############################################################################# # Collector Parameters # Passive Collector # Version 0.1 ############################################################################# # Pandora data in path incomingdir /home/dario/incoming_iptraf/ # Interval interval 300 # Interface where the IPTraf will search. 'interface all' for search on all interfaces iface all # Min size of each register of the log that will be stored min_size 0 # IPTraf log file full path. This log will be deleted and created again in each execution log_path /var/log/iptraf-ng/ip_traffic-1.log ############################################################################# # Rules ############################################################################# # Process rules: # This rules will process all the packages that match with anyone of them # # Discard rules: # This rules will discard all the packages that match with anyone of them # # Side of search: # IPs and Ports could be searched in source or destination. Prefix 'src_' is # to search on source and prefix 'dst_' is to search on destination. # # Ip match: # The IP after 'dst_ip' or 'src_ip' will be searched. If the Ip is followed # by '/' and a net mask, all of the IPs of this net will searched # # Port match: # The Port after 'dst_port' or 'src_port' will be searched. # If appear various ports separated by ',' (i.e.: 8080,80,21,22), all the # list ports will be searched. # If appear two ports separated by '-' (i.e.: 21-80), all the ports of this # range will be searched. # # Negation: # Is possible to negate a condition with the symbol '!' before the following # strings: 'src_ip' and 'dst_ip' to negate the ip condition or 'src_port' # and 'dst_port' to negate the port condition. # # Rules examples: # # discard src_ip 192.168.80.0/24 !src_port 8080 # process !dst_ip 192.168.40.23 src_port 8080 # process !dst_ip 192.168.50.1/32 !dst_port 21 # ############################################################################# # Process rules process src_ip 192.168.70.0/24 !src_port 0 protocol TCP,UDP