xref: /dports/net-mgmt/netmagis-detecteq/netmagis-2.3.4/common/netmagis.conf.sample

#
# Standard netmagis.conf file
#

##############################################################################
# Common modules
##############################################################################

dnsdbhost	db.example.com
dnsdbport	5432
dnsdbname	netmagis
dnsdbuser	nm
dnsdbpassword	password-of-dnsdbuser

# Mac database. If it is shared with the main netmagis database, use
# *exactly* the same values as for dnsdb* parameters
macdbhost	db.example.com
macdbport	5432
macdbname	mac
macdbuser	nm
macdbpassword	password-of-macdbuser

# URL of Wireshark "manuf" file
ouiurl		https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=manuf

pkgtcl		%NMLIBDIR%/pkgtcl

msgsdir		%NMLIBDIR%/msgs

# just display my login name
whoami		"id -u -n"

debug		no

# List of Netmagis users who can bypass the nologin test, separated by a space.
# They are created when the database is created with netmagis-dbcreate
rootusers	"pda jean"

# Root certificate authorities (used only when authenticating against a CAS
# server)
cafile		%CAFILE%

##############################################################################
# Database maintenance
##############################################################################

dumpdir		%NMVARDIR%/dbdump
dbcopy		netmagis-sandbox

##############################################################################
# Server scripts (BIND, ISC-DHCPD, Sendmail/Postfix)
##############################################################################

# diff command for verbose output
diff		"diff --unified=0 %s -"

########################################
# mkzone
########################################

# where BIND daemon expects to find zone files
zonedir		/etc/namedb/master

# tell BIND to reload files
zonecmd		"/usr/sbin/rndc reload"

########################################
# mkmroute
########################################

#
# Sendmail
#

# where sendmail expects to find mail route file
mroutefile	/etc/mail/mailertable

# static prologue for the mail routing file
mrouteprologue	/etc/mail/mailertable.prologue

# format of lines in mail route file, adapted to sendmail
#   %1$s: mail domain
#   %2$s: mail host
# If you use the Kit Jussieu to configure sendmail
#mroutefmt	"%1$-40s smtp.[%2$s]"
# If you use the m4 system to configure sendmail
mroutefmt	"%1$-40s smtp:%2$s"

# shell command to post-process file if a modification is done
# You can include a command to propagate generated file to other
# mail routers if you have more than one
mroutecmd	"cd /etc/mail ; /usr/sbin/makemap -N hash mailertable < mailertable"

#
# Postfix
#

#mroutefile	/usr/local/etc/postfix/transport
#mrouteprologue	/usr/local/etc/postfix/transport.prologue
#mroutefmt	"%1$-40s smtp:[%2$s]"
#mroutecmd	"/usr/local/sbin/postmap /usr/local/etc/postfix/transport"

########################################
# mkdhcp
########################################

# where dhcpd expects to find generated config file (pointed to by dhcpd.conf)
dhcpfile	/etc/dhcp-gen.conf

# dhcp failover text to add to generated pools. Keep empty if you don't
# have any DHCP failover configuration.
#dhcpfailover	"failover peer "dhcp"; load balance max seconds 3;"
dhcpfailover	""

# command to test dhcpd configuration file
dhcptest	"/usr/local/sbin/dhcpd -t -cf /etc/dhcpd.conf"

# command to restart dhcpd
dhcpcmd		"sh /usr/local/etc/rc.d/isc-dhcpd.sh restart"

########################################
# mksmtpf
########################################

# where filter expects to find generated file
pffile		/etc/smtpf.pf

# format of lines in filter file. Adapt to your packet filter
pffmt		"%s"

# static prologue for the filter file
pfprologue	/etc/smtpf-prol.pf

# command to test filter file
pftest		"pfctl -q -n -t smtpf -T replace -f /etc/smtpf.pf"

# command to reload filter
pfcmd		"pfctl -q -t smtpf -T replace -f /etc/smtpf.pf"

##############################################################################
# Web module
##############################################################################

templatedir	%NMLIBDIR%/tmpl

nologinfile	%ETCDIR%/netmagis.nologin

# empty string (internal auth) or external URL to change password
#passwdurl	https://www.example.com/chpasswd?uid=%s
passwdurl	""			# internal

pdflatex	/usr/local/bin/pdflatex
dot		/usr/local/bin/dot	# part of graphviz
ps2pdf		%NMLIBDIR%/ps2pdf
hostcmd		/usr/bin/host

