API tools faq
paste
Advertisement
Guest User

Config file for wvnetflow

a guest
May 29th, 2017
222
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.53 KB | None | 0 0
raw download clone embed print report
  1. /usr/local/webview/flowage/flowage.cfg
  2.  
  3. Fri May 26 15:14:23 2017
  4.  
  5. # =====================================
  6. # Flowage Sample Configuration
  7. # =====================================
  8.  
  9. # ----------------------------------------------------------------------------
  10. # flowage globals
  11. # ----------------------------------------------------------------------------
  12. directory watch /opt/netflow/capture/2055
  13. directory data /opt/netflow/data
  14. directory temp /opt/netflow/tmp
  15. directory cache /opt/netflow/cache
  16. directory hierarchical
  17.  
  18. logging file flowage.log
  19. logging size 1_000_000
  20. index file flowage.idx
  21.  
  22. # "fork" sets the number of concurrent processes.
  23. # fork 4
  24.  
  25. # log the autoclock
  26. track all -clockGood
  27.  
  28. click strict-other
  29. period 300
  30.  
  31. # ----------------------------------------------------------------------------
  32. # define one or more SNMP session data structures
  33. # ----------------------------------------------------------------------------
  34.  
  35. snmp-session snmpDefault
  36. version=2 # snmp version
  37. community=[removed] # set your own community here
  38.  
  39. # ----------------------------------------------------------------------------
  40. # define all the netflow exporters that we'll see data from.
  41. # ----------------------------------------------------------------------------
  42.  
  43. exporter auto 0.0.0.0/0 snmpDefault
  44. exporter no-unknown-interfaces
  45.  
  46. # ----------------------------------------------------------------------------
  47. # define a matrix based on interfaces seen in the flows
  48. # ----------------------------------------------------------------------------
  49.  
  50. if-matrix Interfaces auto aliases=simple
  51.  
  52. # ----------------------------------------------------------------------------
  53. # define output files that might be interesting to look at.
  54. # ----------------------------------------------------------------------------
  55.  
  56. ip access-list extended TRAFFICOUTBOUND
  57. permit ip 192.168.0.0 0.0.0.255 any
  58.  
  59. datafile rrd Applications
  60. Interfaces Applications
  61. Step=60 AutoClock Timestamp=average
  62. IPTracking
  63. out=TRAFFICOUTBOUND
  64.  
  65. index description Applications "View traffic by application"
  66.  
  67. # ----------------------------------------------------------------------------
  68. # define a group of services containing ACLs that match applications we're
  69. # interested in. The ACLs are defined later.
  70. # ----------------------------------------------------------------------------
  71.  
  72. group Applications
  73. Internet_HTTP
  74. Intranet_HTTP
  75. Print
  76. Network
  77. Email
  78. LDAP
  79. FTP
  80. Shell
  81. SQL
  82. Citrix
  83. CiscoWAFS
  84. TSM_Backup
  85. MS_File
  86. MS_RPC
  87. MS_Remote_Desktop
  88. VPN
  89. Multicast
  90. IPT_g711
  91. IPT_g711_untagged
  92. IPT_g729
  93. IPT_g729_untagged
  94. IPT_Signaling
  95.  
  96. # ----------------------------------------------------------------------------
  97. # subnets considered "internal"
  98. # ----------------------------------------------------------------------------
  99.  
  100. ip host-list @local_subnets
  101. 10.0.0.0/8
  102. 172.16.0.0/12
  103. 192.168.0.0/16
  104. 224.0.0.0/4
  105.  
  106. # ----------------------------------------------------------------------------
  107. # heuristic analysis of Microsoft RPC traffic
  108. # ----------------------------------------------------------------------------
  109.  
  110. ip access-list extended EPM
  111. permit tcp any gt 1023 any eq 135
  112.  
  113. dynamic EPM flow %MSRPC_Flows timeout 1
  114.  
  115. # ----------------------------------------------------------------------------
  116. # define ACLs
  117. # ----------------------------------------------------------------------------
  118.  
  119. # --- internet protocols
  120.  
  121. ip access-list extended Internet_HTTP
  122. deny ip host @local_subnets host @local_subnets
  123. permit tcp any any eq 80 reverse # HTTP
  124. permit tcp any any eq 443 reverse # HTTPS
  125.  
  126. ip access-list extended Intranet_HTTP
  127. permit tcp host @local_subnets host @local_subnets eq 80 reverse # HTTP
  128. permit tcp host @local_subnets host @local_subnets eq 443 reverse # HTTPS
  129.  
  130. ip access-list extended MS_File
  131. permit tcp any any eq 445 reverse # CIFS
  132. permit tcp any any range 137 139 reverse # NETBIOS
  133. permit udp any any range 137 139 reverse # NETBIOS
  134.  
