/etc/ipfm.conf is in ipfm 0.11.5-4.1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 | # Remove this line when finished tuning the configuration
DISABLED
# Global variables
# IPFM can monitor only one device.
#DEVICE eth0
# UTC to output times in UTC, not local time
#UTC
# analyses configurations
##### FIRST LOGGING CONFIGURATION #####
#log subnet 10.10.10.0 when not in relation with subnet 10.10.0.0
LOG 10.10.10.0/255.255.255.0 NOT WITH 10.10.0.0/255.255.0.0
#do not log 10.10.10.10 when in relation with 10.10.10.20
LOG NONE 10.10.10.10 WITH 10.10.10.20
FILENAME "/var/log/ipfm/%Y_%d_%m/%H_%M"
# log every hour at exactly 0:05, 1:05, 2:05 etc.
DUMP EVERY 1 hour AFTER 5 minutes
# clear statistics each day (at 00:05 UTC)
CLEAR EVERY 24 hour
SORT IN
RESOLVE
##### SECOND LOGGING CONFIGURATION #####
# We want to log data exchanged with our subnet but ignore 2 other subnets.
NEWLOG
# Log only local IPs (IPs that will apear in log file)
LOG 192.168.200.0/255.255.255.0
# Do not log local traffic
LOG NONE 192.168.200.0/255.255.255.0 WITH 192.168.200.0/255.255.255.0
# Do not log traffic with my ISP
LOG NONE 192.168.200.0/255.255.255.0 WITH 192.168.201.0/255.255.255.0
LOG NONE 192.168.200.0/255.255.255.0 WITH 192.168.202.0/255.255.255.0
FILENAME "/var/log/ipfm/subnet/%Y_%d_%m_%H"
# Log every hour
DUMP EVERY 1 hour
# Clear statistics every day at 2:00am UTC
CLEAR EVERY 1 day AFTER 2 hours
SORT TOTAL
RESOLVE
|