WebSVN – ALCASAR – Diff – /conf/nfsen/nfsen.conf


##############################
#
# NfSen master config file
#
# $Id: nfsen-dist.conf 22 2007-11-20 12:27:38Z phaag $
#
# Configuration of NfSen:
# Set all the values to fit your NfSen setup and run the 'install.pl'
# script from the nfsen distribution directory.
#
# The syntax must conform to Perl syntax.
#
##############################
#
# NfSen default layout: 
# Any scripts, modules or profiles are installed by default under $BASEDIR. 
# However, you may change any of these settings to fit your requested layout.
 
#
# Required for default layout
$BASEDIR = "/usr";
 
#
# Where to install the NfSen binaries
$BINDIR="${BASEDIR}/bin";
 
#
# Where to install the NfSen Perl modules
$LIBEXECDIR="${BASEDIR}/libexec";
 
#
# Where to install the config files
$CONFDIR="/etc";
 
#
# NfSen html pages directory:
# All php scripts will be installed here.
# URL: Entry point for nfsen: http://<webserver>/nfsen/nfsen.php
$HTMLDIR    = "/var/www/html/acc/manager/nfsen";
 
#
# Where to install the docs
$DOCDIR="${HTMLDIR}/doc";
 
#
# Var space for NfSen
$VARDIR="/var";
 
# directory for all pid files
$PIDDIR="$VARDIR/run/nfsen";
#
# Filter directory
$FILTERDIR="$VARDIR/filters";
#
 
# FORMATDIR for custom printing formats
$FORMATDIR="$VARDIR/fmt";
#
 
#
# The Profiles stat directory, where all profile information
# RRD DBs and png pictures of the profile are stored
$PROFILESTATDIR="$VARDIR/log/nfsen/profiles-stat";
 
#
# The Profiles directory, where all netflow data is stored
$PROFILEDATADIR="$VARDIR/log/nfsen/profiles-data";
 
#
# Where go all the backend plugins
$BACKEND_PLUGINDIR="${BASEDIR}/share/nfsen/plugins";
 
#
# Where go all the frontend plugins
$FRONTEND_PLUGINDIR="${HTMLDIR}/plugins";
 
#
# nfdump tools path
$PREFIX  = '/usr/bin';
 
#
# nfsend communication socket
# $COMMSOCKET = "$PIDDIR/nfsen.comm";
 
# BASEDIR unrelated vars:
#
# Run nfcapd as this user
# This may be a different or the same uid than your web server.
# Note: This user must be in group $WWWGROUP, otherwise nfcapd
#       is not able to write data files!
$USER    = "apache";
 
# user and group of the web server process
# All netflow processing will be done with this user
$WWWUSER  = "apache";
$WWWGROUP = "apache";
 
# Receive buffer size for nfcapd - see man page nfcapd(1)
$BUFFLEN = 200000;
 
# list of extensions for each collector. See argument -T 
# for nfcapd(1) for more detailes.
# defaults to empty -> compatible to nfdump-1.5.8
# $EXTENSIONS = '';
# Example:
# $EXTENSIONS = 'all';
# $EXTENSIONS = '+3,+4';
#
# Directory sub hierarchy layout:
# Possible layouts:
#
# 0 default     no hierachy levels - flat layout - compatible with pre NfSen versions
# 1 %Y/%m/%d    year/month/day
# 2 %Y/%m/%d/%H year/month/day/hour
# 3 %Y/%W/%u    year/week_of_year/day_of_week
# 4 %Y/%W/%u/%H year/week_of_year/day_of_week/hour
# 5 %Y/%j       year/day-of-year
# 6 %Y/%j/%H    year/day-of-year/hour
# 7 %Y-%m-%d    year-month-day
# 8 %Y-%m-%d/%H year-month-day/hour
$SUBDIRLAYOUT = 7;
 
# Compress flows while collecting 0 or 1
$ZIPcollected	 = 1;
 
# Compress flows in profiles 0 or 1
$ZIPprofiles	 = 1;
 
# Interrupt expire -- not yet enabled as not yet fully tested
#$InterruptExpire = 0;
 
# number of nfprofile processes to spawn during the profiling phase
# depends on how busy your system is and how many CPUs you have
# on very busy systems increase it to a higher value
$PROFILERS = 2;
 
# if the PROFILEDATADIR is filled up to this percentage, a warning message will be printed.
# set to 0 to disable the test
$DISKLIMIT = 98;
 
