# $Id: webfwlog.conf.in,v 1.11 2007/03/31 20:59:50 bhockney Exp $ # # Example Configuration file for webfwlog # # This file contains configuration options for webfwlog, which you should # review and adjust for your installation. All parameters are optional, and # defaults are indicated below. # Please note that the database login credentials used by webfwlog are stored # in this file and that it must be readable by PHP, which is probably running # as the same user as the web server. By default, this file is installed owned # by root and with permissions of 644, meaning it is readable by any user. In # many installations, the web server runs as a specific user or group, such as # apache or www. Accordingly, you may be able to secure this file by changing # its ownership and/or group id and changing its permissions to 640 or 600. # You are strongly urged to restrict the permissions of this file as allowed by # your installation. # # Database to use for the webfwlog tables, such as the report definitions # and hostname cache, as well as data logged by ULOG. # Set this to one of mysql | pgsql | none # # Default: the literal 'none' db=mysql # # MYSQL # # Defaults: none # # mysql server location and login credentials. mysql_server = 'localhost' mysql_user = webfwlog mysql_pass = "password" # name of the database containing your webfwlog tables. mysql_wfwl_db = "webfwlog" # name of the database and and default table containing your ulog data. mysql_ulog_db = "ulogd" mysql_ulog_table = "ulog" # # POSTGRESQL # # postgresql server location and login credentials. # # Postgresql uses unix domain sockets by default, and this will be used if # pgsql_server is not set. If your database server is on a different host # than the web server, you will need to uncomment the pgsql_server line # and provide the hostname or IP address of the host with the postgresql # server. You may also need to make changes to the postgresql server # configuration. See the README in the pgsql directory for details. # # Defaults: none #pgsql_server = 'localhost' pgsql_user = webfwlog pgsql_pass = "password" # name of the database containing your data. pgsql_db = "webfwlog" # name of the schema containing your webfwlog tables. # The public schema will be used if this is commented out. pgsql_wfwl_schema = "webfwlog" # name of the schema and default table containing your ulog data. # The public schema will be used if the schema line is commented out. pgsql_ulog_schema = "ulogd" pgsql_ulog_table = "ulog" # # SYSLOG # # Location of the wfwl_syslog program file. This must be executable by # the PHP process, which is probably running as the same user as the web # server, possibly apache or www. It is installed suid root. # # Default: /bin/wfwl_syslog wfwl_syslog=/bin/wfwl_syslog # Directory containing system log files. This can either be the location # of the actual files or a separate directory with symlinks to the real # files. # # Default: /var/log syslog_dir=/var/log # Default file spec for syslog files. This may be a single filename, but can # include patterns that will be expanded according to the syntax of the shell # under which the syslog parser is running. This can also be a space-separated # list of file specs. # # Default: messages syslog_filespec = messages # Log formats to be parsed. By default all parsers are tried on each line # until one succeeds, but you may improve performance by specifying only # those parsers you need. Each log format is represented by a single letter: # n = netfilter # i = ipchains # f = ipfilter # b = ipfw # w = Windows XP # # Default: none (all parsers are tried) #log_formats = nifbw # Vebosity level for syslog queries. This should be an integer from 1 to 5 # # Default: 2 verbosity_level = 2 # # REPORT OPTIONS # # Default data source. Set to one of syslog | ulogd. # # Default: ulogd default_data_source = syslog # title appears as the heading for all output # # Default: 'Firewall Log Report' title = 'Firewall Log Report' # Default refresh rate in seconds. Setting to zero disables. # # Default: 0 refresh = 300 # Dates are presented using this PHP format string. # See http://www.php.net/manual/en/function.date.php # # Default: "m/d/Y h:i:sA" dformat = "m/d/Y h:i:sA" # Set allow_raw_sql to any non-zero value to allow the user to add raw # raw SQL to the column definitions, and WHERE and HAVING clauses of SQL # queries of data logged in a database. If your data is logged in syslog files # these fields are ignored and have no effect. # # SECURITY NOTE # This is a powerful feature that allows certain complex queries that can be # made in no other way. However, embedded quoted strings cannot be escaped # so what is entered is appended to the SQL query as-is, making SQL injection # attacks trivial. Accordingly, you should only enable this if you really # need this feature and trust those using it. You should also read the # Database Security section of the README file. # # Note that all logged fields have their own selectors, and most fields allow # multiple values or regex to be entered, and therefore most queries can be made # without using this feature. # # If you are sure you need this and understand and accept the risks you can # enable this feature by setting allow_raw_sql to anything other than # zero. # # MOST USERS DO NOT NEED THIS AND SHOULD LEAVE IT DISABLED. # # If your data is logged in syslog files this parameter and the above # security note do not apply. # # This option was previously called allow_additional_where, which is deprecated. # # Default: 0 allow_raw_sql=0 # Uncomment this to allow an option to the user to see at the beginning of # the output the SQL query sent to the server or status information for syslog # queries. This is useful mostly in understanding why a report is not doing # what is expected. # # However, this also gives away a lot regarding the SQL queries sent to the # server, and provides information that potentially could be used to # compromise the server if the database user above has administrative # privileges, which it does not need. See the README file regarding # database security. # # Use this with great caution. # # This option was previously called allow_show_sql, which is deprecated. # Setting this to any value other than 0 enables; # # Default: 0 allow_be_verbose=0 # # MISCELLANEOUS OPTIONS # # Default sort order for report list on main page. # Should be one of last accessed | last saved | code | unsorted # # Default: last_accessed report_order="last accessed" # The selectors on the main page to override the data source of reports at # runtime can be hidden, with just a link to show them. Setting this to 0 # will hide the selectors by default; setting this to anything else will # show the selectors by default # # Default: 0 show_select_data_source=0 # # PHP TUNING OPTIONS # # This allows you to specify where PHP will save its session data. # You can set this if you want or need to change the PHP default for the # location where it saves session data. Most users do not need to change this. # # Default: Set by session.save_path parameter in php.ini # session_save_path = "/tmp" # This is the maximum amount of memory PHP will use. If you only get part # of a report output, try increasing this. # # Default: Set by memory_limit parameter in php.ini # php_max_memory = 8M # This is the php timeout in seconds for normal operations. This does not # include database query time. If you only get part of a report output, # try increasing this. # # Default: Set by max_execution_time parameter in php.ini php_timeout = 60 # This is the timeout in seconds for hostname and services cache updates. # # Default: Same as php_timeout, above php_update_timeout = 900 # # Debug # # This sets the debugging level and is really only useful for debugging # webfwlog. # # Default: 0 debug = 0