summaryrefslogtreecommitdiff
path: root/doc/stats
diff options
context:
space:
mode:
authorGaurav Sinha <gaurav.sinha@vyatta.com>2012-01-12 14:45:24 -0800
committerGaurav Sinha <gaurav.sinha@vyatta.com>2012-01-12 14:45:24 -0800
commitca37a710d526d17490ebdc3af760bfddd316426d (patch)
treecaeb883cf2302d30e010909bc543b09e191472cb /doc/stats
parentc4414d9a8b31bedfb7471cd2365aaf5ea5cf55d5 (diff)
parent414fedd879fdc3cd0a910acd2fd9262251a6bfe7 (diff)
downloadconntrack-tools-ca37a710d526d17490ebdc3af760bfddd316426d.tar.gz
conntrack-tools-ca37a710d526d17490ebdc3af760bfddd316426d.zip
Updating upstream with merged content from netfilter conntrack-tools version 1.0.1
Diffstat (limited to 'doc/stats')
-rw-r--r--doc/stats/conntrackd.conf25
-rw-r--r--doc/stats/conntrackd.conf.orig121
2 files changed, 13 insertions, 133 deletions
diff --git a/doc/stats/conntrackd.conf b/doc/stats/conntrackd.conf
index 0941f64..16d7a80 100644
--- a/doc/stats/conntrackd.conf
+++ b/doc/stats/conntrackd.conf
@@ -67,6 +67,18 @@ General {
#
NetlinkBufferSizeMaxGrowth 655355
+ #
+ # By default, the daemon receives state updates following an
+ # event-driven model. You can modify this behaviour by switching to
+ # polling mode with the PollSecs clause. This clause tells conntrackd
+ # to dump the states in the kernel every N seconds. With regards to
+ # synchronization mode, the polling mode can only guarantee that
+ # long-lifetime states are recovered. The main advantage of this method
+ # is the reduction in the state replication at the cost of reducing the
+ # chances of recovering connections.
+ #
+ # PollSecs 15
+
#
# Event filtering: This clause allows you to filter certain traffic,
# There are currently three filter-sets: Protocol, Address and
@@ -81,6 +93,7 @@ General {
#
Protocol Accept {
TCP
+ # UDP
}
#
@@ -118,18 +131,6 @@ Stats {
#
# NetlinkEventsReliable Off
- #
- # By default, the daemon receives state updates following an
- # event-driven model. You can modify this behaviour by switching to
- # polling mode with the PollSecs clause. This clause tells conntrackd
- # to dump the states in the kernel every N seconds. With regards to
- # synchronization mode, the polling mode can only guarantee that
- # long-lifetime states are recovered. The main advantage of this method
- # is the reduction in the state replication at the cost of reducing the
- # chances of recovering connections.
- #
- # PollSecs 15
-
#
# Enable connection logging via Syslog. Default is off.
# Syslog: on, off or a facility name (daemon (default) or local0..7)
diff --git a/doc/stats/conntrackd.conf.orig b/doc/stats/conntrackd.conf.orig
deleted file mode 100644
index 1f1a697..0000000
--- a/doc/stats/conntrackd.conf.orig
+++ /dev/null
@@ -1,121 +0,0 @@
-#
-# General settings
-#
-General {
- #
- # Set the nice value of the daemon. This value goes from -20
- # (most favorable scheduling) to 19 (least favorable). Using a
- # negative value reduces the chances to lose state-change events.
- # Default is 0. See man nice(1) for more information.
- #
- Nice -1
-
- #
- # Number of buckets in the caches: hash table
- #
- HashSize 8192
-
- #
- # Maximum number of conntracks:
- # it must be >= $ cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
- #
- HashLimit 65535
-
- #
- # Logfile: on (/var/log/conntrackd.log), off, or a filename
- # Default: off
- #
- #LogFile on
-
- #
- # Syslog: on, off or a facility name (daemon (default) or local0..7)
- # Default: off
- #
- #Syslog on
-
- #
- # Lockfile
- #
- LockFile /var/lock/conntrack.lock
-
- #
- # Unix socket configuration
- #
- UNIX {
- Path /var/run/conntrackd.ctl
- Backlog 20
- }
-
- #
- # Netlink socket buffer size
- #
- NetlinkBufferSize 262142
-
- #
- # Increase the socket buffer up to maximun if required
- #
- NetlinkBufferSizeMaxGrowth 655355
-
- #
- # Event filtering: This clause allows you to filter certain traffic,
- # There are currently three filter-sets: Protocol, Address and
- # State. The filter is attached to an action that can be: Accept or
- # Ignore. Thus, you can define the event filtering policy of the
- # filter-sets in positive or negative logic depending on your needs.
- #
- Filter {
- #
- # Accept only certain protocols: You may want to log the
- # state of flows depending on their layer 4 protocol.
- #
- Protocol Accept {
- TCP
- }
-
- #
- # Ignore traffic for a certain set of IP's.
- #
- Address Ignore {
- IPv4_address 127.0.0.1 # loopback
- }
-
- #
- # Uncomment this line below if you want to filter by flow state.
- # The existing TCP states are: SYN_SENT, SYN_RECV, ESTABLISHED,
- # FIN_WAIT, CLOSE_WAIT, LAST_ACK, TIME_WAIT, CLOSED, LISTEN.
- #
- # State Accept {
- # ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP
- # }
- }
-}
-
-Stats {
- #
- # If you enable this option, the daemon writes the information about
- # destroyed connections to a logfile. Default is off.
- # Logfile: on, off, or a filename
- # Default file: (/var/log/conntrackd-stats.log)
- #
- LogFile on
-
- #
- # By default, the daemon receives state updates following an
- # event-driven model. You can modify this behaviour by switching to
- # polling mode with the PollSecs clause. This clause tells conntrackd
- # to dump the states in the kernel every N seconds. With regards to
- # synchronization mode, the polling mode can only guarantee that
- # long-lifetime states are recovered. The main advantage of this method
- # is the reduction in the state replication at the cost of reducing the
- # chances of recovering connections.
- #
- # PollSecs 15
-
- #
- # Enable connection logging via Syslog. Default is off.
- # Syslog: on, off or a facility name (daemon (default) or local0..7)
- # If you set the facility, use the same as in the General clause,
- # otherwise you'll get a warning message.
- #
- #Syslog on
-}