fwanalog 0.6.9-7 / etc / fwanalog / fwanalog.opts

This file is indexed.

/etc/fwanalog/fwanalog.opts is in fwanalog 0.6.9-7.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
#!/bin/sh

###########################################################################
#
#	User-changeable options for fwanalog.sh
#
#	$Id: fwanalog.opts.linux24,v 1.18 2005/02/24 15:59:34 bb Exp $
#
###########################################################################
outdir="/var/log/fwanalog"
# The directory where the output goes to, without / at the end. You need write
# permissions, of course, and should secure this directory with permissions,
# minefields, guard dogs etc. It will be created if you don`t have it yet.

logformat="iptables"
# What log format your firewall writes.
# Currently available options:
#	iptables	Linux 2.4 iptables		(probably in /var/log/messages)
#	ipchains	Linux 2.2 ipchains		(probably in /var/log/messages)
#	ipf			BSD/Solaris ipfilter	(probably in /var/log/ipflog)
#	openbsd		this was the same as ipf until OpenBSD 2.9; this also 
#					seems to work on NetBSD
#	freebsd		FreeBSD`s output format	(probably in /var/log/ipflog)
#	ipfw		FreeBSD`s ipfw output format
#	solarisipf	Solaris 8.0 Intel ipf 3.4.20 (using ipmon -sn &)
#	pf_30		OpenBSD 3.0 pf binary log format
#					fwanalog *must* run on OpenBSD 3.0 for this to work 
#					(because of the special tcpdump of OpenBSD)
#	zynos		ZyNOS (ZyXEL, Netgear) logfile
#	pix			Cisco Pix (tested with version 6.22/IOS)
#	watchguard	Watchguard Firebox
#	fw1			Checkpoint Firewall-One (not fw-1 NG!)
#	sonicwall	SonicWall TZ-170 syslog logfile

# Feel free to program a parser for your firewall if it is not supported.
# See the comments in iptables() and ipf()
#
# The officially maintained formats are pf_30 and iptables.

inputfiles_mask="messages*"	# The name of your logfiles, with a wildcard if you want
inputfiles_dir="/var/log"	# The directory where your logfiles are in,
				# 	e.g. /var/log
inputfiles_mtime="31"		# How old the logfiles can be
# You can change this to your log rotate interval + 1 day (so you never miss a logfile entry)
inputfiles=`find $inputfiles_dir -maxdepth 1 -name "$inputfiles_mask" -mtime -$inputfiles_mtime | sort -r`
# This should find the names of the logfiles you want to parse
# It MUST return the names in reverse order (chronologically) or you 
# will have LOTS of duplicate lines in your log.

onehost=false
# Available options: false true dynip

# Default: false

# Set to true if this firewall runs on one machine only and you want to see  
# the source hosts (not the protected target hosts) in the Blocked Packet 
# Report. This is suggested if you protect one server, but loses information
# if you protect a network.

# Set to "dynip" if your firewall has a dynamic IP address.

# After changing onehost, you must delete everything in $outdir!

sep_hosts=false
# Set to true if you want fwanalog to create a separate, additional report for
# each attacking host IP.
# WARNING: this can run for hours using 100 % CPU and consume lots of hard
# disk space (up to 25 kB per host) so you can easily fill up your server if
# too many packets from different hosts were blocked.
# Also, this makes only limited sense with onehost mode set to true.
# If you set this option after having used fwanalog, some hosts won`t be
# linked in the report. You can create a report for a host with the 
# "-a <IP-address>" command line option.

sep_packets=false
# Like sep_hosts, but for blocked packets.
# The corresponding command line option is "-p <packet>"

# Program invocations - add path if needed

analog="analog"
# Full pathname if you need, or "nice analog" if you want to de-priorize it

date="date"		# should be GNU date or one which can print the timezone.
				# see "timezone" below
grep="grep" 	# should be GNU grep
egrep="egrep"	# should be GNU egrep
zegrep="zegrep" # this is just a shellscript on most systems. If you don`t 
				# have it, copy it from another Unix-lookalike.
gzcat="gzcat"	# needed only on OpenBSD 3.x
sed="sed"
perl="perl"
tcpdump="tcpdump"	# needed only on OpenBSD 3.x

timezone=`$date +%z`
# Which timezone the server is in. Correct if the server fwanalog runs on
# is not in the timezone the firewall is in.
# The %z option of date is supported on GNU/Linux and OpenBSD, 
# but apparently NOT on FreeBSD so you will have to insert your
# timezone difference (e.g. -0500) yourself or use GNU date.

APT Browse - Built by Thomas Orozco.