DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

ipmon (SFF)




NAME

     ipmon, ipmon.conf - ipmon configuration file format


DESCRIPTION

     The format for files accepted by ipmon is described  by  the
     following grammar:

     "match" "{" matchlist "}" "do" "{" doing "}" ";"

     matchlist ::= matching [ "," matching ] .
     matching  ::= direction | dstip | dstport | every | group | interface |
                   logtag | nattag | protocol | result | rule | srcip | srcport .

     dolist ::= doing [ "," doing ] .
     doing  ::= execute | save | syslog .

     direction ::= "in" | "out" .
     dstip     ::= "dstip" "=" ipv4 "/" number .
     dstport   ::= "dstport" "=" number .
     every     ::= "every" every-options .
     execute   ::= "execute" "=" string .
     group     ::= "group" "=" string | "group" "=" number .
     interface ::= "interface" "=" string .
     logtag    ::= "logtag" "=" string | "logtag" "=" number .
     nattag    ::= "nattag" "=" string .
     protocol  ::= "protocol" "=" string | "protocol" "=" number .
     result    ::= "result" "=" result-option .
     rule      ::= "rule" "=" number .
     srcip     ::= "srcip" "=" ipv4 "/" number .
     srcport   ::= "srcport" "=" number .
     type      ::= "type" "=" ipftype .
     ipv4      ::= number "." number "." number "." number .

     every-options ::= "second" | number "seconds" | "packet" | number "packets" .
     result-option ::= "pass" | "block" | "short" | "nomatch" | "log" .
     ipftype ::= "ipf" | "nat" | "state" .

     In addition, lines that start with a # are considered to  be
     comments.

     The ipmon configuration file is used for defining  rules  to
     be executed when logging records are read from /dev/ipl.

     At  present,   only   IPv4   matching   is   available   for
     source/destination address matching.


MATCHING

     Each rule for ipmon consists of two  primary  segments:  the
     first  describes  how  the  log record is to be matched, the
     second defines what action to take if there  is  a  positive
     match.   All  entries  of  the rules present in the file are
     compared for matches - there is no first or last rule match.


FILES

     /dev/ipl
     /dev/ipf
     /dev/ipnat
     /dev/ipstate
     /etc/ipmon.conf


SEE ALSO

     ipmon(TC), ipl(ADMP)


Man(1) output converted with man2html