/etc/flowscan/CampusIO.cf is in flowscan 1.006-13.2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 | # { General Directives #########################################################
# NextHops (OPTIONAL, BUT SUGGESTED IF OutputIfIndexes IS NOT DEFINED)
# a comma-seperated list of IP addresses (or resolvable hostnames), e.g.:
# NextHops gateway.provider.net, gateway.other.net
# OutputIfIndexes (OPTIONAL, BUT SUGGESTED IF NextHops IS NOT DEFINED)
# a comma-seperated list of ifIndexes as determined using SNMP, e.g.:
# $ snmpwalk router.our.domain public interfaces.ifTable.ifEntry.ifDescr
# or by looking at the raw flows from Cflowd to determine the $output_if.
# e.g.:
# OutputIfIndexes 1, 2, 3
# LocalSubnetFiles (REQUIRED)
# a comma-seperated list of one (or more) files containing the definitions
# of "local" subnets, e.g.:
# LocalSubnetFiles local_nets.boulder
LocalSubnetFiles /etc/flowscan/local_nets.boulder
# OutputDir (REQUIRED)
# This is the directory in which RRD files will be written, e.g.:
# OutputDir /var/local/flows/graphs
OutputDir graphs
# LocalNextHops (OPTIONAL)
# a comma-seperated list of IP address (or resolvable hostnames).
#
# This is an "advanced" option which is only necessary if you are exporting
# and collecting flows from multiple Ciscos to the same FlowScan.
#
# Specify all the local Cisco router(s) from you are exporting and
# collecting flows on this FlowScan host. This will ensure that the
# same flow isn't counted twice by ignoring flows destined for these
# next-hops, which otherwise would look as if they're inbound flows.
# (The flow will be counted by the last exporter that forwards it.)
# E.g.:
# LocalNextHops other-router.our.domain
# Verbose (OPTIONAL, non-zero = true)
# Verbose 1
# }{ Web Proxy #################################################################
# WebProxyIfIndex (OPTIONAL)
# The single ifIndex number of the router interface to which HTTP requests are
# being transparently redirected.
# E.g.:
# WebProxyIfIndex 5
# }{ IP Protocols ##############################################################
# Protocols (OPTIONAL)
# a comma-seperated list of IP protocols by name, e.g.:
# Protocols icmp, tcp, udp
Protocols icmp, tcp, udp
# }{ IP Services ###############################################################
# TCPServices (OPTIONAL)
# a comma-seperated list of TCP services by name or number, e.g.:
# TCPServices ftp-data, ftp, smtp, nntp, http, 7070, 554
TCPServices ftp-data, ftp, smtp, nntp, http, 7070, 554
# UDPServices (OPTIONAL)
# a comma-seperated list of UDP services by name or number, e.g.:
# UDPServices domain, snmp, snmp-trap
# }{ Napster ###################################################################
# NapsterSubnetFiles (OPTIONAL)
# a comma-seperated list of one (or more) files containing the definitions
# of "Napster" subnets, e.g.:
# NapsterSubnetFiles Napster_subnets.boulder
NapsterSubnetFiles /etc/flowscan/Napster_subnets.boulder
# NapsterSeconds (OPTIONAL)
# the number of seconds after which a given campus host has communicated
# with a host within the "Napster" subnet(s) will no longer be considered
# to be using the Napster application. E.g. 1/2 an hour:
NapsterSeconds 1800
# NapsterPorts (OPTIONAL)
# a comma-seperated list of default TCP ports used by Napster.
# These will be used to determine the confidence level of whether or not
# it's really Napster traffic.
# (If confidence is low, it will be reported as "NapsterMaybe".)
NapsterPorts 8875, 4444, 5555, 6666, 6697, 6688, 6699, 7777, 8888
# }{ AS & BGP ##################################################################
# ASPairs (OPTIONAL)
# source_AS:destination_AS, e.g.:
# ASPairs 0:0
# (Note that the effect of setting ASPairs will be different based on whether
# you specified "peer-as" or "origin-as" when you configured your Cisco.)
ASPairs 0:0
# BGPDumpFile (OPTIONAL)
# the name of a file containing the output of "show ip bgp" on your Cisco
# exporter. If this option is used, and the specified file exists, it will
# cause the "originAS" and "pathAS" reports to be generated. Furthermore,
# if the BGPDumpFile's modification time is updated, it will be reloaded.
# BGPDumpFile /tmp/router.our.domain.bgp
# ASNFile (OPTIONAL)
# the path of a file containing ASN info in the format of the file at this URL:
# ftp://ftp.arin.net/netinfo/asn.txt
# ASNFile etc/asn.txt
# }{ Top Talkers and AS Reports ################################################
# TopN (OPTIONAL)
# Note that this requires the HTML::Table perl module.
# This is the number of top talkers and listeners to show in the tables
# that will be generated in the "top.html" HTML fragment output file
# TopN 10
# ReportPrefixFormat (OPTIONAL)
# This option is used to specify the file name prefix for any HTML or text
# reports such as the "originAS" and "pathAS" reports.
# You may use strftime(3) format specifiers in the value, and it may also
# specify sub-directories.
# If not set, the prefix defaults to the null string, which means that
# each report to overwrite the previous of that type.
# Create reports with this sort of name "YYYYMMDD/HH:MI_report.html":
# ReportPrefixFormat %Y%m%d/%H:%M_
# Preserve one month by using the day of month in the dir name (like sar(1)):
# ReportPrefixFormat %d/%H:%M_
# Preserve one day by using only the hour and minute in the dir name:
# ReportPrefixFormat %H:%M/
# } ############################################################################
|