# # BRICKreporter Configuration File # # # Define the networks and/or hosts you want to be accounted. # "Account" means, traffic from or to these networks are counted. # # This will be usually your local network but can be cut down to # one single host if you like to. # # Entries must be comma-seperated and must be in one line. # # The syntax for these entries is: address/bitmask or address:netmask # Be sure to use the "/" for bitmask entries and the ":" for quaddotted # netmask and to seperate multiple entries by a comma. # Examples: # 192.168.10.0/24 -> Account the net 192.168.10.0-255 # 192.168.10.5/32 -> Account the host 192.168.10.5 # 192.168.10.64:255.255.255.192 -> Account the subnet 192.168.10.64-127 # Hint: If neither a records source- nor destination-address is matching # the NETS_TO_ACCOUNT-list, it will be dropped, even if they are not # on the NETS_TO_DROP list. The purpose of the NETS_TO_DROP list is i # to exclude addresses from your otherwise accounted nets. # # This must be set! # NETS_TO_ACCOUNT = # # Define the networks and/or hosts you do NOT want to be counted, i.e. # which will be dropped. You can drop both local or remote addresses, # if you do not want them to show up in the reports. # Entries must be comma-seperated and must be in one line. See the # comments above (NETS_TO_ACCOUNT) for details. # NETS_TO_DROP = # # Set the time period for which accounting should be done. # You can leave away any date-field from top to bottom. That means: # a) You give day, month and year = only that day is accounted # b) You only give month and year = that full month is accounted # c) You only give the year = that full year is accounted # d) You give none of the above = all information is accounted (default) # # Examples: # ACC_DATE_DAY = 21 ACC_DATE_DAY = ACC_DATE_DAY = # ACC_DATE_MONTH = 3 ACC_DATE_MONTH = 4 ACC_DATE_MONTH = # ACC_DATE_YEAR = 1999 ACC_DATE_YEAR = 1999 ACC_DATE_YEAR = 1998 # = acc. 21th March '99 = acc. full April '99 = acc. full year 1998 # ACC_DATE_DAY = # 1-31 ACC_DATE_MONTH = # 1-12 ACC_DATE_YEAR = # 1900-future # # Set this to the name of the BRICK you want to analyze (as it appears in the logfile, # that means case is sensitive). # # You can omit this entry if there is only one BRICK writing accounting- # information into your logfile. # BRICK_NAME = # # Set the output format of BRICKreporter to one of the values TEXT, HTML or BOTH # (defaults to TEXT) # OUTPUT_FORMAT = TEXT # # Set the output level format to one of the values COMPACT, SHORT or LONG # COMPACT generates Top-Ten lists and traffic by service overview # SHORT generates records for every source address plus the above # LONG also adds records for every source to destination connection plus the # above # (defaults to COMPACT) # OUTPUT_LEVEL = COMPACT # # Set the filename for the ascii-output # (defaults to ./brickreporter.txt or ./brickreporter-DD.MM.YYYY.txt # if you have set a date above or via commandline) # OUTPUT_TEXT_FILENAME= # # Set the filename for the html-output # (defaults to ./brickreporter.html or ./brickreporter-DD.MM.YYYY.html # if you have set a date above or via commandline) # OUTPUT_HTML_FILENAME= # # Should the source-ip-addresses be resolved to hostnames? # Warning: Resolving all hostnames in a huge logfile may take a very, # very long time (though CPU-time is kept small anyway). # That's why this setting defaults to NO if not otherwise set here. # Resolving is reasonably fast for COMPACT reports since only the # the Top-Ten have to be looked up. # RESOLVE_SRC_IP = NO # # Should the destination-ip-addresses be resolved to hostnames? # Warning: Resolving all hostnames in a huge logfile may take a very, # very long time (though CPU-time is kept small anyway). # That's why this setting defaults to NO if not otherwise set here. # Resolving is reasonably fast for COMPACT reports since only the # the Top-Ten have to be looked up. # RESOLVE_DEST_IP = NO # # The SERVICES_WATERMARK defines the percentage of total traffic a # service must reach to be listed in the "Traffic by service"-report. # Services with less traffic are otherwise cumulated under "MISC". # A (default) value of 0.5 % or greater is reasonable and helps you # keeping your traffic report clear. If you really want to see all # services in the report, set this to 0 # SERVICES_WATERMARK = 0.5 # # end of BRICKreporter configuration #