Ubuntu Feisty 7.04 manual page repository

Ubuntu is a free computer operating system based on the Linux kernel. Many IT companies, like DeployIS is using it to provide an up-to-date, stable operating system.

Provided by: ippl_1.4.14-8_i386

 

NAME

        ippl.conf - IP Protocols Logger configuration file
 

DESCRIPTION

        The  ippl.conf file is the only configuration file for the ippl logger.
        It defines what protocols to log, and the kind of packets to log.
 
        A hash mark (‘‘#’’) indicates that the end of the line is a comment and
        it will therefore not be read.
        ippl  does  not  run (unless specified) the protocol logging threads as
        root for security reasons. You can specify which  user  should  be  use
        with the runas keyword.
 
        Syntax: runas [user]
 
        user is a user defined in /etc/passwd. By default, the Debian-ippl user
        is used.
 

PROTOCOLS

        Each protocol is run by an different thread. To run a thread, use the:
 
        Syntax: run [protocol] [protocol] ...
 
        protocol can be:
 
        icmp to specify that the thread logging ICMP messages should be run.
 
        tcp to specify that the thread logging TCP connections should be run.
 
        udp to specify that the thread logging UDP datagrams should be run.
 
        all to log all the protocols.
        You can enable or disable IP address resolution on  a  protocol  basis.
        To enable address resolution, use:
 
        Syntax: resolve [protocol] [protocol] ...
 
        protocol is the same as in the protocols section.
 
        To disable address resolution, use:
 
        Syntax: noresolve [protocol] [protocol] ...
 
        protocol is the same as before.
 
        By default, IP address resolution is disabled for all the protocols.
 
        Ippl  by default resolves tcp/udp port numbers to their respective ser‐
        vice names. If you pass a protocol to the  noportresolve  option,  ippl
        logs the port number instead. This is a Debian specific extension.
 
        By default service resolving is enabled, since this is the behaviour of
        the upstream program.
        ippl can log IP protocols  in  a  more  or  less  detailed  format.  By
        default,  it only shows the source address and the type or the destina‐
        tion port. A more detailed version can be used. There is also a  short‐
        est version.
 
        Syntax: logformat [format] [protocol] [protocol] ...
 
        format can be:
 
        short to use a short format for logging.
 
        normal to use the normal format. This is the default.
 
        detailed  to  log more information. This option displays the source and
        destination ports and addresses.
 
        protocol is the same as in the protocols section.
        To enable the IDENT remote username resolution, use the ident  keyword.
        To  disable  it,  use  the  noident keyword.  Note that the information
        returned is *NOT* reliable in general  since  it  is  returned  by  the
        remote host. By default, the ident resolution is off.
        ippl  can  detect  when a TCP connection is closed. To enable this fea‐
        ture, use the logclosing keyword.  To disable it, use the  nologclosing
        keyword.  By default, TCP connection terminations are ignored.
        ippl  can  log messages using syslog (using the LOG_DAEMON facility) or
        it can write directly into a file. This is specified using log-in  key‐
        word.
 
        Syntax: log-in [protocol] [filename]
 
        protocol is the same as in the protocols section.  filename is an abso‐
        lute path to a file. Note that the file cannot be in  the  root  direc‐
        tory; it has to be in a directory.
 
        NOTE:  when  the logs are rotated, ippl opens new files when it is sent
        the SIGHUP signal.
 

RULES

        When a thread is run, it will catch all the packets using the  protocol
        logged.  The user may want to ignore certain packets. This is done with
        Apache-like rules.
 
        There are two different types of rules. The first  one  describes  what
        packets to log, and the second one describes the packets that should be
        ignored. The syntax of a rule is as follows:
 
        Syntax:   [log|ignore]   {option   [option],[option],...}    [protocol]
        [description]
 
        log  means  that  the  packets described should be logged and ignore is
        used if the user does not want to log a certain type of packets.
 
    Option
        The option keyword will permit to override the default values for  this
        rule only.  options is also recognized.
 
        Valid options are:
 
        resolve enable IP address resolution.
 
        noresolve disable IP address resolution.
 
        portresolve enable IP service resolution.
 
        noportresolve disable IP service resolution.
 
        ident use ident logging (only for TCP).
 
        noident disable ident logging (only for TCP).
 
        logclosing log connection termination (only for TCP).
 
        nologclosing do not log connection termination (only for TCP).
 
        short use the short logging format.
 
        normal use the normal logging format.
 
        detailed use the detailed logging format.
 
    Protocol
        protocol is one of the supported protocols (see the protocols section).
 
    Description
        description holds the type of packet and the hosts to  which  the  rule
        applies.
 
        Type of packet:
 
           type <number>    Specify an ICMP message type.
           port <number>    Specify a destination TCP or UDP port number.
           port <name>      Specify a destination TCP or UDP port name.
           srcport <number> Specify a source TCP or UDP port number.
           srcport <name>   Specify a source TCP or UDP port name.
 
        number is specified like this:
           n               Number n.
           n--             Every number m >= n.
           --n             Every number m <= n.
           l--k            Every number m, with l <= m <= k.
           string          If a string is specified, it is
                             either the name of a service
                             (see /etc/services) or an
                             ICMP message.
                           Keywords for ICMP messages are:
                             echo_reply      0
                             dest_unreach    3
                             src_quench      4
                             redirect        5
                             echo_req        8
                             router_advert   9
                             router_solicit  10
                             time_exceeded   11
                             param_problem   12
                             ts_req          13
                             ts_reply        14
                             info_req        15
                             info_reply      16
                             addr_mask_req   17
                             addr_mask_reply 18
 
        Source of the packets:
 
           from <host>
 
        where host is specifed as follows:
           x.x.x.x         IP address of a host
           x.x.x.x/x.x.x.x  IP address, followed by a network mask to specify a
        subnet
           x.x.x.x/n       IP address, followed by the number  of  1’s  at  the
        left side of the network mask
           host.net.domain host name (wildcards accepted)
 
        Destination of the packets:
 
           to <host>
 
        where host is specified as follows:
           x.x.x.x          IP address of the local interface
           host.net.domain   host  name  of the local interface (*no* wildcards
        accepted)
 
        This rule is useful only if you have multiple interfaces  connected  to
        your  box,  or  if  you use IP aliasing. This can also be useful if you
        want to log or ignore broadcasts. To do so,  just  use  your  broadcast
        address as destination IP address.
 
        Please  note  that  rules  using  IP addresses are faster to check than
        rules using host names.
 
        If you log UDP, it is *strongly* recommended to ignore the  broadcasts!
        (until we implement an option for that).
        The  time  for  which ippl holds cached DNS data without performing any
        queries can be changed.
 
        Syntax: expire <time>
 
        defines how often the DNS data expires.  time is specified  in  seconds
        (default is 3600).
 

FILES

         /etc/ippl.conf - configuration file
         /usr/share/doc/ippl/*  - files worth reading if you still have a ques‐
        tion
ippl(8)
 

AUTHORS

        Hugo Haas (hugo@larve.net) Etienne Bernard (eb@via.ecp.fr)
 
IPPL.CONF(5)
 

Sections

What does Ubuntu mean?
Ubuntu is an African word meaning 'Humanity to others', or 'I am what I am because of who we all are'. The Ubuntu distribution brings the spirit of Ubuntu to the software world.