#  Config file for Ratrap snort logger.

Gateway		84.92.197.54		# gateway address.

SyslogHost	192.168.0.1			# machine to report to via syslog.

IPtables	/usr/sbin/iptables	# firewall manipulation program.

IFconfig	/sbin/ifconfig

IProute		/sbin/route

PublicInterface	eth1			# public network interface.

IptableChains	INPUT			# iptables chains as defined by firewall script. "iptables -L -n" to view chains.
					# these chains will have the blocking rules added to them. comma separated.

LogFile		/var/log/ratrap.log	# our log file.

Blacklist	/var/log/blacklist	# our blacklist file used to preserve state over reboots/reloads.

Whitelist	/etc/sysconfig/whitelist	# our whitelist file of friendly IPs that snort keeps reporting.

SnortFIFO	/var/log/snort.fifo	# Snort writes to this FIFO via syslog. 

Timeout		86400			# seconds that addresses are blocked for.

AlarmPeriod	60			# seconds between checking for timed-out blocked addresses.

TriggerLevel	2			# attack priority as reported by Snort. >2 is not critical.

SyslogLevel	local4.notice		# syslog facility and level.