1# 2# Standard netmagis.conf file 3# 4 5############################################################################## 6# Common modules 7############################################################################## 8 9dnsdbhost db.example.com 10dnsdbport 5432 11dnsdbname netmagis 12dnsdbuser nm 13dnsdbpassword password-of-dnsdbuser 14 15# Mac database. If it is shared with the main netmagis database, use 16# *exactly* the same values as for dnsdb* parameters 17macdbhost db.example.com 18macdbport 5432 19macdbname mac 20macdbuser nm 21macdbpassword password-of-macdbuser 22 23# URL of Wireshark "manuf" file 24ouiurl https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=manuf 25 26pkgtcl %NMLIBDIR%/pkgtcl 27 28msgsdir %NMLIBDIR%/msgs 29 30# just display my login name 31whoami "id -u -n" 32 33debug no 34 35# List of Netmagis users who can bypass the nologin test, separated by a space. 36# They are created when the database is created with netmagis-dbcreate 37rootusers "pda jean" 38 39# Root certificate authorities (used only when authenticating against a CAS 40# server) 41cafile %CAFILE% 42 43############################################################################## 44# Database maintenance 45############################################################################## 46 47dumpdir %NMVARDIR%/dbdump 48dbcopy netmagis-sandbox 49 50############################################################################## 51# Server scripts (BIND, ISC-DHCPD, Sendmail/Postfix) 52############################################################################## 53 54# diff command for verbose output 55diff "diff --unified=0 %s -" 56 57######################################## 58# mkzone 59######################################## 60 61# where BIND daemon expects to find zone files 62zonedir /etc/namedb/master 63 64# tell BIND to reload files 65zonecmd "/usr/sbin/rndc reload" 66 67######################################## 68# mkmroute 69######################################## 70 71# 72# Sendmail 73# 74 75# where sendmail expects to find mail route file 76mroutefile /etc/mail/mailertable 77 78# static prologue for the mail routing file 79mrouteprologue /etc/mail/mailertable.prologue 80 81# format of lines in mail route file, adapted to sendmail 82# %1$s: mail domain 83# %2$s: mail host 84# If you use the Kit Jussieu to configure sendmail 85#mroutefmt "%1$-40s smtp.[%2$s]" 86# If you use the m4 system to configure sendmail 87mroutefmt "%1$-40s smtp:%2$s" 88 89# shell command to post-process file if a modification is done 90# You can include a command to propagate generated file to other 91# mail routers if you have more than one 92mroutecmd "cd /etc/mail ; /usr/sbin/makemap -N hash mailertable < mailertable" 93 94# 95# Postfix 96# 97 98#mroutefile /usr/local/etc/postfix/transport 99#mrouteprologue /usr/local/etc/postfix/transport.prologue 100#mroutefmt "%1$-40s smtp:[%2$s]" 101#mroutecmd "/usr/local/sbin/postmap /usr/local/etc/postfix/transport" 102 103######################################## 104# mkdhcp 105######################################## 106 107# where dhcpd expects to find generated config file (pointed to by dhcpd.conf) 108dhcpfile /etc/dhcp-gen.conf 109 110# dhcp failover text to add to generated pools. Keep empty if you don't 111# have any DHCP failover configuration. 112#dhcpfailover "failover peer "dhcp"; load balance max seconds 3;" 113dhcpfailover "" 114 115# command to test dhcpd configuration file 116dhcptest "/usr/local/sbin/dhcpd -t -cf /etc/dhcpd.conf" 117 118# command to restart dhcpd 119dhcpcmd "sh /usr/local/etc/rc.d/isc-dhcpd.sh restart" 120 121######################################## 122# mksmtpf 123######################################## 124 125# where filter expects to find generated file 126pffile /etc/smtpf.pf 127 128# format of lines in filter file. Adapt to your packet filter 129pffmt "%s" 130 131# static prologue for the filter file 132pfprologue /etc/smtpf-prol.pf 133 134# command to test filter file 135pftest "pfctl -q -n -t smtpf -T replace -f /etc/smtpf.pf" 136 137# command to reload filter 138pfcmd "pfctl -q -t smtpf -T replace -f /etc/smtpf.pf" 139 140############################################################################## 141# Web module 142############################################################################## 