Subversion Repositories ALCASAR

##############################

#

# NfSen master config file

#

# $Id: nfsen-dist.conf 22 2007-11-20 12:27:38Z phaag $

#

# Configuration of NfSen:

# Set all the values to fit your NfSen setup and run the 'install.pl'

# script from the nfsen distribution directory.

#

# The syntax must conform to Perl syntax.

#

##############################

#

# NfSen default layout: 

# Any scripts, modules or profiles are installed by default under $BASEDIR. 

# However, you may change any of these settings to fit your requested layout.

#

# Required for default layout

$BASEDIR = "/usr";

#

# Where to install the NfSen binaries

$BINDIR="${BASEDIR}/bin";

#

# Where to install the NfSen Perl modules

$LIBEXECDIR="${BASEDIR}/libexec";

#

# Where to install the config files

$CONFDIR="/etc";

#

# NfSen html pages directory:

# All php scripts will be installed here.

# URL: Entry point for nfsen: http://<webserver>/nfsen/nfsen.php

$HTMLDIR    = "/var/www/html/acc/manager/nfsen";

#

# Where to install the docs

$DOCDIR="${HTMLDIR}/doc";

#

# Var space for NfSen

$VARDIR="/var";

# directory for all pid files

$PIDDIR="$VARDIR/run/nfsen";

#

# Filter directory

$FILTERDIR="$VARDIR/filters";

#

# FORMATDIR for custom printing formats

$FORMATDIR="$VARDIR/fmt";

#

#

# The Profiles stat directory, where all profile information

# RRD DBs and png pictures of the profile are stored

$PROFILESTATDIR="$VARDIR/log/nfsen/profiles-stat";

#

# The Profiles directory, where all netflow data is stored

$PROFILEDATADIR="$VARDIR/log/nfsen/profiles-data";

#

# Where go all the backend plugins

$BACKEND_PLUGINDIR="${BASEDIR}/share/nfsen/plugins";

#

# Where go all the frontend plugins

$FRONTEND_PLUGINDIR="${HTMLDIR}/plugins";

#

# nfdump tools path

$PREFIX  = '/usr/bin';

#

# nfsend communication socket

# $COMMSOCKET = "$PIDDIR/nfsen.comm";

# BASEDIR unrelated vars:

#

# Run nfcapd as this user

# This may be a different or the same uid than your web server.

# Note: This user must be in group $WWWGROUP, otherwise nfcapd

#       is not able to write data files!

$USER    = "apache";

# user and group of the web server process

# All netflow processing will be done with this user

$WWWUSER  = "apache";

$WWWGROUP = "apache";

# Receive buffer size for nfcapd - see man page nfcapd(1)

$BUFFLEN = 200000;

# list of extensions for each collector. See argument -T 

# for nfcapd(1) for more detailes.

# defaults to empty -> compatible to nfdump-1.5.8

# $EXTENSIONS = '';

# Example:

# $EXTENSIONS = 'all';

# $EXTENSIONS = '+3,+4';

#

# Directory sub hierarchy layout:

# Possible layouts:

#

# 0 default     no hierachy levels - flat layout - compatible with pre NfSen versions

# 1 %Y/%m/%d    year/month/day

# 2 %Y/%m/%d/%H year/month/day/hour

# 3 %Y/%W/%u    year/week_of_year/day_of_week

# 4 %Y/%W/%u/%H year/week_of_year/day_of_week/hour

# 5 %Y/%j       year/day-of-year

# 6 %Y/%j/%H    year/day-of-year/hour

# 7 %Y-%m-%d    year-month-day

# 8 %Y-%m-%d/%H year-month-day/hour

$SUBDIRLAYOUT = 7;

# Compress flows while collecting 0 or 1

$ZIPcollected	 = 1;

# Compress flows in profiles 0 or 1

$ZIPprofiles	 = 1;

# Interrupt expire -- not yet enabled as not yet fully tested

#$InterruptExpire = 0;

# number of nfprofile processes to spawn during the profiling phase

# depends on how busy your system is and how many CPUs you have

# on very busy systems increase it to a higher value

$PROFILERS = 2;

# if the PROFILEDATADIR is filled up to this percentage, a warning message will be printed.

# set to 0 to disable the test

$DISKLIMIT = 98;

# number of nfprofile processes to spawn during the profiling phase

$PROFILERS = 6;

# Netflow sources

# Define an ident string, port and colour per netflow source

#

# Required parameters:

#    ident   identifies this netflow source. e.g. the router name, 

#            Upstream provider name etc.

#    port    nfcapd listens on this port for netflow data for this source

#			 set port to '0' if you do not want a collector to be started

#    col     colour in nfsen graphs for this source

#

# Optional parameters

#    type    Collector type needed for this source. Can be 'netflow' or 'sflow'. Default is netflow

#	 optarg	 Optional args to the collector at startup

#

# Syntax: 

#         'ident' => { 'port' => '<portnum>', 'col' => '<colour>', 'type' => '<type>' }

# Ident strings must be 1 to 19 characters long only, containing characters [a-zA-Z0-9_].

%sources = (

    'alcasar_netflow'    => { 'port' => '2055', 'col' => '#0000ff', 'type' => 'netflow' },

