86 lines
3.2 KiB
INI
86 lines
3.2 KiB
INI
## Global ZeekControl configuration file.
|
|
|
|
###############################################
|
|
# Mail Options
|
|
|
|
# Recipient address for all emails sent out by Zeek and ZeekControl.
|
|
MailTo = root@localhost
|
|
|
|
# Mail connection summary reports each log rotation interval. A value of 1
|
|
# means mail connection summaries, and a value of 0 means do not mail
|
|
# connection summaries. This option has no effect if the trace-summary
|
|
# script is not available.
|
|
MailConnectionSummary = 1
|
|
|
|
# Lower threshold (in percentage of disk space) for space available on the
|
|
# disk that holds SpoolDir. If less space is available, "zeekctl cron" starts
|
|
# sending out warning emails. A value of 0 disables this feature.
|
|
MinDiskSpace = 5
|
|
|
|
# Send mail when "zeekctl cron" notices the availability of a host in the
|
|
# cluster to have changed. A value of 1 means send mail when a host status
|
|
# changes, and a value of 0 means do not send mail.
|
|
MailHostUpDown = 1
|
|
|
|
###############################################
|
|
# Logging Options
|
|
|
|
# Rotation interval in seconds for log files on manager (or standalone) node.
|
|
# A value of 0 disables log rotation.
|
|
LogRotationInterval = 3600
|
|
|
|
# Expiration interval for archived log files in LogDir. Files older than this
|
|
# will be deleted by "zeekctl cron". The interval is an integer followed by
|
|
# one of these time units: day, hr, min. A value of 0 means that logs
|
|
# never expire.
|
|
LogExpireInterval = 0
|
|
|
|
# Enable ZeekControl to write statistics to the stats.log file. A value of 1
|
|
# means write to stats.log, and a value of 0 means do not write to stats.log.
|
|
StatsLogEnable = 1
|
|
|
|
# Number of days that entries in the stats.log file are kept. Entries older
|
|
# than this many days will be removed by "zeekctl cron". A value of 0 means
|
|
# that entries never expire.
|
|
StatsLogExpireInterval = 0
|
|
|
|
###############################################
|
|
# Other Options
|
|
|
|
# Show all output of the zeekctl status command. If set to 1, then all output
|
|
# is shown. If set to 0, then zeekctl status will not collect or show the peer
|
|
# information (and the command will run faster).
|
|
StatusCmdShowAll = 0
|
|
|
|
# Number of days that crash directories are kept. Crash directories older
|
|
# than this many days will be removed by "zeekctl cron". A value of 0 means
|
|
# that crash directories never expire.
|
|
CrashExpireInterval = 0
|
|
|
|
# Site-specific policy script to load. Zeek will look for this in
|
|
# $PREFIX/share/zeek/site. A default local.zeek comes preinstalled
|
|
# and can be customized as desired.
|
|
SitePolicyScripts = local.zeek
|
|
|
|
# Location of the log directory where log files will be archived each rotation
|
|
# interval.
|
|
LogDir = ${LOGS}
|
|
|
|
# Location of the spool directory where files and data that are currently being
|
|
# written are stored.
|
|
SpoolDir = ${SPOOL}
|
|
|
|
# Location of the directory in which the databases for Broker datastore backed
|
|
# Zeek tables are stored.
|
|
BrokerDBDir = ${SPOOL}/brokerstore
|
|
|
|
# Default base directory for file extraction.
|
|
#
|
|
# The FileExtract module's prefix option will default be set to this
|
|
# value with the Cluster::node value appended.
|
|
FileExtractDir = ${SPOOL}/extract_files
|
|
|
|
# Location of other configuration files that can be used to customize
|
|
# ZeekControl operation (e.g. local networks, nodes).
|
|
CfgDir = ${ETC}
|