143 144templatedir %NMLIBDIR%/tmpl 145 146nologinfile %ETCDIR%/netmagis.nologin 147 148# empty string (internal auth) or external URL to change password 149#passwdurl https://www.example.com/chpasswd?uid=%s 150passwdurl "" # internal 151 152pdflatex /usr/local/bin/pdflatex 153dot /usr/local/bin/dot # part of graphviz 154ps2pdf %NMLIBDIR%/ps2pdf 155hostcmd /usr/bin/host 156 157# if internal authentication 158pwgen /usr/local/bin/pwgen --num-passwords=1 --numerals 12 159 160# non-blocking pseudo-random number generator 161random /dev/urandom 162 163# check also topobindir and topograph below 164 165# host holding metrology graphs 166metrohost metro.example.com 167 168############################################################################## 169# Topo module (on topohost machine) 170############################################################################## 171 172rancidcmd /usr/local/bin/rancid-run 173ranciddir /var/rancid/mygroup # group base directory 174 175# how to send commands on equipments 176# -u user on equipment (modconf here) 177# -p passwd on equipment 178sendcisco /usr/local/libexec/rancid/clogin -autoenable -u modconf -p password 179sendhp /usr/local/libexec/rancid/hlogin -autoenable -u modconf -p password 180sendjuniper /usr/local/libexec/rancid/jlogin -u modconf -p password 181 182fpingcmd /usr/local/sbin/fping %s 183 184# takes a message on stdin and write it in the syslog 185logger /usr/bin/logger -i -p local0.err -t topod 186 187eqvirtdir %NMVARDIR%/eqvirt 188eqgendir %NMVARDIR%/eqgen 189 190# check if router interfaces are declared in the DNS (yes/no) 191checkrouterif no # future use 192# apply local policy to get ssid sensors (yes/no) 193ssidsensors no # future use 194 195# topobindir and topograph keys are used by the web and the topo modules 196topobindir %NMLIBDIR%/topo 197topograph %NMVARDIR%/network.graph 198 199# copy the graph to the www server 200# string of the form: "user@host:remote-path" or empty string 201# - empty string: don't copy (only if topo and www hosts are the same server) 202# - remote-path should match "topograph" definition on the www server 203#topocpgraph www@netmagis.example.com:%NMVARDIR%/network.graph 204topocpgraph "" 205 206############################################################################## 207# Metro module 208############################################################################## 209 210# default domain name 211defaultdomain u-strasbg.fr 212 213metrodatadir %NMVARDIR%/metro 214 215rrdtool /usr/bin/rrdtool 216rrddb %NMVARDIR%/metro/db 217# rrdtool database : time of retention of the data (years) 218# rrddbretention 10 219 220# time of sensor activity in days after disappearance in topo database 221sensorsurvival 30 222 223# Configuration of polling processes 224# 225## create groups and associate to them type of sensors. 226### list of groups 227pollergroups default,plugins 228# 229### by default all type of probes are associated to the group default 230### except the type "plugin" 231gpopt_default !plugin 232### the probe type "plugin" is associated to the group plugins 233gpopt_plugins plugin 234# 235## Set here the number of processes poller launched for each group 236gpnbproc_default 3 237gpnbproc_plugins 1 238 239## Here is a more specific group configuration example : 240## 3 groups are created. 241## - The default group executes all type of probes except "plugin","ipmac", 242## "portmac.cisco","portmac.hp",portmac.juniper". 243## - The ipmacport group executes only the type of probes "ipmac","portmac.cisco", 244## "portmac.hp",portmac.juniper". 245## - The plugin group executes only the type of probes "plugin". 246# pollergroups default,ipmacport,plugins 247# gpopt_default !plugin,!ipmac,!portmac.cisco,!portmac.hp,!portmac.juniper 248# gpopt_ipmacport ipmac,portmac.cisco,portmac.hp,portmac.juniper 249# gpopt_plugins plugin 250# gpnbproc_default 3 251# gpnbproc_ipmacport 1 252# gpnbproc_plugins 1 253 254# set SNMP timeout 255snmptimeout 4 256 257# optional : set the interfaces speed (Mbps) 258# syntax : ifspeed_<interface_prefix> 259ifspeed_Dot11Radio 300 260ifspeed_FastEthernet 100 261 262# log configuration 263pollerlogfacility local0 # log for polling 264majdblogfacility local1 # log for probes creation 265pollerlogpt info # default log level 266