# number of nfprofile processes to spawn during the profiling phase
$PROFILERS = 6;
 
# Netflow sources
# Define an ident string, port and colour per netflow source
#
# Required parameters:
#    ident   identifies this netflow source. e.g. the router name, 
#            Upstream provider name etc.
#    port    nfcapd listens on this port for netflow data for this source
#			 set port to '0' if you do not want a collector to be started
#    col     colour in nfsen graphs for this source
#
# Optional parameters
#    type    Collector type needed for this source. Can be 'netflow' or 'sflow'. Default is netflow
#	 optarg	 Optional args to the collector at startup
#
# Syntax: 
#         'ident' => { 'port' => '<portnum>', 'col' => '<colour>', 'type' => '<type>' }
# Ident strings must be 1 to 19 characters long only, containing characters [a-zA-Z0-9_].
 
%sources = (
    'alcasar_netflow'    => { 'port' => '2055', 'col' => '#0000ff', 'type' => 'netflow' },
);
 
#
# Low water mark: When expiring files, delete files until
# size = $low_water % of max_size
# typically 90 
$low_water = 90;
 
#
# syslog facility for periodic jobs
# nfsen uses level 'debug', 'info', 'warning' and 'err'
# Note: nfsen is very chatty for level 'debug' and 'info'
# For normal operation, you may set the logging level in syslog.conf
# to warning or error unless you want to debug NfSen
$syslog_facility = 'local3';
 
#
# SYSLOG mess 
# Log socket type: Most *NIX such as LINUX and *BSD are fine with 'unix'
# which is the default. You need to change that to 'stream' or 'inet' for 
# some Solaris version 8/9, AIX and others ..
# You may set it to undef to prevent calling Sys::Syslog::setlogsock at all
# ( works for Solaris 10 and newer Sys::Syslog module
#
# If not defined at all, 'unix' is assumed unless for Solaris, which defaults to 'stream'
# $LogSocket = 'unix';
 
#
# Plugins
# Plugins extend NfSen for the purpose of: 
# Periodic data processing, alerting-condition and alerting-action
# For data processing a plugin may run for any profile or for a specific profile only.
#     Syntax: [ 'profile list', 'module' ]
#            profile list:  ',' separated list of profiles ( 'profilegroup/profilename' ), 
#                           or '*' for any profile, '!' for no profile
#            module:        Perl Module name, equal to plugin name 
# The profile list '!' make sense for plugins, which only provide alerting functions
#
# The module follows the standard Perl module conventions, with at least one
# function: Init(). See demoplugin.pm for a simple template.
#
# A file with the same name in the FRONTEND_PLUGINDIR and .php extension is automatically
# recongized as frontend plugin.
#
# Plugins are installed under 
# $BACKEND_PLUGINDIR and $FRONTEND_PLUGINDIR
 
@plugins = (
    # profile    # module
     [ 'live','PortTracker' ],
);
 
%PluginConf = (
	# For plugin demoplugin
	demoplugin => {
		# scalar
		param2 => 42,
		# hash
		param1 => { 'key' => 'value' },
	},
	# for plugin otherplugin
	otherplugin => [ 
		# array
		'mary had a little lamb' 
	],
);
 
#
# Alert module: email alerting:
# Use this from address 
$MAIL_FROM   = 'your@from.example.net';
 
# Use this SMTP server
$SMTP_SERVER = 'localhost';
 
# Use this email body:
# You may have multiple lines of text.
# Var substitution:
# @alert@ 		replaced by alert name
# @timeslot@	replaced by timeslot alert triggered
$MAIL_BODY	 = q{ 
Alert '@alert@' triggered at timeslot @timeslot@
};
 
