# Config file for /etc/init.d/fprobe DAEMON=/usr/sbin/fprobe-ulog # ULOG group bitwise mask (default 1) # ULOG_GROUP=1 # If configured, only capture packets matching this tcpdump expression #FILTER="" # Flow state timers #TIMER_EXPIRED=5 #TIMER_FRAGMENTED=30 #TIMER_IDLE=60 #TIMER_ACTIVE=300 # This is the default and should be left unless you know what you are doing #FLOW_VER=5 # local ip. if configured fprobe will use this as the source IP for sending ALL flow data # If you want to specify a specific source address per collecter, customize it below #LOCALIP= # SNMP iface id SNMP_IFACE="${IFACE//eth}" # Maximum number of concurrent flows to track # using a specified amount of memory #MEMBULK=10000 #MEMLIMIT= # Pending queue #PENDING=100 # Kernel capture buffer size (kB) #KERNBUF=1024 # Realtime priority [0=disabled, 1..99] #RTPRIO=0 # Delay N nanoseconds after each B bytes #DELAY="0:0" # How much of the start of each packet to grab #SNAPLEN=256 # chroot() to this location after startup CHROOT="/var/empty" # User to run as. must have perms to the pidfile directory /var/run/fprobe/ USER=nobody # logging level for syslog (0=EMERG, ..., 6=INFO, 7=DEBUG) #LOGLEVEL=6 # If you want to run multiple instances of fprobe, # You MUST set this variable to a unique INTEGER for each one! PIDFILE_ID='' # remote ip. this is where we send flows REMOTEIP=127.0.0.1 # port to listen on PORT=2055 # Collector type, see the manpage for valid types TYPE='' # If you want multiple collectors, just specify each one here COLLECTORS="${REMOTEIP}:${PORT}/${LOCALIP}/${TYPE}"