|
getpacket.conf − Configuration file for getpacket |
|
The file getpacket.conf is read by getpacket for database configuration parameters. This configuration file is searched in the installation configuration directory and is read in on startup. The entries are separated by colons or equal sign: keyword: value keyword= value All line entries after the # sign are treated as a comment and were ignored. If this sign is required you can escape it with a backslash (\): keyword: va\#lue # comment If the first and last character of value are a quote or double quote these characters are stripped and all between is used. This is useful for either empty values or values with white spaces: ´spa ce´ = "spa ce" = spa ce The keywords are case insensitive. |
|
Reference: value |
|
If value is positive then it will be tried to fetch all tagged packets belonging to the session of the given packet in a pcap file. Therefore you need an extended database scheme (see README.payload). |
|
DBuser: name |
|
Specifies the name of the database user who is allowed to do INSERTs and UPDATEs of tables. The default is snort. |
|
DBpassword: password |
|
Specifies the password used among with the DBuser name to connect to the database. Note: An empty password has be noted as ´´ or "", which is the default. |
|
DBname: name |
|
Name of database where servsock should insert the alerts, defaults to snort. |
|
DBtype: name |
|
Type of database to use. Actually only MySQL and Postgres are supported and have to be enabled at compile time of servsock. No default is set since it is not clear which database support was enabled at compile time of servsock. |
|
SocketName: name |
|
This specifies where to find the unix socket of the database. If the word NULL (all capital!) is given, the database libraries find the socket by their own mechanism. This is useful in combination with the PostgreSQL database. |
|
getpacket.conf |
|
You can also use the servsock.conf file. All additional and not needed arguments are ignored, only a warning ist printed to stderr. |
|
getpacket(8), servsock.conf(5) |