# Remove this line when finished tuning the configuration DISABLED # Global variables # IPFM can monitor only one device. #DEVICE eth0 # UTC to output times in UTC, not local time #UTC # analyses configurations ##### FIRST LOGGING CONFIGURATION ##### #log subnet 10.10.10.0 when not in relation with subnet 10.10.0.0 LOG 10.10.10.0/255.255.255.0 NOT WITH 10.10.0.0/255.255.0.0 #do not log 10.10.10.10 when in relation with 10.10.10.20 LOG NONE 10.10.10.10 WITH 10.10.10.20 FILENAME "/var/log/ipfm/%Y_%d_%m/%H_%M" # log every hour at exactly 0:05, 1:05, 2:05 etc. DUMP EVERY 1 hour AFTER 5 minutes # clear statistics each day (at 00:05 UTC) CLEAR EVERY 24 hour SORT IN RESOLVE ##### SECOND LOGGING CONFIGURATION ##### # We want to log data exchanged with our subnet but ignore 2 other subnets. NEWLOG # Log only local IPs (IPs that will apear in log file) LOG 192.168.200.0/255.255.255.0 # Do not log local traffic LOG NONE 192.168.200.0/255.255.255.0 WITH 192.168.200.0/255.255.255.0 # Do not log traffic with my ISP LOG NONE 192.168.200.0/255.255.255.0 WITH 192.168.201.0/255.255.255.0 LOG NONE 192.168.200.0/255.255.255.0 WITH 192.168.202.0/255.255.255.0 FILENAME "/var/log/ipfm/subnet/%Y_%d_%m_%H" # Log every hour DUMP EVERY 1 hour # Clear statistics every day at 2:00am UTC CLEAR EVERY 1 day AFTER 2 hours SORT TOTAL RESOLVE