argus-client 2.0.6.fixes.1-3 / etc / ra.conf

# 
#  Copyright (c) 2000 QoSient, LLC
#  All rights reserved.
# 
#  Permission to use, copy, modify, and distribute this software and
#  its documentation for any purpose and without fee is hereby granted, 
#  provided that the above copyright notice appear in all copies and
#  that both that copyright notice and this permission notice appear
#  in supporting documentation, and that the name of QoSient not
#  be used in advertising or publicity pertaining to distribution of
#  the software without specific, written prior permission.  
#  
#  QOSIENT, LLC DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS
#  SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
#  FITNESS, IN NO EVENT SHALL QOSIENT, LLC BE LIABLE FOR ANY
#  SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER
#  RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF
#  CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
#  CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
# 
#
# Example .rarc
#
# Ra* clients will open this file if its in the users HOME directory,
# or in the $ARGUSHOME directory, and parse it to set common configuration
# options.  All of these values will be overriden by those options
# set on the command line, or in the file specified using the -f option.
#
# Values can be quoted to make string denotation easier, however, the
# parser does not require that string values be quoted.  To support this,
# the parse will remove '\"' characters from input strings, so do not
# use this character in strings themselves.
#
# Values specified as "" will be treated as a NULL string, and the parser
# will ignore the variable setting.


#
# All ra* clients can attach to a remote server, and collect argus data
# in real time.  This variable can be a name or a dot notation IP address.
# Setting this variable can have bothersome side effects when using ra*
# programs for reasons other than reading from a remote server.  In
# particular, with this variable set, ra* clients will not read from
# stdin without explicitly indicating "-r -" on the commandline.
# Use this option with some care.
#
# Commandline equivalent   -S 
#

#RA_ARGUS_SERVER=localhost


# All ra* clients can read Cicso Netflow records directly from Cisco
# routers.  Specifying this value will alert the ra* client to open
# a UDP based socket listening for data from this name or address.
#
# Commandline equivalent   -C
#

#RA_CISCONETFLOW_SOURCE=no


# Whether the remote data source is an Argus Server or a Cisco router,
# the port number that will be used to bind to is specified using this
# variable.  For Argus Servers, the default is 561, the "experimental
# monitor" port.  For Cisco Netflow records, the default is 9995.
#
# Commandline equivalent   -P
#

RA_ARGUS_SERVERPORT=561


# When argus is compiled with SASL support, ra* clients may be
# required to authenticate to the argus server before the argus
# will accept the connection.  This variable will allow one to
# set the user and authorization id's, if needed.  Although
# not recommended you can provide a password through the
# RA_AUTH_PASS variable.  The format for this variable is:
#
# RA_USER_AUTH="user_id/authorization_id"
#
# Commandline equivalent   -U
#

RA_USER_AUTH=""
RA_AUTH_PASS=""


# All ra* clients can support writing its output as Argus Records into
# a file.  Stdout can be specified using "-".
#
# Commandline equivalent   -w
#

RA_OUTPUT_FILE=""


# All ra* clients can support filtering its input based on a time
# range. The format is:
#      timeSpecification[-timeSpecification]
#
# where the format of a timeSpecification can be one of these:
#      [mm/dd[/yy].]hh[:mm[:ss]]
#      mm/dd[/yy]
#
# Commandline equivalent   -t
#

RA_TIMERANGE=""


# All ra* clients can support running for a number of seconds,
# while attached to a remote source of argus data.  This is a type
# of polling.  The default is zero (0), which means run indefinately.
#
# Commandline equivalent   -T
#

RA_RUN_TIME=0


# Most ra* clients are designed to print argus records out in ASCII,
# with each client supporting its own output formats.  For ra() like
# clients, this variable will generate column headers as labels.
# The number is the number of lines between repeated header output.
# Setting this value to zero (0) will cause the labels to be printed
# once.  If you don't want labels,  then comment this line out or
# delete it.
#
# Commandline equivalent   -L
#
 
#RA_PRINT_LABELS=0


# Most ra* clients are designed to print argus records out in ASCII,
# with each client supporting its own output formats.  For ra() like
# clients, this variable can overide the default field delimiter,
# which are variable spans of space (' '), to be any character.
# The most common are expected to be '\t' for tabs, and ',' for
# comma separated fields.
#
# No Commandline equivalent
#
 
RA_FIELD_DELIMITER=''


# 
# For ra() like clients, this variable will printout Summary data
# for the client session, at the termination of the program.
#
# Commandline equivalent   -a
#
 
RA_PRINT_SUMMARY=no


#OBSOLETE## 
#OBSOLETE## For ra() like clients, this variable will printout the Argus ID
#OBSOLETE## that generated the flow record.
#OBSOLETE##
#OBSOLETE## Commandline equivalent   -i
#OBSOLETE##
#OBSOLETE# 
#OBSOLETE#RA_PRINT_ARGUSID=no
#OBSOLETE#

