shoki.widgets - format of shoki widget config files
The config files for the various shoki widgets share a common format. Each config file consists of a list of directives, one per line, terminated with a semicolon. Non-quoted whitespace is ignored.
In the descriptions below: STRING refers to a double quoted string of arbitrary, non-newline characters. The double quote itself may be included as part of such a string by escaping it with a slash; INTEGER is an unquoted integer expression.
The following directives are valid within shoki widget config files (note that not all may be meaningful for some widgets):
chrdir = STRING ;
chroot = STRING ;
If specified, widget will do a chroot(2) to the given directory. count = INTEGER;
max_count = INTEGER;
Read no more than the given number of packets. If no value is given (or if count is set to zero), all packets from the given data stream will be read. dbhost = STRING ; Specifies the name of the database host. If none is given, the widget will attempt to connect to the database on a local UNIX socket. dbname = STRING ; Specifies the name of the database to connect to. dbpass = STRING ; Specifies the passwd to use when connecting to the database. This should only be necessary if the database is running on another machine. dev = STRING ;
device = STRING ;
Specifies the devices the widget will listen for network traffic on. dumps = STRING ;
filter = STRING ;
The widget will read a pcap-style filter expression from the specified file and use it as a base filter. filterlist = STRING ; The widget will read shoki filters from the specified file. format = STRING ; Specifies a custom output format for the widget. This will significantly impact performance. jabber_contact = STRING ; Specifies a jabber ID to send alerts to. Use multiple jabber_contact declarations to send alerts to multiple IDs. jabber_luser = STRING ;
jabber_user = STRING ;
jabber_username = STRING ;
Specifies the jabber luser jabber-aware widgets will send messages as. jabber_passwd = STRING ;
jabber_password = STRING ;
Specifies the passwd for the jabber ID given in the jabber_luser declaration. jabber_port = INTEGER; Specifies the port the jabber server is running on. Defaults to the default port defined in the jabber client library. jabber_resource = STRING ; Specifies the jabber resource string for outbound messages. If you dont know what this means, you dont need to fiddle with it. jabber_server = STRING ; Specifies the jabber server through which the widget should attempt to send and receive messages. logfname = STRING ; The widget will append its output to the specified file. If not specified, most widgets will write output via syslog(2). luser = STRING ;
user = STRING ;
If specified, the widget will setuid/setgid to the specified luser. pidfile = STRING ; Widgets that run as a daemon will write their PID to the specified file. snaplen = INTEGER; Specifies a default snaplen (length in bytes of captured packets) to preserve/analyse. The snaplen given in a shoki filter has precedence over this default value. start = INTEGER; If specified, widget will only look at packets with timestamps on or after the given timestamp (in seconds after the start of the epoch). stop = INTEGER; If specified, widget will only look at packets with timestamps on or before the given timestamp (in seconds after the start of the epoch). syn_fingerprints = STRING ; Widget will read SYN fingerprints from the specified file for use in passive fingerprinting. syn_ack_fingerprints = STRING ; Widget will read SYN-ACK fingerprints from the specified file for use in passive fingerprinting.
.An Stephen P. Berry <email@example.com>
More information can be found at the shoki homepage:
Check the README at the top of the source tree.
|November 27, 2003||SHOKI.WIDGETS (5)||shoki|