######################################################
#
# For the NfSen simulator include the section below.
#
######################################################
#
# Nfsen Simulator
# The simulator requires, that you have already installed
# and configured NfSen. The simulation is based on already
# pre-colleted data, which you may get from another live 
# NfSen system.
# 
# Steps to setup the NfSen simulator:
# 1. Configure the sources of the live profile with the 
#    same names of the NfSen system, you take netflow data
#    for the simulation. Set the port for each netflow source
#    to 0 to prevent a collector to be started.
#    Install NfSen with this config in a seperate directory
# 2. Copy the pre-collected data into the appropriate 
#    netflow directory of the live profile.
# 3. Configure the simulator using the parameters below
#    Enable Simulation mode => $SIMmode = 1
#    Configure the time window of the pre-collected data.
#      tstart    => Start of time window. yyyymmddhhmm
#      tbegin    => Optional parameter. Start of simulation 
#                   profile exists already between tstart - tbegin
#      tend      => End of time window. yyyymmddhhmm
#      cycletime => simulation time in seconds of a 5min slot
#    Setting cycletime = 0 processes the cycles as fast as
#    possible. Please note, if you test plugings, your 
#    cycletime needs to be at least the time required to 
#    process all plugins.
# 4. Start nfsen: ../nfsen start
#    Simulation starts
#
# The simulator runs from tstart to tend and stops when tend
# is reached. You may stop the simulation at any given time
# using ./nfsen stop. To continue the simulation start NfSen
# again: ./nfsen start. You may reset the simulator at any
# given time using ./nfsen abort-reset. This stops the sumulation
# and rolls back to tstart. All profiles/alerts are deleted,
# so you may start from scratch again.
#
# Configure simulator parameters
#
# $SIMmode = 1;
# %sim = (
#    'tstart'     => '200707100000',	# Simulation data available from July 10th 2007 00:00
#    'tbegin'     => '200707110000',	# Simulation begins at July 11th 2007 00:00
#    'tend'       => '200707112355',	# Simulation ends at July 11th 2007 23:55
#    'cycletime'  => '30',				# 30s per 5min slot
# );
 
 