  135. ip access-list extended MS_RPC
  136. permit tcp any any eq 135 reverse # EPM
  137. permit tcp host $srcip gt 1023 host $dstip gt 1023 flow %MSRPC_Flows reverse
  138.  
  139. ip access-list extended MS_Remote_Desktop
  140. permit tcp any gt 1023 any eq 3389 reverse # RDP
  141.  
  142. ip access-list extended FTP
  143. permit tcp any any range 20 21 reverse # FTP
  144. permit tcp any any eq 990 reverse # FTP/SSL
  145.  
  146. ip access-list extended Citrix
  147. permit tcp any gt 1023 any eq 1494 reverse # ICA (old)
  148. permit tcp any gt 1023 any eq 2598 reverse # ICA (new)
  149.  
  150. ip access-list extended CiscoWAFS
  151. permit tcp any gt 1023 any eq 4050 reverse # Cisco WAFS
  152.  
  153. ip access-list extended TSM_Backup
  154. permit tcp any gt 1023 any eq 1500 reverse # TSM
  155.  
  156. ip access-list extended Print
  157. permit tcp any any eq 515 reverse # LPR
  158. permit tcp any gt 1023 any eq 9100 reverse # HP
  159.  
  160. ip access-list extended VPN
  161. permit udp any any eq 500 reverse # ISAKMP
  162. permit udp any any eq 4500 reverse # NAT-T
  163. permit esp any any # ESP
  164. permit ah any any # AH
  165.  
  166. ip access-list extended Network
  167. permit udp any any eq 53 reverse # DNS
  168. permit udp any any eq 123 reverse # NTP
  169. permit udp any any range 161 162 reverse # SNMP
  170. permit udp any any range 67 68 reverse # DHCP
  171. permit udp any any eq 427 reverse # SLP
  172. permit icmp any any # ICMP
  173. permit eigrp any any # EIGRP
  174. permit ospf any any # OSPF
  175. permit tcp any any eq 179 reverse # BGP
  176. permit udp any any eq 520 reverse # RIP
  177. permit udp any any range 1645 1646 reverse # RADIUS
  178. permit udp any any range 1812 1813 reverse # RADIUS
  179. permit udp any any eq 514 reverse # SYSLOG
  180. permit udp any any eq 2055 reverse # NETFLOW EXPORT
  181.  
  182. ip access-list extended Email
  183. permit tcp any any eq 25 reverse # SMTP
  184. permit tcp any any eq 143 reverse # IMAP
  185. permit tcp any any eq 110 reverse # POP3
  186. permit tcp any any eq 465 reverse # SMTP / SSL
  187. permit tcp any any eq 993 reverse # IMAP / SSL
  188. permit tcp any any eq 995 reverse # POP3 / SSL
  189.  
  190. ip access-list extended Shell
  191. permit tcp any any eq 22 reverse # SSH
  192. permit tcp any any eq 23 reverse # Telnet
  193. permit tcp any any eq 514 reverse # RSH
  194.  
  195. ip access-list extended LDAP
  196. permit tcp any any range 389 390 reverse # LDAP
  197. permit udp any any range 389 390 reverse # LDAP
  198. permit tcp any any eq 636 reverse # LDAP/SSL
  199. permit tcp any any eq 379 reverse # LDAP Site replication
  200. permit tcp any gt 1023 any range 3268 3269 reverse # LDAP Global Catalog
  201.  
  202. ip access-list extended SQL
  203. permit tcp any gt 1023 any eq 1521 reverse # Oracle TNS Listener
  204. permit tcp any gt 1023 any eq 1523 reverse # Oracle SQLnet2
  205. permit tcp any gt 1023 any eq 1433 reverse # Microsoft SQL
  206. permit udp any gt 1023 any eq 1434 reverse # Microsoft SQL
  207.  
  208. ip access-list extended Multicast
  209. permit ip any 224.0.0.0 15.255.255.255
  210.  
  211. # --- IPT protocols
  212.  
  213. ip access-list extended IPT_g711_untagged
  214. permit udp any gt 1023 any gt 1023 kbps range 76 84 seconds ge 5
  215.  
  216. ip access-list extended IPT_g711
  217. permit udp any any dscp ef kbps range 76 84
  218.  
  219. ip access-list extended IPT_g729_untagged
  220. permit udp any gt 1023 any gt 1023 kbps range 20 28 seconds ge 5
  221.  
  222. ip access-list extended IPT_g729
  223. permit udp any any dscp ef kbps range 20 28
  224.  
  225. ip access-list extended IPT_Signaling
  226. permit tcp any gt 1023 any eq 2000 reverse # SCCP
  227. permit udp any range 2427 2428 any range 2427 2428 # MGCP
  228. permit tcp any gt 1023 any range 1719 1720 reverse # H.323
  229. permit tcp any gt 1023 any eq 5060 reverse # SIP
  230. permit udp any gt 1023 any eq 5060 reverse # SIP
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!