Content-type: text/html
RaMux will open this ramux.conf if its installed as /etc/ramux.conf. It will also search for this file as ramux.conf in directories specified in $RAMUXPATH, or $RAMUXHOME, $RAMUXHOME/lib, or $HOME, $HOME/lib, and parse it to set common configuration options. All values in this file can be overriden by command line options, or other files of this format that can be read in using the -F option.
Variable assignments must be of the form:
VARIABLE=with no white space between the VARIABLE and the '=' sign. Quotes are optional for string arguments, but if you want to embed comments, then quotes are required.
RaMux is capable of running as a daemon, doing all the right things that daemons do. When this configuration is used for the system daemon process, say for /etc/ramux.conf, this variable should be set to "yes".
The default value is to not run as a daemon.
This example is to support the ./support/Startup/ramux script which requires that this variable be set to "yes".
Commandline equivalent -d
ARGUS_DAEMON=yes
RaMux Monitor Data is uniquely identifiable based on the source identifier that is included in each output record. This is to allow you to work with RaMux Data from multiple monitors at the same time. The ID is 32 bits long, and so legitimate values are 0 - 4294967296 but ramux also supports IP addresses as values. The configuration allows for you to use host names, however, do have some understanding how `hostname` will be resolved by the nameserver before commiting to this strategy completely.
Commandline equivalent -e
ARGUS_MONITOR_ID=`hostname`
RaMux monitors can provide a real-time remote access port for collecting RaMux data. This is a TCP based port service and the default port number is tcp/561, the "experimental monitor" service. This feature is disabled by default, and can be forced off by setting it to zero (0).
When you do want to enable this service, 561 is a good choice, as all ra* clients are configured to try this port by default.
Commandline equivalent -P
ARGUS_ACCESS_PORT=561
When remote access is enabled (see above), you can specify that RaMux should bind only to a specific IP address. This is useful, for example, in restricting access to the local host, or binding to a private interface while capturing from another. The default is to bind to any IP address.
Commandline equivalent -B
ARGUS_BIND_IP="127.0.0.1"
RaMux can write its output to one or a number of files, default limit is 5 concurrent files, each with their own independant filters.
The format is:
ARGUS_OUTPUT_FILE=/full/path/file/name ARGUS_OUTPUT_FILE=/full/path/file/name "filter"
Most sites will have ramux write to a file, for reliablity and performance. The example file name is used here as supporting programs, such as ./support/Archive/ramuxarchive are configured to use this file.
Commandline equivalent -w
ARGUS_OUTPUT_FILE=/var/log/ramux/ramux.out
When RaMux is configured to run as a daemon, with the -d option, RaMux can store its pid in a file, to aid in managing the running daemon. However, creating a system pid file requires priviledges that may not be appropriate for all cases.
When configured to generate a pid file, if RaMux cannot create the pid file, it will fail to run. This variable is available to override the default, in case this gets in your way.
The default value is to generate a pid.
No Commandline equivalent
ARGUS_SET_PID=yes
If compiled to support this option, RaMux is capable of generating a lot of debug information.
The default value is zero (0).
Commandline equivalent -D
ARGUS_DEBUG_LEVEL=0
RaMux uses the packet filter capabilities of libpcap. If there is a need to not use the libpcap filter optimizer, you can turn it off here. The default is to leave it on.
Commandline equivalent -O
ARGUS_FILTER_OPTIMIZER=yes
You can provide a filter expression here, if you like. It should be limited to 2K in length. The default is to not filter.
No Commandline equivalent
ARGUS_FILTER=""