Subversion Repositories ALCASAR

(root)/conf/nfsen/nfsen.conf – Rev 1393 → 1534

Rev 1393		Rev 1534
1	`##############################`	1	`##############################`
2	`#`	2	`#`
3	`# NfSen master config file`	3	`# NfSen master config file`
4	`#`	4	`#`
5	`# $Id: nfsen-dist.conf 22 2007-11-20 12:27:38Z phaag $`	5	`# $Id: nfsen-dist.conf 22 2007-11-20 12:27:38Z phaag $`
6	`#`	6	`#`
7	`# Configuration of NfSen:`	7	`# Configuration of NfSen:`
8	`# Set all the values to fit your NfSen setup and run the 'install.pl'`	8	`# Set all the values to fit your NfSen setup and run the 'install.pl'`
9	`# script from the nfsen distribution directory.`	9	`# script from the nfsen distribution directory.`
10	`#`	10	`#`
11	`# The syntax must conform to Perl syntax.`	11	`# The syntax must conform to Perl syntax.`
12	`#`	12	`#`
13	`##############################`	13	`##############################`
14	`#`	14	`#`
15	`# NfSen default layout:`	15	`# NfSen default layout:`
16	`# Any scripts, modules or profiles are installed by default under $BASEDIR.`	16	`# Any scripts, modules or profiles are installed by default under $BASEDIR.`
17	`# However, you may change any of these settings to fit your requested layout.`	17	`# However, you may change any of these settings to fit your requested layout.`
18		18
19	`#`	19	`#`
20	`# Required for default layout`	20	`# Required for default layout`
21	`$BASEDIR = "/usr";`	21	`$BASEDIR = "/usr";`
22		22
23	`#`	23	`#`
24	`# Where to install the NfSen binaries`	24	`# Where to install the NfSen binaries`
25	`$BINDIR="${BASEDIR}/bin";`	25	`$BINDIR="${BASEDIR}/bin";`
26		26
27	`#`	27	`#`
28	`# Where to install the NfSen Perl modules`	28	`# Where to install the NfSen Perl modules`
29	`$LIBEXECDIR="${BASEDIR}/libexec";`	29	`$LIBEXECDIR="${BASEDIR}/libexec";`
30		30
31	`#`	31	`#`
32	`# Where to install the config files`	32	`# Where to install the config files`
33	`$CONFDIR="/etc";`	33	`$CONFDIR="/etc";`
34		34
35	`#`	35	`#`
36	`# NfSen html pages directory:`	36	`# NfSen html pages directory:`
37	`# All php scripts will be installed here.`	37	`# All php scripts will be installed here.`
38	`# URL: Entry point for nfsen: http://<webserver>/nfsen/nfsen.php`	38	`# URL: Entry point for nfsen: http://<webserver>/nfsen/nfsen.php`
39	`$HTMLDIR = "/var/www/nfsen";`	39	`$HTMLDIR = "/var/www/html/acc/manager/nfsen";`
40		40
41	`#`	41	`#`
42	`# Where to install the docs`	42	`# Where to install the docs`
43	`$DOCDIR="${HTMLDIR}/doc";`	43	`$DOCDIR="${HTMLDIR}/doc";`
44		44
45	`#`	45	`#`
46	`# Var space for NfSen`	46	`# Var space for NfSen`
47	`$VARDIR="/var";`	47	`$VARDIR="/var";`
48		48
49	`# directory for all pid files`	49	`# directory for all pid files`
50	`$PIDDIR="$VARDIR/run/nfsen";`	50	`$PIDDIR="$VARDIR/run/nfsen";`
51	`#`	51	`#`
52	`# Filter directory`	52	`# Filter directory`
53	`$FILTERDIR="$VARDIR/filters";`	53	`$FILTERDIR="$VARDIR/filters";`
54	`#`	54	`#`
55		55
56	`# FORMATDIR for custom printing formats`	56	`# FORMATDIR for custom printing formats`
57	`$FORMATDIR="$VARDIR/fmt";`	57	`$FORMATDIR="$VARDIR/fmt";`
58	`#`	58	`#`
59		59
60	`#`	60	`#`
61	`# The Profiles stat directory, where all profile information`	61	`# The Profiles stat directory, where all profile information`
62	`# RRD DBs and png pictures of the profile are stored`	62	`# RRD DBs and png pictures of the profile are stored`
63	`$PROFILESTATDIR="$VARDIR/log/nfsen/profiles-stat";`	63	`$PROFILESTATDIR="$VARDIR/log/nfsen/profiles-stat";`
64		64
65	`#`	65	`#`
66	`# The Profiles directory, where all netflow data is stored`	66	`# The Profiles directory, where all netflow data is stored`
67	`$PROFILEDATADIR="$VARDIR/log/nfsen/profiles-data";`	67	`$PROFILEDATADIR="$VARDIR/log/nfsen/profiles-data";`
68		68
69	`#`	69	`#`
70	`# Where go all the backend plugins`	70	`# Where go all the backend plugins`
71	`$BACKEND_PLUGINDIR="${BASEDIR}/share/nfsen/plugins";`	71	`$BACKEND_PLUGINDIR="${BASEDIR}/share/nfsen/plugins";`
72		72
73	`#`	73	`#`
74	`# Where go all the frontend plugins`	74	`# Where go all the frontend plugins`
75	`$FRONTEND_PLUGINDIR="${HTMLDIR}/plugins";`	75	`$FRONTEND_PLUGINDIR="${HTMLDIR}/plugins";`
76		76
77	`#`	77	`#`
78	`# nfdump tools path`	78	`# nfdump tools path`
