IPFM.CONF(5) | File Formats Manual | IPFM.CONF(5) |
ipfm.conf - IP Flow Meter configuration file
ipfm.conf is ipfm(8) configuration file.
A hash mark (``#'') indicates that the end of the line is a comment and it will be ignored.
The configuration rules will be interpreted from the end, and the first matching rule will be used, unless specified here.
IPFM uses local and global variables, so it can manage multiple logs (different time delay, different hosts, different log filename ...) at the same time.
Global variables will be used for all logs and local variables will only be used in the log being defined.
Syntax : DEVICE <device-name>
Syntax : [UTC|local]
This decides if IPFM will use UTC or local time in its outputs (log filename and the timestamp inside the file). Default is local.
Note that IPFM works internally with UTC, and that the dates entered in the config file are UTC (see AFTER Syntax).
Syntax : NEWLOG
This creates a new log entry, where you can define new local variables.
ipfm logs only specified hosts.
Syntax: LOG [[NONE|FROM|TO|BOTH] <host>] [[NOT] WITH <host>]
LOG WITH 10.10.10.23
will log any packets in relation with host 10.10.10.23
LOG
will log everything.
ipfm outputs its statistics every fixed period, with the ability to fix an exact time origin and offset, in Coordinated Universal Time (UTC).
Syntax: DUMP EVERY <time> [AFTER <time>]
Default DUMP time is 24 hours
Default AFTER time is 0 seconds
DUMP EVERY 1 hour AFTER 7 minutes
will dump the stats every hour, at 0:07, 1:07, 2:07, and so on,
regardless of the time at which ipfm was launched.
DUMP EVERY 1 day AFTER 14 hours
will dump data every day, at 14:00:00 UTC (for France localtime (during
the summer), at 16:00:00 +0200)
You may want to clear your statistics sometimes, or after each dump.
Syntax : CLEAR [ ALWAYS | NEVER | EVERY <time> [AFTER <time>] ]
Default CLEAR mode is ALWAYS. Default AFTER time is 0 seconds. Note that both time values MUST be a multiple of the DUMP delay. Also, this line MUST come after the DUMP line.
CLEAR NEVER
will never clear the stats, which means you are doing incremental
statistics.
CLEAR EVERY 30 minutes
will clear the stats every 30 minutes at x:00 and x:30. Note that if your
DUMP line had an AFTER value such as 3 minutes, this rule will clear the
stats at x:03 and x:33.
CLEAR EVERY 1 hour AFTER 10 minutes
will clear the stats every hour, at 0:10, 1:10, 2:10, and so on. Note
that if your DUMP line had an AFTER value such as 3 minutes, this rule
will clear the stats at 0:13, 1:13, 2:13 and so on.
Every delay, ipfm writes its output into a file, which name is specified by the rule FILENAME
Syntax: FILENAME <filemask>
You can activate or deactivate reverse DNS in the output file.
WARNING : activating reverse DNS can delay a lot the production of the log file, due to DNS timeouts.
Syntax : [RESOLVE|NORESOLVE]
ipfm can sort output file depending on IN, OUT or TOTAL.
Syntax : SORT IN|OUT|TOTAL
You can choose to log all packets on the network (default) or only packets which destination is your network device.
This option could also be useful if you wish to set the promiscuous mode yourself (ifconfig eth0 [-]promisc), as the promisc mode is very badly handled under Linux.
Please note that under Linux, if you run a program that sets the promiscuous mode (for example tcpdump), ipfm will also see its network interface set into promiscuous mode.
Syntax [NO]PROMISC
You can choose to append the output to an existing logfile or to replace the old file by a new one.
Syntax : APPEND|REPLACE
Robert CHERAMY <tibob@via.ecp.fr>
Andres KRAPF <dae@via.ecp.fr>
Last change: 26 October 2000 |