# if internal authentication
pwgen		/usr/local/bin/pwgen --num-passwords=1 --numerals 12

# non-blocking pseudo-random number generator
random		/dev/urandom

# check also topobindir and topograph below

# host holding metrology graphs
metrohost	metro.example.com

##############################################################################
# Topo module (on topohost machine)
##############################################################################

rancidcmd	/usr/local/bin/rancid-run
ranciddir	/var/rancid/mygroup	# group base directory

# how to send commands on equipments
# -u user on equipment (modconf here)
# -p passwd on equipment
sendcisco	/usr/local/libexec/rancid/clogin -autoenable -u modconf -p password
sendhp		/usr/local/libexec/rancid/hlogin -autoenable -u modconf -p password
sendjuniper	/usr/local/libexec/rancid/jlogin -u modconf -p password

fpingcmd	/usr/local/sbin/fping %s

# takes a message on stdin and write it in the syslog
logger		/usr/bin/logger -i -p local0.err -t topod

eqvirtdir	%NMVARDIR%/eqvirt
eqgendir	%NMVARDIR%/eqgen

# check if router interfaces are declared in the DNS (yes/no)
checkrouterif	no		# future use
# apply local policy to get ssid sensors (yes/no)
ssidsensors	no		# future use

# topobindir and topograph keys are used by the web and the topo modules
topobindir	%NMLIBDIR%/topo
topograph	%NMVARDIR%/network.graph

# copy the graph to the www server
# string of the form: "user@host:remote-path" or empty string
# - empty string: don't copy (only if topo and www hosts are the same server)
# - remote-path should match "topograph" definition on the www server
#topocpgraph	www@netmagis.example.com:%NMVARDIR%/network.graph
topocpgraph	""

##############################################################################
# Metro module
##############################################################################

# default domain name
defaultdomain   u-strasbg.fr

metrodatadir	%NMVARDIR%/metro

rrdtool        	/usr/bin/rrdtool
rrddb		%NMVARDIR%/metro/db
# rrdtool database : time of retention of the data (years)
# rrddbretention	10

# time of sensor activity in days after disappearance in topo database
sensorsurvival 	30

# Configuration of polling processes
#
## create groups and associate to them type of sensors.
### list of groups
pollergroups	default,plugins
#
### by default all type of probes are associated to the group default
### except the type "plugin"
gpopt_default   !plugin
### the probe type "plugin" is associated to the group plugins
gpopt_plugins	plugin
#
## Set here the number of processes poller launched for each group
gpnbproc_default	3
gpnbproc_plugins	1

## Here is a more specific group configuration example :
## 3 groups are created.
## - The default group executes all type of probes except "plugin","ipmac",
## "portmac.cisco","portmac.hp",portmac.juniper".
## - The ipmacport group executes only the type of probes "ipmac","portmac.cisco",
## "portmac.hp",portmac.juniper".
## - The plugin group executes only the type of probes "plugin".
# pollergroups	default,ipmacport,plugins
# gpopt_default   !plugin,!ipmac,!portmac.cisco,!portmac.hp,!portmac.juniper
# gpopt_ipmacport ipmac,portmac.cisco,portmac.hp,portmac.juniper
# gpopt_plugins	plugin
# gpnbproc_default	3
# gpnbproc_ipmacport  	1
# gpnbproc_plugins	1

# set SNMP timeout
snmptimeout	4

# optional : set the interfaces speed (Mbps)
# syntax : ifspeed_<interface_prefix>
ifspeed_Dot11Radio      300
ifspeed_FastEthernet	100

# log configuration
pollerlogfacility 	local0  # log for polling
majdblogfacility	local1  # log for probes creation
pollerlogpt		info 	# default log level