Content-type: text/html Manpage of RAMUX.CONF

RAMUX.CONF

Section: User Commands (1)
Updated: 07 November 2000
Index Return to Main Contents
 

NAME

ramux.conf - ramux resource file.  

SYNOPSIS

ramux.conf  

COPYRIGHT

Copyright (c) 2000 QoSient, LLC All rights reserved.  

DESCRIPTION

RaMux will open this ramux.conf if its installed as /etc/ramux.conf. It will also search for this file as ramux.conf in directories specified in $RAMUXPATH, or $RAMUXHOME, $RAMUXHOME/lib, or $HOME, $HOME/lib, and parse it to set common configuration options. All values in this file can be overriden by command line options, or other files of this format that can be read in using the -F option.

 

Variable Syntax

Variable assignments must be of the form:

  VARIABLE=
with no white space between the VARIABLE and the '=' sign. Quotes are optional for string arguments, but if you want to embed comments, then quotes are required.

 

ARGUS_DAEMON

RaMux is capable of running as a daemon, doing all the right things that daemons do. When this configuration is used for the system daemon process, say for /etc/ramux.conf, this variable should be set to "yes".

The default value is to not run as a daemon.

This example is to support the ./support/Startup/ramux script which requires that this variable be set to "yes".

Commandline equivalent -d

ARGUS_DAEMON=yes

 

ARGUS_MONITOR_ID

RaMux Monitor Data is uniquely identifiable based on the source identifier that is included in each output record. This is to allow you to work with RaMux Data from multiple monitors at the same time. The ID is 32 bits long, and so legitimate values are 0 - 4294967296 but ramux also supports IP addresses as values. The configuration allows for you to use host names, however, do have some understanding how `hostname` will be resolved by the nameserver before commiting to this strategy completely.

Commandline equivalent -e

ARGUS_MONITOR_ID=`hostname`
                                          

 

ARGUS_ACCESS_PORT

RaMux monitors can provide a real-time remote access port for collecting RaMux data. This is a TCP based port service and the default port number is tcp/561, the "experimental monitor" service. This feature is disabled by default, and can be forced off by setting it to zero (0).

When you do want to enable this service, 561 is a good choice, as all ra* clients are configured to try this port by default.

Commandline equivalent -P

ARGUS_ACCESS_PORT=561

 

ARGUS_BIND_IP

When remote access is enabled (see above), you can specify that RaMux should bind only to a specific IP address. This is useful, for example, in restricting access to the local host, or binding to a private interface while capturing from another. The default is to bind to any IP address.

Commandline equivalent -B

ARGUS_BIND_IP="127.0.0.1"

 

ARGUS_OUTPUT_FILE

RaMux can write its output to one or a number of files, default limit is 5 concurrent files, each with their own independant filters.

The format is:

     ARGUS_OUTPUT_FILE=/full/path/file/name
     ARGUS_OUTPUT_FILE=/full/path/file/name "filter"

Most sites will have ramux write to a file, for reliablity and performance. The example file name is used here as supporting programs, such as ./support/Archive/ramuxarchive are configured to use this file.

Commandline equivalent -w

ARGUS_OUTPUT_FILE=/var/log/ramux/ramux.out

 

ARGUS_SET_PID

When RaMux is configured to run as a daemon, with the -d option, RaMux can store its pid in a file, to aid in managing the running daemon. However, creating a system pid file requires priviledges that may not be appropriate for all cases.

When configured to generate a pid file, if RaMux cannot create the pid file, it will fail to run. This variable is available to override the default, in case this gets in your way.

The default value is to generate a pid.

No Commandline equivalent

ARGUS_SET_PID=yes

 

ARGUS_DEBUG_LEVEL

If compiled to support this option, RaMux is capable of generating a lot of debug information.

The default value is zero (0).

Commandline equivalent -D

ARGUS_DEBUG_LEVEL=0

 

ARGUS_FILTER_OPTIMIZER

RaMux uses the packet filter capabilities of libpcap. If there is a need to not use the libpcap filter optimizer, you can turn it off here. The default is to leave it on.

Commandline equivalent -O

ARGUS_FILTER_OPTIMIZER=yes

 

ARGUS_FILTER

You can provide a filter expression here, if you like. It should be limited to 2K in length. The default is to not filter.

No Commandline equivalent

ARGUS_FILTER=""

 

SEE ALSO

ramux(8)


 

Index

NAME
SYNOPSIS
COPYRIGHT
DESCRIPTION
Variable Syntax
ARGUS_DAEMON
ARGUS_MONITOR_ID
ARGUS_ACCESS_PORT
ARGUS_BIND_IP
ARGUS_OUTPUT_FILE
ARGUS_SET_PID
ARGUS_DEBUG_LEVEL
ARGUS_FILTER_OPTIMIZER
ARGUS_FILTER
SEE ALSO

This document was created by man2html, using the manual pages.
Time: 14:02:36 GMT, October 25, 2001