79	`$PREFIX = '/usr/bin';`	79	`$PREFIX = '/usr/bin';`
80		80
81	`#`	81	`#`
82	`# nfsend communication socket`	82	`# nfsend communication socket`
83	`# $COMMSOCKET = "$PIDDIR/nfsen.comm";`	83	`# $COMMSOCKET = "$PIDDIR/nfsen.comm";`
84		84
85	`# BASEDIR unrelated vars:`	85	`# BASEDIR unrelated vars:`
86	`#`	86	`#`
87	`# Run nfcapd as this user`	87	`# Run nfcapd as this user`
88	`# This may be a different or the same uid than your web server.`	88	`# This may be a different or the same uid than your web server.`
89	`# Note: This user must be in group $WWWGROUP, otherwise nfcapd`	89	`# Note: This user must be in group $WWWGROUP, otherwise nfcapd`
90	`# is not able to write data files!`	90	`# is not able to write data files!`
91	`$USER = "apache";`	91	`$USER = "apache";`
92		92
93	`# user and group of the web server process`	93	`# user and group of the web server process`
94	`# All netflow processing will be done with this user`	94	`# All netflow processing will be done with this user`
95	`$WWWUSER = "apache";`	95	`$WWWUSER = "apache";`
96	`$WWWGROUP = "apache";`	96	`$WWWGROUP = "apache";`
97		97
98	`# Receive buffer size for nfcapd - see man page nfcapd(1)`	98	`# Receive buffer size for nfcapd - see man page nfcapd(1)`
99	`$BUFFLEN = 200000;`	99	`$BUFFLEN = 200000;`
100		100
101	`# list of extensions for each collector. See argument -T`	101	`# list of extensions for each collector. See argument -T`
102	`# for nfcapd(1) for more detailes.`	102	`# for nfcapd(1) for more detailes.`
103	`# defaults to empty -> compatible to nfdump-1.5.8`	103	`# defaults to empty -> compatible to nfdump-1.5.8`
104	`# $EXTENSIONS = '';`	104	`# $EXTENSIONS = '';`
105	`# Example:`	105	`# Example:`
106	`# $EXTENSIONS = 'all';`	106	`# $EXTENSIONS = 'all';`
107	`# $EXTENSIONS = '+3,+4';`	107	`# $EXTENSIONS = '+3,+4';`
108	`#`	108	`#`
109	`# Directory sub hierarchy layout:`	109	`# Directory sub hierarchy layout:`
110	`# Possible layouts:`	110	`# Possible layouts:`
111	`#`	111	`#`
112	`# 0 default no hierachy levels - flat layout - compatible with pre NfSen versions`	112	`# 0 default no hierachy levels - flat layout - compatible with pre NfSen versions`
113	`# 1 %Y/%m/%d year/month/day`	113	`# 1 %Y/%m/%d year/month/day`
114	`# 2 %Y/%m/%d/%H year/month/day/hour`	114	`# 2 %Y/%m/%d/%H year/month/day/hour`
115	`# 3 %Y/%W/%u year/week_of_year/day_of_week`	115	`# 3 %Y/%W/%u year/week_of_year/day_of_week`
116	`# 4 %Y/%W/%u/%H year/week_of_year/day_of_week/hour`	116	`# 4 %Y/%W/%u/%H year/week_of_year/day_of_week/hour`
117	`# 5 %Y/%j year/day-of-year`	117	`# 5 %Y/%j year/day-of-year`
118	`# 6 %Y/%j/%H year/day-of-year/hour`	118	`# 6 %Y/%j/%H year/day-of-year/hour`
119	`# 7 %Y-%m-%d year-month-day`	119	`# 7 %Y-%m-%d year-month-day`
120	`# 8 %Y-%m-%d/%H year-month-day/hour`	120	`# 8 %Y-%m-%d/%H year-month-day/hour`
121	`$SUBDIRLAYOUT = 7;`	121	`$SUBDIRLAYOUT = 7;`
122		122
123	`# Compress flows while collecting 0 or 1`	123	`# Compress flows while collecting 0 or 1`
124	`$ZIPcollected = 1;`	124	`$ZIPcollected = 1;`
125		125
126	`# Compress flows in profiles 0 or 1`	126	`# Compress flows in profiles 0 or 1`
127	`$ZIPprofiles = 1;`	127	`$ZIPprofiles = 1;`
128		128
129	`# Interrupt expire -- not yet enabled as not yet fully tested`	129	`# Interrupt expire -- not yet enabled as not yet fully tested`
130	`#$InterruptExpire = 0;`	130	`#$InterruptExpire = 0;`
131		131
132	`# number of nfprofile processes to spawn during the profiling phase`	132	`# number of nfprofile processes to spawn during the profiling phase`
133	`# depends on how busy your system is and how many CPUs you have`	133	`# depends on how busy your system is and how many CPUs you have`
134	`# on very busy systems increase it to a higher value`	134	`# on very busy systems increase it to a higher value`
135	`$PROFILERS = 2;`	135	`$PROFILERS = 2;`
136		136
137	`# if the PROFILEDATADIR is filled up to this percentage, a warning message will be printed.`	137	`# if the PROFILEDATADIR is filled up to this percentage, a warning message will be printed.`
138	`# set to 0 to disable the test`	138	`# set to 0 to disable the test`
139	`$DISKLIMIT = 98;`	139	`$DISKLIMIT = 98;`
140		140
141	`# number of nfprofile processes to spawn during the profiling phase`	141	`# number of nfprofile processes to spawn during the profiling phase`
