IPMON(4) File Formats and Configurations IPMON(4)


NAME


ipmon, ipmon.conf - ipmon configuration file format

DESCRIPTION


The format for files accepted by ipmon is described by the following
grammar:

"match" "{" matchlist "}" "do" "{" doing "}" ";"

matchlist ::= matching [ "," matching ] .
matching ::= direction | dstip | dstport | every | group | interface |
logtag | nattag | protocol | result | rule | srcip | srcport .

dolist ::= doing [ "," doing ] .
doing ::= execute | save | syslog .

direction ::= "in" | "out" .
dstip ::= "dstip" "=" ipv4 "/" number .
dstport ::= "dstport" "=" number .
every ::= "every" every-options .
execute ::= "execute" "=" string .
group ::= "group" "=" string | "group" "=" number .
interface ::= "interface" "=" string .
logtag ::= "logtag" "=" string | "logtag" "=" number .
nattag ::= "nattag" "=" string .
protocol ::= "protocol" "=" string | "protocol" "=" number .
result ::= "result" "=" result-option .
rule ::= "rule" "=" number .
srcip ::= "srcip" "=" ipv4 "/" number .
srcport ::= "srcport" "=" number .
type ::= "type" "=" ipftype .
ipv4 ::= number "." number "." number "." number .

every-options ::= "second" | number "seconds" | "packet" | number "packets" .
result-option ::= "pass" | "block" | "short" | "nomatch" | "log" .
ipftype ::= "ipf" | "nat" | "state" .


In addition, lines that start with a # are considered to be comments.

OVERVIEW


The ipmon configuration file is used for defining rules to be executed
when logging records are read from /dev/ipl.

At present, only IPv4 matching is available for source/destination
address matching.

MATCHING


Each rule for ipmon consists of two primary segments: the first describes
how the log record is to be matched, the second defines what action to
take if there is a positive match. All entries of the rules present in
the file are compared for matches - there is no first or last rule match.

FILES


/dev/ipl
/dev/ipf
/dev/ipnat
/dev/ipstate
/etc/ipmon.conf

SEE ALSO


ipmon(1M), ipfilter(5)


March 18, 2015 IPMON(4)