaintext
|
#############################################################################
|
||
|
# Collector Parameters
|
||
|
# Passive Collector
|
||
|
# Version 0.1
|
||
|
#############################################################################
|
||
|
|
||
|
# Pandora data in path
|
||
|
|
||
|
incomingdir /home/dario/incoming_iptraf/
|
||
|
|
||
|
# Interval
|
||
|
|
||
|
interval 300
|
||
|
|
||
|
# Interface where the IPTraf will search. 'interface all' for search on all interfaces
|
||
|
|
||
|
iface all
|
||
|
|
||
|
# Min size of each register of the log that will be stored
|
||
|
|
||
|
min_size 0
|
||
|
|
||
|
# IPTraf log file full path. This log will be deleted and created again in each execution
|
||
|
|
||
|
log_path /var/log/iptraf-ng/ip_traffic-1.log
|
||
|
|
||
|
#############################################################################
|
||
|
# Rules
|
||
|
#############################################################################
|
||
|
# Process rules:
|
||
|
# This rules will process all the packages that match with anyone of them
|
||
|
#
|
||
|
# Discard rules:
|
||
|
# This rules will discard all the packages that match with anyone of them
|
||
|
#
|
||
|
# Side of search:
|
||
|
# IPs and Ports could be searched in source or destination. Prefix 'src_' is
|
||
|
# to search on source and prefix 'dst_' is to search on destination.
|
||
|
#
|
||
|
# Ip match:
|
||
|
# The IP after 'dst_ip' or 'src_ip' will be searched. If the Ip is followed
|
||
|
# by '/' and a net mask, all of the IPs of this net will searched
|
||
|
#
|
||
|
# Port match:
|
||
|
# The Port after 'dst_port' or 'src_port' will be searched.
|
||
|
# If appear various ports separated by ',' (i.e.: 8080,80,21,22), all the
|
||
|
# list ports will be searched.
|
||
|
# If appear two ports separated by '-' (i.e.: 21-80), all the ports of this
|
||
|
# range will be searched.
|
||
|
#
|
||
|
# Negation:
|
||
|
# Is possible to negate a condition with the symbol '!' before the following
|
||
|
# strings: 'src_ip' and 'dst_ip' to negate the ip condition or 'src_port'
|
||
|
# and 'dst_port' to negate the port condition.
|
||
|
#
|
||
|
# Rules examples:
|
||
|
#
|
||
|
# discard src_ip 192.168.80.0/24 !src_port 8080
|
||
|
# process !dst_ip 192.168.40.23 src_port 8080
|
||
|
# process !dst_ip 192.168.50.1/32 !dst_port 21
|
||
|
#
|
||
|
#############################################################################
|
||
|
|
||
|
# Process rules
|
||
|
|
||
|
process src_ip 192.168.70.0/24 !src_port 0 protocol TCP,UDP
|
||
|
|