Fix default config file
Oliver Gasser
parent
0a2fd86df2
commit
10fc0ae7cd
|
|
@ -7,12 +7,12 @@
|
|||
<pcap_filter>ip</pcap_filter>
|
||||
<next>2</next>
|
||||
</observer>
|
||||
|
||||
|
||||
<packetQueue id="2">
|
||||
<maxSize>10</maxSize>
|
||||
<next>3</next>
|
||||
</packetQueue>
|
||||
|
||||
|
||||
<packetAggregator id="3">
|
||||
<rule>
|
||||
<templateId>998</templateId>
|
||||
|
|
@ -89,25 +89,9 @@
|
|||
<nonFlowKey>
|
||||
<ieName>tcpControlBits</ieName>
|
||||
</nonFlowKey>
|
||||
<nonFlowKey>
|
||||
<ieName>revflowStartMilliSeconds</ieName>
|
||||
</nonFlowKey>
|
||||
<nonFlowKey>
|
||||
<ieName>revflowEndMilliSeconds</ieName>
|
||||
</nonFlowKey>
|
||||
<nonFlowKey>
|
||||
<ieName>revoctetDeltaCount</ieName>
|
||||
</nonFlowKey>
|
||||
<nonFlowKey>
|
||||
<ieName>revpacketDeltaCount</ieName>
|
||||
</nonFlowKey>
|
||||
<nonFlowKey>
|
||||
<ieName>revtcpControlBits</ieName>
|
||||
</nonFlowKey>
|
||||
</rule>
|
||||
<rule>
|
||||
<templateId>0</templateId>
|
||||
<biflowAggregation>1</biflowAggregation>
|
||||
<flowKey>
|
||||
<ieName>sourceIPv4Address</ieName>
|
||||
</flowKey>
|
||||
|
|
@ -138,31 +122,18 @@
|
|||
<nonFlowKey>
|
||||
<ieName>tcpControlBits</ieName>
|
||||
</nonFlowKey>
|
||||
<nonFlowKey>
|
||||
<ieName>revflowStartMilliSeconds</ieName>
|
||||
</nonFlowKey>
|
||||
<nonFlowKey>
|
||||
<ieName>revflowEndMilliSeconds</ieName>
|
||||
</nonFlowKey>
|
||||
<nonFlowKey>
|
||||
<ieName>revoctetDeltaCount</ieName>
|
||||
</nonFlowKey>
|
||||
<nonFlowKey>
|
||||
<ieName>revpacketDeltaCount</ieName>
|
||||
</nonFlowKey>
|
||||
<nonFlowKey>
|
||||
<ieName>revtcpControlBits</ieName>
|
||||
</nonFlowKey>
|
||||
</rule>
|
||||
<expiration>
|
||||
<inactiveTimeout unit="sec">5</inactiveTimeout>
|
||||
<activeTimeout unit="sec">10</activeTimeout>
|
||||
</expiration>
|
||||
<pollInterval unit="msec">1000</pollInterval>
|
||||
<next>7</next>
|
||||
<next>8</next>
|
||||
<next>6</next>
|
||||
</ipfixAggregator>
|
||||
|
||||
|
||||
<ipfixPrinter id="6">
|
||||
</ipfixPrinter>
|
||||
|
||||
<ipfixExporter id="7">
|
||||
<!--
|
||||
<ipfixPacketRestrictions>
|
||||
|
|
@ -179,13 +150,13 @@
|
|||
<port>1500</port>
|
||||
</collector>
|
||||
</ipfixExporter>
|
||||
|
||||
|
||||
<trwPortscanDetector id="8">
|
||||
<analyzerid>trwportscandetector</analyzerid>
|
||||
<idmeftemplate>idmef/templates/trwportscan_template.xml</idmeftemplate>
|
||||
<next>9</next>
|
||||
</trwPortscanDetector>
|
||||
|
||||
|
||||
<idmefExporter id="9">
|
||||
<sendurl>http://localhost</sendurl>
|
||||
</idmefExporter>
|
||||
|
|
|
|||
Loading…
Reference in New Issue