142	`$PROFILERS = 6;`	142	`$PROFILERS = 6;`
143		143
144	`# Netflow sources`	144	`# Netflow sources`
145	`# Define an ident string, port and colour per netflow source`	145	`# Define an ident string, port and colour per netflow source`
146	`#`	146	`#`
147	`# Required parameters:`	147	`# Required parameters:`
148	`# ident identifies this netflow source. e.g. the router name,`	148	`# ident identifies this netflow source. e.g. the router name,`
149	`# Upstream provider name etc.`	149	`# Upstream provider name etc.`
150	`# port nfcapd listens on this port for netflow data for this source`	150	`# port nfcapd listens on this port for netflow data for this source`
151	`# set port to '0' if you do not want a collector to be started`	151	`# set port to '0' if you do not want a collector to be started`
152	`# col colour in nfsen graphs for this source`	152	`# col colour in nfsen graphs for this source`
153	`#`	153	`#`
154	`# Optional parameters`	154	`# Optional parameters`
155	`# type Collector type needed for this source. Can be 'netflow' or 'sflow'. Default is netflow`	155	`# type Collector type needed for this source. Can be 'netflow' or 'sflow'. Default is netflow`
156	`# optarg Optional args to the collector at startup`	156	`# optarg Optional args to the collector at startup`
157	`#`	157	`#`
158	`# Syntax:`	158	`# Syntax:`
159	`# 'ident' => { 'port' => '<portnum>', 'col' => '<colour>', 'type' => '<type>' }`	159	`# 'ident' => { 'port' => '<portnum>', 'col' => '<colour>', 'type' => '<type>' }`
160	`# Ident strings must be 1 to 19 characters long only, containing characters [a-zA-Z0-9_].`	160	`# Ident strings must be 1 to 19 characters long only, containing characters [a-zA-Z0-9_].`
161		161
162	`%sources = (`	162	`%sources = (`
163	`'alcasar_netflow' => { 'port' => '2055', 'col' => '#0000ff', 'type' => 'netflow' },`	163	`'alcasar_netflow' => { 'port' => '2055', 'col' => '#0000ff', 'type' => 'netflow' },`
164	`);`	164	`);`
165		165
166	`#`	166	`#`
167	`# Low water mark: When expiring files, delete files until`	167	`# Low water mark: When expiring files, delete files until`
168	`# size = $low_water % of max_size`	168	`# size = $low_water % of max_size`
169	`# typically 90`	169	`# typically 90`
170	`$low_water = 90;`	170	`$low_water = 90;`
171		171
172	`#`	172	`#`
173	`# syslog facility for periodic jobs`	173	`# syslog facility for periodic jobs`
174	`# nfsen uses level 'debug', 'info', 'warning' and 'err'`	174	`# nfsen uses level 'debug', 'info', 'warning' and 'err'`
175	`# Note: nfsen is very chatty for level 'debug' and 'info'`	175	`# Note: nfsen is very chatty for level 'debug' and 'info'`
176	`# For normal operation, you may set the logging level in syslog.conf`	176	`# For normal operation, you may set the logging level in syslog.conf`
177	`# to warning or error unless you want to debug NfSen`	177	`# to warning or error unless you want to debug NfSen`
178	`$syslog_facility = 'local3';`	178	`$syslog_facility = 'local3';`
179		179
180	`#`	180	`#`
181	`# SYSLOG mess`	181	`# SYSLOG mess`
182	`# Log socket type: Most NIX such as LINUX and BSD are fine with 'unix'`	182	`# Log socket type: Most NIX such as LINUX and BSD are fine with 'unix'`
183	`# which is the default. You need to change that to 'stream' or 'inet' for`	183	`# which is the default. You need to change that to 'stream' or 'inet' for`
184	`# some Solaris version 8/9, AIX and others ..`	184	`# some Solaris version 8/9, AIX and others ..`
185	`# You may set it to undef to prevent calling Sys::Syslog::setlogsock at all`	185	`# You may set it to undef to prevent calling Sys::Syslog::setlogsock at all`
186	`# ( works for Solaris 10 and newer Sys::Syslog module`	186	`# ( works for Solaris 10 and newer Sys::Syslog module`
187	`#`	187	`#`
188	`# If not defined at all, 'unix' is assumed unless for Solaris, which defaults to 'stream'`	188	`# If not defined at all, 'unix' is assumed unless for Solaris, which defaults to 'stream'`
189	`# $LogSocket = 'unix';`	189	`# $LogSocket = 'unix';`
190		190
191	`#`	191	`#`
192	`# Plugins`	192	`# Plugins`
193	`# Plugins extend NfSen for the purpose of:`	193	`# Plugins extend NfSen for the purpose of:`