);

#

# Low water mark: When expiring files, delete files until

# size = $low_water % of max_size

# typically 90 

$low_water = 90;

#

# syslog facility for periodic jobs

# nfsen uses level 'debug', 'info', 'warning' and 'err'

# Note: nfsen is very chatty for level 'debug' and 'info'

# For normal operation, you may set the logging level in syslog.conf

# to warning or error unless you want to debug NfSen

$syslog_facility = 'local3';

#

# SYSLOG mess 

# Log socket type: Most *NIX such as LINUX and *BSD are fine with 'unix'

# which is the default. You need to change that to 'stream' or 'inet' for 

# some Solaris version 8/9, AIX and others ..

# You may set it to undef to prevent calling Sys::Syslog::setlogsock at all

# ( works for Solaris 10 and newer Sys::Syslog module

#

# If not defined at all, 'unix' is assumed unless for Solaris, which defaults to 'stream'

# $LogSocket = 'unix';

#

# Plugins

# Plugins extend NfSen for the purpose of: 

# Periodic data processing, alerting-condition and alerting-action

# For data processing a plugin may run for any profile or for a specific profile only.

#     Syntax: [ 'profile list', 'module' ]

#            profile list:  ',' separated list of profiles ( 'profilegroup/profilename' ), 

#                           or '*' for any profile, '!' for no profile

#            module:        Perl Module name, equal to plugin name 

# The profile list '!' make sense for plugins, which only provide alerting functions

#

# The module follows the standard Perl module conventions, with at least one

# function: Init(). See demoplugin.pm for a simple template.

#

# A file with the same name in the FRONTEND_PLUGINDIR and .php extension is automatically

# recongized as frontend plugin.

#

# Plugins are installed under 

# $BACKEND_PLUGINDIR and $FRONTEND_PLUGINDIR

@plugins = (

    # profile    # module

     [ 'live','PortTracker' ],

);

%PluginConf = (

	# For plugin demoplugin

	demoplugin => {

		# scalar

		param2 => 42,

		# hash

		param1 => { 'key' => 'value' },

	},

	# for plugin otherplugin

	otherplugin => [ 

		# array

		'mary had a little lamb' 

	],

);

#

# Alert module: email alerting:

# Use this from address 

$MAIL_FROM   = 'your@from.example.net';

# Use this SMTP server

$SMTP_SERVER = 'localhost';

# Use this email body:

# You may have multiple lines of text.

# Var substitution:

# @alert@ 		replaced by alert name

# @timeslot@	replaced by timeslot alert triggered

$MAIL_BODY	 = q{ 

Alert '@alert@' triggered at timeslot @timeslot@

};

######################################################

#

# For the NfSen simulator include the section below.

#

######################################################

#

# Nfsen Simulator

# The simulator requires, that you have already installed

# and configured NfSen. The simulation is based on already

# pre-colleted data, which you may get from another live 

# NfSen system.

# 

# Steps to setup the NfSen simulator:

# 1. Configure the sources of the live profile with the 

#    same names of the NfSen system, you take netflow data

#    for the simulation. Set the port for each netflow source

#    to 0 to prevent a collector to be started.

#    Install NfSen with this config in a seperate directory

# 2. Copy the pre-collected data into the appropriate 

#    netflow directory of the live profile.

# 3. Configure the simulator using the parameters below

#    Enable Simulation mode => $SIMmode = 1

#    Configure the time window of the pre-collected data.

#      tstart    => Start of time window. yyyymmddhhmm

#      tbegin    => Optional parameter. Start of simulation 

#                   profile exists already between tstart - tbegin

#      tend      => End of time window. yyyymmddhhmm

#      cycletime => simulation time in seconds of a 5min slot

#    Setting cycletime = 0 processes the cycles as fast as

#    possible. Please note, if you test plugings, your 

#    cycletime needs to be at least the time required to 

#    process all plugins.

# 4. Start nfsen: ../nfsen start

#    Simulation starts

#

# The simulator runs from tstart to tend and stops when tend

# is reached. You may stop the simulation at any given time

# using ./nfsen stop. To continue the simulation start NfSen

# again: ./nfsen start. You may reset the simulator at any

# given time using ./nfsen abort-reset. This stops the sumulation

# and rolls back to tstart. All profiles/alerts are deleted,

# so you may start from scratch again.

#

# Configure simulator parameters

#

# $SIMmode = 1;

# %sim = (

#    'tstart'     => '200707100000',	# Simulation data available from July 10th 2007 00:00

#    'tbegin'     => '200707110000',	# Simulation begins at July 11th 2007 00:00

#    'tend'       => '200707112355',	# Simulation ends at July 11th 2007 23:55

#    'cycletime'  => '30',				# 30s per 5min slot

# );