xref: /titanic_50/usr/src/man/man4/ipmon.4 (revision 9f9b7953c22ba8b0f8372bd791fc6ecc63c69409)
te
To view license terms, attribution, and copyright for IP Filter, the
default path is /usr/lib/ipf/IPFILTER.LICENCE. If the Illumos operating
environment has been installed anywhere other than the default, modify the
given path to access the file at the installed location.
Portions Copyright (c) 2015, Joyent, Inc.
IPMON 4 "Mar 18, 2015"
NAME
ipmon, ipmon.conf - ipmon configuration file format
DESCRIPTION
The format for files accepted by ipmon is described by the following grammar:

"match" "{" matchlist "}" "do" "{" doing "}" ";"

matchlist ::= matching [ "," matching ] .
matching ::= direction | dstip | dstport | every | group | interface |
 logtag | nattag | protocol | result | rule | srcip | srcport .

dolist ::= doing [ "," doing ] .
doing ::= execute | save | syslog .

direction ::= "in" | "out" .
dstip ::= "dstip" "=" ipv4 "/" number .
dstport ::= "dstport" "=" number .
every ::= "every" every-options .
execute ::= "execute" "=" string .
group ::= "group" "=" string | "group" "=" number .
interface ::= "interface" "=" string .
logtag ::= "logtag" "=" string | "logtag" "=" number .
nattag ::= "nattag" "=" string .
protocol ::= "protocol" "=" string | "protocol" "=" number .
result ::= "result" "=" result-option .
rule ::= "rule" "=" number .
srcip ::= "srcip" "=" ipv4 "/" number .
srcport ::= "srcport" "=" number .
type ::= "type" "=" ipftype .
ipv4 ::= number "." number "." number "." number .

every-options ::= "second" | number "seconds" | "packet" | number "packets" .
result-option ::= "pass" | "block" | "short" | "nomatch" | "log" .
ipftype ::= "ipf" | "nat" | "state" .

In addition, lines that start with a # are considered to be comments.

OVERVIEW

The ipmon configuration file is used for defining rules to be executed when logging records are read from /dev/ipl.

At present, only IPv4 matching is available for source/destination address matching.

MATCHING

Each rule for ipmon consists of two primary segments: the first describes how the log record is to be matched, the second defines what action to take if there is a positive match. All entries of the rules present in the file are compared for matches - there is no first or last rule match.

FILES
/dev/ipl

/dev/ipf

/dev/ipnat

/dev/ipstate

/etc/ipmon.conf

SEE ALSO
ipmon(1M), ipfilter(5)