194	`# Periodic data processing, alerting-condition and alerting-action`	194	`# Periodic data processing, alerting-condition and alerting-action`
195	`# For data processing a plugin may run for any profile or for a specific profile only.`	195	`# For data processing a plugin may run for any profile or for a specific profile only.`
196	`# Syntax: [ 'profile list', 'module' ]`	196	`# Syntax: [ 'profile list', 'module' ]`
197	`# profile list: ',' separated list of profiles ( 'profilegroup/profilename' ),`	197	`# profile list: ',' separated list of profiles ( 'profilegroup/profilename' ),`
198	`# or '*' for any profile, '!' for no profile`	198	`# or '*' for any profile, '!' for no profile`
199	`# module: Perl Module name, equal to plugin name`	199	`# module: Perl Module name, equal to plugin name`
200	`# The profile list '!' make sense for plugins, which only provide alerting functions`	200	`# The profile list '!' make sense for plugins, which only provide alerting functions`
201	`#`	201	`#`
202	`# The module follows the standard Perl module conventions, with at least one`	202	`# The module follows the standard Perl module conventions, with at least one`
203	`# function: Init(). See demoplugin.pm for a simple template.`	203	`# function: Init(). See demoplugin.pm for a simple template.`
204	`#`	204	`#`
205	`# A file with the same name in the FRONTEND_PLUGINDIR and .php extension is automatically`	205	`# A file with the same name in the FRONTEND_PLUGINDIR and .php extension is automatically`
206	`# recongized as frontend plugin.`	206	`# recongized as frontend plugin.`
207	`#`	207	`#`
208	`# Plugins are installed under`	208	`# Plugins are installed under`
209	`# $BACKEND_PLUGINDIR and $FRONTEND_PLUGINDIR`	209	`# $BACKEND_PLUGINDIR and $FRONTEND_PLUGINDIR`
210		210
211	`@plugins = (`	211	`@plugins = (`
212	`# profile # module`	212	`# profile # module`
213	`[ 'live','PortTracker' ],`	213	`[ 'live','PortTracker' ],`
214	`);`	214	`);`
215		215
216	`%PluginConf = (`	216	`%PluginConf = (`
217	`# For plugin demoplugin`	217	`# For plugin demoplugin`
218	`demoplugin => {`	218	`demoplugin => {`
219	`# scalar`	219	`# scalar`
220	`param2 => 42,`	220	`param2 => 42,`
221	`# hash`	221	`# hash`
222	`param1 => { 'key' => 'value' },`	222	`param1 => { 'key' => 'value' },`
223	`},`	223	`},`
224	`# for plugin otherplugin`	224	`# for plugin otherplugin`
225	`otherplugin => [`	225	`otherplugin => [`
226	`# array`	226	`# array`
227	`'mary had a little lamb'`	227	`'mary had a little lamb'`
228	`],`	228	`],`
229	`);`	229	`);`
230		230
231	`#`	231	`#`
232	`# Alert module: email alerting:`	232	`# Alert module: email alerting:`
233	`# Use this from address`	233	`# Use this from address`
234	`$MAIL_FROM = 'your@from.example.net';`	234	`$MAIL_FROM = 'your@from.example.net';`
235		235
236	`# Use this SMTP server`	236	`# Use this SMTP server`
237	`$SMTP_SERVER = 'localhost';`	237	`$SMTP_SERVER = 'localhost';`
238		238
239	`# Use this email body:`	239	`# Use this email body:`
240	`# You may have multiple lines of text.`	240	`# You may have multiple lines of text.`
241	`# Var substitution:`	241	`# Var substitution:`
242	`# @alert@ replaced by alert name`	242	`# @alert@ replaced by alert name`
243	`# @timeslot@ replaced by timeslot alert triggered`	243	`# @timeslot@ replaced by timeslot alert triggered`
244	`$MAIL_BODY = q{`	244	`$MAIL_BODY = q{`
245	`Alert '@alert@' triggered at timeslot @timeslot@`	245	`Alert '@alert@' triggered at timeslot @timeslot@`
246	`};`	246	`};`
247		247
248	`######################################################`	248	`######################################################`
249	`#`	249	`#`
250	`# For the NfSen simulator include the section below.`	250	`# For the NfSen simulator include the section below.`
251	`#`	251	`#`
252	`######################################################`	252	`######################################################`
253	`#`	253	`#`
254	`# Nfsen Simulator`	254	`# Nfsen Simulator`
255	`# The simulator requires, that you have already installed`	255	`# The simulator requires, that you have already installed`
256	`# and configured NfSen. The simulation is based on already`	256	`# and configured NfSen. The simulation is based on already`
