NETRAFD.CONF(5) NETRAFD.CONF(5)
NAME
netrafd.conf - NET(work)TRAF(fic analyzing)D(aemon)
configuration file
DESCRIPTION
This file contains global and writer specific configura-
tion options for netrafd. It is divided into sections.
Each section is defined by opening [[section name]] and
closing [[]] lines, and is built of OPTION = "value"; def-
initions.
First section is always named globals and contains global
settings used by all writers. Then begins a list of sec-
tions defining writers. After a globals section, each sec-
tion describes a network traffic analyzer, that should be
launched by netrafd. Writer section must define writers
type, all other entries are optional.
Comment lines begin with a # sign.
GLOBALS SECTION OPTIONS
[filter_defs]
Defines path to filters definition file. If not
defined netrafd will try tu use default location:
/etc/netraf/filters.conf
[mac_stat_buckets]
The maximum number of buckets that should be allo-
cated in memory per mac_stat type writer
[if_stat_buckets]
The maximum number of buckets that should be allo-
cated in memory per if_stat type writer
[ip_stat_buckets]
The maximum number of buckets that should be allo-
cated in memory per ip_stat type writer
[conn_stat_buckets]
The maximum number of buckets that should be allo-
cated in memory per conn_stat type writer
WRITER SECTION
‹type›
Type of the traffic analyser, can be mac_stat
if_stat ip_stat or conn_stat
The mac_stat writer groups packets by netrwork
addresses (MAC), and stores info about bytes sent
and received by particular MAC, packets and ip
packets that were created by or destinated to the
MAC address, local interface through which the
given MAC address is connected.
if_stat writer groups packets by netrwork inter-
faces, and stores info about bytes sent and
received by particular interface, packets, ip pack-
ets, tcp, udp, icmp packets.
ip_stat writer groups packets by IP addresses, and
stores info about bytes sent and received by par-
ticular IP, ip packets that were created by or des-
tinated to the IP address, local interface through
which the given IP address is connected.
conn_stat writer groups packets by two pairs of ip
and port describing the connection and stores info
about bytes and packets sent by each ip address,
and interface through which this connection is
seen.
[filter]
the name of the filter, defined in the filters
file, that should be applied to this writer.
[cleanup]*
this option aplies only to ip_stat type writers,
and defines the amount of seconds of inactivity
after an ip can be treated as inactive and deleted
when a cleanup occures. If it is not defined, the
writer will not perform cleanup when it reaches the
maximum amount of buckets.
[inactivity]*
this option applies only to conn_stat type writers,
and defines the amount of seconds of inactivity
after a connection can be treated as inactive and
deleted from the connections list. If value is zero
or entry is not defined there will be no cleanup.
SEE ALSO
netrafd(8), filters.conf(5), netrafl.conf(5)
AUTHORS
M.K. M.S. T.J.
09.06.2005 NETRAFD.CONF(5)
back to "Documentation" section
|