pads.conf - Man Page
pads configuration file
Description
This man page describes the format of the pads(8) configuration file.
Empty lines and lines beginning with '#' are ignored.
Parameters
- daemon [0/1]
his parameter determines whether the application will go into the background. 0 = Disable, 1 = Enable
- pid_file <file>
Filename of the pads PID file. This value should be set if you are planning on using daemon mode.
- sig_file <file>
Alternate location for the pads-signature-list file.
- mac_file <file>
Alternate location for the pads-ether-codes file.
- user <username>
This is the name of the user pads will run as when started as root.
- group <groupname>
This is the name of the group pads will run as when started as root.
- interface <interface>
This contains the name of the interface PADS will listen to.
- filter <filter>
This value contains a libpcap filter to be applied to the PADS session. For example, to filter only SSH traffice, specify "filter 'port 22'".
- network <network>
This string contains a comma seperated list of networks to be monitored. Only assets found in these networks will be recorded. For example, "network 192.168.0.0/24,192.168.1.0/24,10.10.10.0/24".
- output screen
This output plugin displays PADS data to the screen. When using the configuration file, it defaults to off.
- output csv: <filename> [readonly]
This output plugin writes PADS data to a CSV file. Optionally, a CSV filename can be specified as an argument. If you want the file used only to populate the internal known assets list but never be updated, then use the readonly option. This would be handy when you have a baseline and want to use it for intrusion detection.
- output fifo: <filename>
This output plugin writes PADS data to a FIFO file. Optionally, a FIFO filename can be specified as an argument.
- output prelude: <profilename>
This output plugin writes PADS data as IDMEF alerts via prelude. Optionally you can add a profile name if you want something different than the default of pads.
See Also
Copyright
Copyright (C) 2005 Matt Shelton <matt@mattshelton.com>
Bugs
Please send bug reports to the author.
Authors
Matt Shelton <matt@mattshelton.com>