# config file for land monitor
# mudge@l0pht.com
#

enabled=true
gui=histogram

# how many axes to this histogram?

num_columns=4

# for each column, you must designate a primary type for queries.

column_1_type=p_src_ethermac
column_2_type=p_src_ip
column_3_type=p_dst_ethermac
column_4_type=p_dst_ip

# for each column, how should the column be labeled.  Meaningful names go here.

column_1_label=Ethernet Source
column_2_label=IP Address
column_3_label=Ethernet Dest
column_4_label=IP Dest

# what label to use for the count column of the histogram.

count_label=Packets

#
# what time increment to take histograms in
# take arbitrarily long histograms since we don't really care about
# the individual histograms.
#
rollover=300

# how often to write the histograms to disk.  We want something reasonably
# short so we can see them in queries

sync_time=60

modified=true

origin=mudge@l0pht.com

title=Land style DoS packets

doalerts=true
alert_text=New LAND attack: $(1)

new_cell_alerts=true

data_label=

cfversion=3
rollover_size=YES
rollover_size_val=1024000

rollover_time=YES
rollover_time_val=300000

archive_path=data/%p/%b/%y/%m%d/