#
#Back Orifice Detector
#	-sili@l0pht.com
#



enabled=true
gui=histogram

#
# how many axes to this histogram?
num_columns=4

#
# for each column, you must designate a primary type for queries.
column_1_type=p_src_ip
column_2_type=p_src_port
column_3_type=p_dst_ip
column_4_type=p_dst_port
#
# for each column, how should the column be labeled.  Meaningful names go here.
column_1_label=Src IP
column_2_label=Src Port
column_3_label=Dest IP
column_4_label=Dest Port (BO port?)

#
# what label to use for the count column of the histogram.
count_label=New Connections

#
# where to put/look-for the data files.
fileprefix=data/test/bo/

#
# what time increment to take histograms in
rollover=300

#
# do not keep the all-time histogram for this one
suppress_all_time=true

#
# how often to write the histograms to disk.  note that nfrd must be
# sending time stamp records at least this often for this to work
# reliably.
sync_time=10

#
# use debug to turn on debugging and select an output file name
# debug=11,filename


modified=true
origin=sili@l0pht.com
title=Back Orifice module
doalerts=false
alert_text=


new_cell_alerts=false


data_label=

cfversion=1
rollover_size=YES
rollover_size_val=1024000

rollover_time=YES
rollover_time_val=300000

archive_path=data/%p/%b/%y/%m%d/