/* ** $Id: example-iplog.conf,v 1.2 2000/12/31 18:40:40 odin Exp $ ** ** Example iplog configuration file. ** Edit me and copy me to /etc/iplog.conf ** ** See iplog.conf(5) for details on syntax and a full description ** of available options. */ # Run as an unprivileged account with the login "iplog" user iplog # Run with group "nogroup" group nogroup # User "iplog" has write permission for the directory "/var/run/iplog" pid-file /var/run/iplog/iplog.pid # Log to /var/log/iplog logfile /var/log/iplog # Use the syslog(3) facility log_daemon. facility log_daemon # Use the syslog(3) priority (level) log_info. priority log_info # Log the IP address as well as the hostname of packets. set log_ip true # Do not log the destination of packets. set log_dest false # Ignore DNS traffic from nameservers in /etc/resolv.conf. set ignore_dns # Listen on eth0 and eth1 #interface eth0,eth1 interface eth0 # Operate in promiscuous mode and watch the 192.168.0.x network #promisc 192.168.0.0/24 /* ** Ignore DNS traffic from nameservers. ** Using the -d option will add similar rules for all nameservers ** listed in /etc/resolv.conf */ #ignore udp from 218.176.253.65 sport 53 #ignore udp from 43.224.255.20 sport 53 # Example log statement. #log tcp dport 1045:1055 sport ftp-data # Ignore ftp-data connections from to ports 1024 and above. ignore tcp dport 1024: sport 20 # Ignore WWW connections, if you're running a WWW server. ignore tcp dport 80 # Ignore ICMP unreach. ignore icmp type unreach # Ignore all ICMP except ICMP echo packets. #ignore icmp type !echo # Ignore UDP traffic from the 127.1.2 network #ignore udp from 127.1.2/24 # or #ignore udp from 127.1.2/255.255.255.0 # Ignore Media ignore udp dport 6970:7170 sport 1024: # Ignore SSH ignore tcp dport 22 # Ignore POP3 ignore tcp dport 110 # Ignore MSBLAST #ignore tcp dport 135 ignore icmp type echo