# This is a sample NETWATCH config file for special feature settings # # Keywords accepted... # # warnmail # logfile # statsfile # fishstring # red # green # yellow # reload # timefmt # statsoption # noresolve # resolve # netmask # inetaddr # noautostatus # autostatus # bridge # logremote # loglocal # logindiv # logall # logindivbase # playrate # playback # # # in col. 1 is the comment sign for a line... # Uncomment as appropriate within a copy of this file for YOUR # configuration file # warnmail jimboy@the.earth.is.round # # # will make sure /root/baselogs.000 is the first of the logs (p) # logfile /root/baselogs # # Set the Stats file to /root/my # (if APPEND option... this file grows) # statsfile /root/my # # Set the Stats file to DATE option... which means the # date/time format is an extension for your filename # (NOTE: This extension is controlled via the "timefmt" option) # # If you do not set this option, APPEND is assumed. # # The default time format is "%Y.%m.%d.%H.%M" (no quotes in config file) # statsoption date # timefmt %Y.%m.%d.%H.%M # fishstring "Hollow Earth" # # inspects all packets for "Hollow Earth" and Emails and/or Alerts you via # syslog # # Here are some controls for colour change times... in seconds red 30 yellow 120 green 600 # # This is the RELOAD option to AUTOMATICALLY start the # statistics after the given number of minutes # (Effectively automating the "L" option AND "c" and Remote "n" # keys) # # The remote and local lists will be cleared... # # Typically you will do this daily... remember this time is from # when you start netwatch to the first LOGGING of stats (in minutes) # reload 60 # # There is ANOTHER version of reload which allows you to start # at a particular time (up to one day in advance) and specify the # interval for logging in minutes # For example... start at 10:00AM and log every 24 hours # (use the 24hr clock...) # #reload at 10:00 1440 # # Set netwatch to leave machines as Inet Numbers rather than names # Default to to resolve names (can be documented by "resolve" keyword) # #noresolve # # Set a special netmask for netwatch to use in its analysis # #netmask 255.255.255.0 # # Set a Fake INET address for use with the Fake netmask in order # to monitor a FAKE Local... # #inetaddr 192.168.1.24 # # The above will cause netwatch to monitor the 192.168.1.X network # as the local LAN (left hand side...). Remember that this is # only useful sometimes (i.e. a bridge) # #logindivbase /root/LOGS/logs. # # Specifies the BASE of all individual log files (where single # hosts are recorded) # #logone 192.168.1.3 # # Set logging of all communication to/from 192.168.1.3 # Entire packets are saved. These logs may be played back via # the simulate mode in netwatch. The log file will be # /root/LOGS/logs.192.168.1.3 # #logremote /root/allremote # # Log all communication to/from remote machines into the file # specified (i.e. /root/allremote ) # #loglocal /root/alllocal # # Log all communication to/from local machines into the file # specified (i.e. /root/alllocal ) # #logall /root/allpackets # # Log all communication into the file # specified (i.e. /root/allpackets ) # #logindiv /root/logs/base. # # Log ALL host communication into SEPARATE log files (according # to their IP address). For example, communication to/from # 192.168.1.5 would be found in /root/logs/base.192.168.1.5 # These files may be put through the netwatch simulation to # analyse exactly what happenned for this host. # (Also, the "/root/logs/base." corresponds to the logindivbase # option) # #playrate 1 # # Set the simulation playrate to 1 (real-time) # 2 (Double speed) # 3 (Quad speed) # 0 (Stopped... manual mode) # #playrate key # # Set the simulation playrate to manual mode # #playback logfile # # Play the file called "logfile" in the netwatch simulation # mode. Play at the playrate specified.
Generated by dwww version 1.15 on Sun Jun 30 10:39:29 CEST 2024.