## ## flowscan-cuflow.cf -- flowscan(1) CUFlow reporter configuration ## # the Round-Robin-Database (RRD) storage location OutputDir @l_prefix@/var/flowscan/cuflow/rrd # generate top N and over-time-average top N reports Scoreboard 10 @l_prefix@/var/flowscan/cuflow/web @l_prefix@/var/flowscan/cuflow/web/topten.html AggregateScore 10 @l_prefix@/var/flowscan/cuflow/web/aggregate.txt @l_prefix@/var/flowscan/cuflow/web/overall.html # multicast tracking support Multicast # the NetFlow exporters Router 192.168.0.1 router1.example.com Router 192.168.0.2 router2.example.com # subnets (to determine whether a packet is inbound our outbound) Subnet 192.168.0.0/24 # track by networks Network 192.168.0.0/24 example.com Network 192.168.0.1/32,192.168.0.2/32 host.example.com # track by services Service 20-21/tcp ftp Service 22/tcp ssh Service 23/tcp telnet Service 25/tcp smtp Service 53/udp,53/tcp dns Service 69/udp tftp Service 80/tcp http Service 110/tcp pop3 Service 111/udp,111/tcp sunrpc Service 113/tcp ident Service 119/tcp nntp Service 123/udp,123/tcp ntp Service 142-143/tcp imap Service 161-162/udp snmp Service 389/tcp ldap Service 443/tcp https Service 514/udp syslog Service 540/tcp uucp Service 563/tcp nntps Service 636/tcp ldaps Service 873/tcp rsync Service 989-990/tcp ftps Service 993/tcp imaps Service 995/tcp pop3s Service 1645-1646/udp,1812-1813/udp radius Service 194/tcp,6665-6669/tcp irc # track by protocols Protocol 1 icmp Protocol 6 tcp Protocol 17 udp Protocol 112 vrrp # track by ToS TOS 0 normal TOS 1-255 other