getpacket.conf

NAME
DESCRIPTION
PARAMETERS
FILES
NOTES
SEE ALSO

NAME

getpacket.conf − Configuration file for getpacket

DESCRIPTION

The file getpacket.conf is read by getpacket for database configuration parameters. This configuration file is searched in the installation configuration directory and is read in on startup.

The entries are separated by colons or equal sign:

keyword: value

keyword= value

All line entries after the # sign are treated as a comment and were ignored. If this sign is required you can escape it with a backslash (\):

keyword: va\#lue # comment

If the first and last character of value are a quote or double quote these characters are stripped and all between is used. This is useful for either empty values or values with white spaces:

´spa ce´ = "spa ce" = spa ce

The keywords are case insensitive.

PARAMETERS

Reference: value

If value is positive then it will be tried to fetch all tagged packets belonging to the session of the given packet in a pcap file. Therefore you need an extended database scheme (see README.payload).

DBuser: name

Specifies the name of the database user who is allowed to do INSERTs and UPDATEs of tables. The default is snort.

DBpassword: password

Specifies the password used among with the DBuser name to connect to the database. Note: An empty password has be noted as ´´ or "", which is the default.

DBname: name

Name of database where servsock should insert the alerts, defaults to snort.

DBtype: name

Type of database to use. Actually only MySQL and Postgres are supported and have to be enabled at compile time of servsock. No default is set since it is not clear which database support was enabled at compile time of servsock.

SocketName: name

This specifies where to find the unix socket of the database. If the word NULL (all capital!) is given, the database libraries find the socket by their own mechanism. This is useful in combination with the PostgreSQL database.

FILES

getpacket.conf

NOTES

You can also use the servsock.conf file. All additional and not needed arguments are ignored, only a warning ist printed to stderr.

SEE ALSO

getpacket(8), servsock.conf(5)