#OBSOLETE## 
#OBSOLETE## 
#OBSOLETE## For ra() like clients, this variable will printout the MAC
#OBSOLETE## addresses involved in the flow record, if the information
#OBSOLETE## is available.
#OBSOLETE##
#OBSOLETE## Commandline equivalent   -m
#OBSOLETE##
#OBSOLETE# 
#OBSOLETE#RA_PRINT_MACADDRS=no

#OBSOLETE##
#OBSOLETE## For ra() like clients, this variable will print the extended
#OBSOLETE## state and protocol indicators.
#OBSOLETE##
#OBSOLETE## Commandline equivalent   -I
#OBSOLETE##
#OBSOLETE#
#OBSOLETE#RA_PRINT_INDICATORS=yes

# 
# For ra() like clients, this variable will suppress resolving
# hostnames, and print the dot notation IP address, or ':' notation
# ethernet address.  There is a huge performance impact with
# name lookup, so the default is to not resolve hostnames.
#
# Commandline equivalent   -n
#
 
RA_PRINT_HOSTNAMES=no


#OBSOLETE## For ra() like clients, this variable will include the packet and
#OBSOLETE## byte counts in the output format.
#OBSOLETE##
#OBSOLETE## Commandline equivalent   -c
#OBSOLETE##
#OBSOLETE#
#OBSOLETE#RA_PRINT_COUNTS=yes


# 
# For ra() like clients, this variable will include the response
# data that is provided by Argus.  This is protocol and state
# specific.
#
# Commandline equivalent   -R
#

RA_PRINT_RESPONSE_DATA=no


# For ra() like clients, this variable will force the timestamp
# to be in Unix time format, which is an integer representing the
# number of elapsed seconds since the epoch.
#
# Commandline equivalent   -u
#

RA_PRINT_UNIX_TIME=no


# For ra() like clients, this variable is used to override the
# time format of the timestamp.  This string must conform to
# the format specified in strftime().  Malformed strings can
# generate fatal errors, so be careful with this one.
#
# No Commandline equivalent
#

RA_TIME_FORMAT="%m-%d-%y %T"

# For those of us that prefer European dates...
#RA_TIME_FORMAT="%d-%m-%y %T"


#OBSOLETE## For ra() like clients, this variable is used to modify the
#OBSOLETE## reported time.  This determines if the transaction start
#OBSOLETE## time will be displayed or not.
#OBSOLETE##
#OBSOLETE## No Commandline equivalent
#OBSOLETE##
#OBSOLETE#
#OBSOLETE#RA_PRINT_STARTIME=yes


#OBSOLETE## For ra() like clients, this variable is used to modify the
#OBSOLETE## reported time.  This determines if the transaction last
#OBSOLETE## time will be displayed or not.
#OBSOLETE##
#OBSOLETE## Commandline equivalent   -l
#OBSOLETE##
#OBSOLETE#
#OBSOLETE#RA_PRINT_LASTIME=no


#OBSOLETE## For ra() like clients, this variable is used to modify the
#OBSOLETE## reported time.  This determines if the transaction duration
#OBSOLETE## time will be printed or not.
#OBSOLETE##
#OBSOLETE## Commandline equivalent   -g
#OBSOLETE##
#OBSOLETE# 
#OBSOLETE#RA_PRINT_DURATION=yes


# For ra() like clients, this variable is used to specify the
# number of decimal places that will be printed as the fractional
# part of the time.  Argus collects usec precision, and so a
# maximum value of 6 is supported.  To not print the fractional
# part, specify the value zero (0).
#
# Commandline equivalent   -p

RA_USEC_PRECISION=6


# Argus can capture user data.  This variable specifies the number
# of bytes that will be printed.  The default is zero (0).
# The format is the same as that for the -d option of ra().
# num | 's'<num> | 'd'<num> | 's'<num>:'d'<num>
#
# Examples are:
#   32, s64, d8, s32:d16
#
# Commandline equivalent   -d
#
#RA_PRINT_USERDATA=0


# Argus can capture user data.  When printing out the user data
# contents, using tools such as raxml(), the type of encoding
# can be specified here. Supported values are "Ascii", or "Encode64".
#
# Commandline equivalent   -e
#

RA_USERDATA_ENCODE=Ascii


# If compiled to support this option, ra* clients are capable
# of generating a lot of use [full | less | whatever] debug
# information.  The default value is zero (0).
#
# Commandline equivalent   -D
#

RA_DEBUG_LEVEL=0


# You can provide a filter expression here, if you like.
# It should be limited to 2K in length.  The default is to
# not filter.
#
# No Commandline equivalent
#

RA_FILTER=""


# When you intend to print hostnames and port service names
# rather than the numbers, these variables will help to
# avoid truncating of hostnames, and provide pretty printing
# with tools such as ra(), ragator() and rasort().
# These values are simple suggestions.
#
# No Commandline equivalent
#


RA_HOST_FIELD_LENGTH=28
RA_PORT_FIELD_LENGTH=10