#
# ext-arp-inside.cfg mudge@l0pht.com
#

enabled=true
gui=histogram

# how many axes to this histogram?

num_columns=4

# for each column, you must designate a primary type for queries.

column_1_type=p_src_ethermac
column_2_type=p_src_ip
column_3_type=p_dst_ethermac
column_4_type=p_int

# for each column, how should the column be labeled.  Meaningful names go here.

column_1_label=Source Ether
column_2_label=Sender IP
column_3_label=Dest Ether
column_4_label=Packet Size

# what label to use for the count column of the histogram.

count_label=Packets

#
# what time increment to take histograms in
# take arbitrarily long histograms since we don't really care about
# the individual histograms.
#
rollover=300

# how often to write the histograms to disk.  We want something reasonably
# short so we can see them in queries

sync_time=10

modified=true

origin=mudge@l0pht.com

title=Arp packets with extnet sender IP addresses inside them

doalerts=false
alert_text=Ext-arp inside : $(1)

new_cell_alerts=false

data_label=

cfversion=3
rollover_size=YES
rollover_size_val=1024000

rollover_time=YES
rollover_time_val=300000

archive_path=data/%p/%b/%y/%m%d/