summaryrefslogtreecommitdiff
path: root/security/sguil-sensor/files/log_packets.conf
diff options
context:
space:
mode:
Diffstat (limited to 'security/sguil-sensor/files/log_packets.conf')
-rw-r--r--security/sguil-sensor/files/log_packets.conf30
1 files changed, 30 insertions, 0 deletions
diff --git a/security/sguil-sensor/files/log_packets.conf b/security/sguil-sensor/files/log_packets.conf
new file mode 100644
index 000000000000..3ac53f68e54f
--- /dev/null
+++ b/security/sguil-sensor/files/log_packets.conf
@@ -0,0 +1,30 @@
+# Conf file for the log_packets script
+# Make sure you verify the location of
+# each of the binaries on your OS
+
+HOSTNAME="myhost"
+# Path to snort binary
+SNORT_PATH="/usr/local/bin/snort"
+# Directory to log pcap data to (date dirs will be created in here)
+# Note: The path $HOSTNAME/dailylogs, will be appended to this.
+LOG_DIR="/snort_data"
+# Percentage of disk to try and maintain
+MAX_DISK_USE=90
+# Interface to 'listen' to.
+INTERFACE="eth0"
+# Other options to use when starting snort
+#OPTIONS="-u sguil -g sguil -m 122"
+# Where to store the pid
+PIDFILE="/var/run/snort_log-${HOSTNAME}.pid"
+# How do we run ps
+PS="ps awx"
+# Where is grep
+GREP="/usr/bin/grep"
+#Add BPFs here.
+#The below is an example of a filter for ignoring outbound HTTP from my network
+# to the world.
+#FILTER='not \( src net 67.11.255.148/32 and dst port 80 and "tcp[0:2] > 1024" \) and not \( src port 80 and dst net 67.11.255.148/32 and "tcp[2:2] > 1024"\)'
+
+#Some installs may need these
+#LD_LIBRARY_PATH=/usr/local/lib/mysql
+#export LD_LIBRARY_PATH
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-23 16:14:58 +0000