257	`# pre-colleted data, which you may get from another live`	257	`# pre-colleted data, which you may get from another live`
258	`# NfSen system.`	258	`# NfSen system.`
259	`#`	259	`#`
260	`# Steps to setup the NfSen simulator:`	260	`# Steps to setup the NfSen simulator:`
261	`# 1. Configure the sources of the live profile with the`	261	`# 1. Configure the sources of the live profile with the`
262	`# same names of the NfSen system, you take netflow data`	262	`# same names of the NfSen system, you take netflow data`
263	`# for the simulation. Set the port for each netflow source`	263	`# for the simulation. Set the port for each netflow source`
264	`# to 0 to prevent a collector to be started.`	264	`# to 0 to prevent a collector to be started.`
265	`# Install NfSen with this config in a seperate directory`	265	`# Install NfSen with this config in a seperate directory`
266	`# 2. Copy the pre-collected data into the appropriate`	266	`# 2. Copy the pre-collected data into the appropriate`
267	`# netflow directory of the live profile.`	267	`# netflow directory of the live profile.`
268	`# 3. Configure the simulator using the parameters below`	268	`# 3. Configure the simulator using the parameters below`
269	`# Enable Simulation mode => $SIMmode = 1`	269	`# Enable Simulation mode => $SIMmode = 1`
270	`# Configure the time window of the pre-collected data.`	270	`# Configure the time window of the pre-collected data.`
271	`# tstart => Start of time window. yyyymmddhhmm`	271	`# tstart => Start of time window. yyyymmddhhmm`
272	`# tbegin => Optional parameter. Start of simulation`	272	`# tbegin => Optional parameter. Start of simulation`
273	`# profile exists already between tstart - tbegin`	273	`# profile exists already between tstart - tbegin`
274	`# tend => End of time window. yyyymmddhhmm`	274	`# tend => End of time window. yyyymmddhhmm`
275	`# cycletime => simulation time in seconds of a 5min slot`	275	`# cycletime => simulation time in seconds of a 5min slot`
276	`# Setting cycletime = 0 processes the cycles as fast as`	276	`# Setting cycletime = 0 processes the cycles as fast as`
277	`# possible. Please note, if you test plugings, your`	277	`# possible. Please note, if you test plugings, your`
278	`# cycletime needs to be at least the time required to`	278	`# cycletime needs to be at least the time required to`
279	`# process all plugins.`	279	`# process all plugins.`
280	`# 4. Start nfsen: ../nfsen start`	280	`# 4. Start nfsen: ../nfsen start`
281	`# Simulation starts`	281	`# Simulation starts`
282	`#`	282	`#`
283	`# The simulator runs from tstart to tend and stops when tend`	283	`# The simulator runs from tstart to tend and stops when tend`
284	`# is reached. You may stop the simulation at any given time`	284	`# is reached. You may stop the simulation at any given time`
285	`# using ./nfsen stop. To continue the simulation start NfSen`	285	`# using ./nfsen stop. To continue the simulation start NfSen`
286	`# again: ./nfsen start. You may reset the simulator at any`	286	`# again: ./nfsen start. You may reset the simulator at any`
287	`# given time using ./nfsen abort-reset. This stops the sumulation`	287	`# given time using ./nfsen abort-reset. This stops the sumulation`
288	`# and rolls back to tstart. All profiles/alerts are deleted,`	288	`# and rolls back to tstart. All profiles/alerts are deleted,`
289	`# so you may start from scratch again.`	289	`# so you may start from scratch again.`
290	`#`	290	`#`
291	`# Configure simulator parameters`	291	`# Configure simulator parameters`
292	`#`	292	`#`
293	`# $SIMmode = 1;`	293	`# $SIMmode = 1;`
294	`# %sim = (`	294	`# %sim = (`
295	`# 'tstart' => '200707100000', # Simulation data available from July 10th 2007 00:00`	295	`# 'tstart' => '200707100000', # Simulation data available from July 10th 2007 00:00`
296	`# 'tbegin' => '200707110000', # Simulation begins at July 11th 2007 00:00`	296	`# 'tbegin' => '200707110000', # Simulation begins at July 11th 2007 00:00`
297	`# 'tend' => '200707112355', # Simulation ends at July 11th 2007 23:55`	297	`# 'tend' => '200707112355', # Simulation ends at July 11th 2007 23:55`
298	`# 'cycletime' => '30', # 30s per 5min slot`	298	`# 'cycletime' => '30', # 30s per 5min slot`
299	`# );`	299	`# );`
300		300
301		301