# configuration file to watch for x-mas tree packets
# mudge@l0pht.com
#

enabled=true
gui=histogram

# how many axes to this histogram?

num_columns=4

# for each column, you must designate a primary type for queries.

column_1_type=p_src_ip
column_2_type=p_src_port
column_3_type=p_dst_ip
column_4_type=p_dst_port

# for each column, how should the column be labeled.  Meaningful names go here.

column_1_label=Source IP
column_2_label=Source Port
column_3_label=Dest IP
column_4_label=Dest Port

# what label to use for the count column of the histogram.

count_label=Packets

#
# what time increment to take histograms in
# take arbitrarily long histograms since we don't really care about
# the individual histograms.
#
rollover=300

# how often to write the histograms to disk.  We want something reasonably
# short so we can see them in queries

sync_time=10

modified=true

origin=mudge@l0pht.com

title=Watch for X-Mas tree packets

doalerts=false
alert_text=X-Mas tree packet : $(1)

new_cell_alerts=false

data_label=

cfversion=3
rollover_size=YES
rollover_size_val=1024000

rollover_time=YES
rollover_time_val=300000

archive_path=data/%p/%b/%y/%m%d/