diff options
Diffstat (limited to 'usr/src/man/man4/ipmon.4')
| -rw-r--r-- | usr/src/man/man4/ipmon.4 | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/usr/src/man/man4/ipmon.4 b/usr/src/man/man4/ipmon.4 new file mode 100644 index 0000000000..9f38eb0551 --- /dev/null +++ b/usr/src/man/man4/ipmon.4 @@ -0,0 +1,72 @@ +'\" te +.\" To view license terms, attribution, and copyright for IP Filter, the +.\" default path is /usr/lib/ipf/IPFILTER.LICENCE. If the Illumos operating +.\" environment has been installed anywhere other than the default, modify the +.\" given path to access the file at the installed location. +.\" Portions Copyright (c) 2015, Joyent, Inc. +.TH IPMON 4 +.SH NAME +ipmon, ipmon.conf \- ipmon configuration file format +.SH DESCRIPTION +The format for files accepted by ipmon is described by the following grammar: +.LP +.nf +"match" "{" matchlist "}" "do" "{" doing "}" ";" + +matchlist ::= matching [ "," matching ] . +matching ::= direction | dstip | dstport | every | group | interface | + logtag | nattag | protocol | result | rule | srcip | srcport . + +dolist ::= doing [ "," doing ] . +doing ::= execute | save | syslog . + +direction ::= "in" | "out" . +dstip ::= "dstip" "=" ipv4 "/" number . +dstport ::= "dstport" "=" number . +every ::= "every" every-options . +execute ::= "execute" "=" string . +group ::= "group" "=" string | "group" "=" number . +interface ::= "interface" "=" string . +logtag ::= "logtag" "=" string | "logtag" "=" number . +nattag ::= "nattag" "=" string . +protocol ::= "protocol" "=" string | "protocol" "=" number . +result ::= "result" "=" result-option . +rule ::= "rule" "=" number . +srcip ::= "srcip" "=" ipv4 "/" number . +srcport ::= "srcport" "=" number . +type ::= "type" "=" ipftype . +ipv4 ::= number "." number "." number "." number . + +every-options ::= "second" | number "seconds" | "packet" | number "packets" . +result-option ::= "pass" | "block" | "short" | "nomatch" | "log" . +ipftype ::= "ipf" | "nat" | "state" . + +.fi +.PP +In addition, lines that start with a # are considered to be comments. +.SH OVERVIEW +.PP +The ipmon configuration file is used for defining rules to be executed when +logging records are read from +.B /dev/ipl. +.PP +At present, only IPv4 matching is available for source/destination address +matching. +.SH MATCHING +.PP +Each rule for ipmon consists of two primary segments: the first describes how +the log record is to be matched, the second defines what action to take if +there is a positive match. All entries of the rules present in the file are +compared for matches - there is no first or last rule match. +.SH FILES +/dev/ipl +.br +/dev/ipf +.br +/dev/ipnat +.br +/dev/ipstate +.br +/etc/ipmon.conf +.SH SEE ALSO +\fBipmon\fR(1M), \fBipfilter\fR(5) |