Helpful Hints

The word search feature does not scan the content of connections. It merely scans the URL of the connection and/or the names of the hosts involved. If you want to scan for the word "plumage", Reptor will generate an alert for any type of connection to a site called www.plumage.com (as long as you have DNS resolution enabled at the firewall or dns all specified in the configuration file), an FTP download of a file named plumage.txt, or a browse of a web page that contains an image called plumage.jpg. Reptor will not generate an alert for a browse of a web page that contains the phrase "lovely plumage on the Norwegian Blue" in the text of the page.

Investigating a questionable URL by clicking on its link in the alert section will cause another alert to occur in tomorrow's report.

If you want to post the Reptor output to an FTP server, allow Reptor to assign the filename. Do this by only specifying the directory name in the output option in the configuration file. Make sure the directory name ends with a slash so that Reptor knows it is not a filename. Then, edit your web server configuration to allow directory browsing on that directory, and you'll have a self-indexing start page. With Apache, the directory can be sorted by filename. Try using a URL like http://www.webserver.com/reptor/?N=D to sort the directory by name descending. This will give you the most recent report first. If you want to get real fancy, you can add an indexignore option to the web server configuration file, in the section for the Reptor directory. With this, you can instruct the web server to not include the pixel.gif file in the file listing.

The User field in the alert section (included by specifying the show_user option in the configuration file) will usually be blank. Two known exceptions are SMTP connections and connections that are authenticated by the firewall.

Including the Arg field in the alert section (by specifying the show_arg option in the configuration file) makes for really wide tables.

If you've specified the interface_summary option in the configuration file, the total amount of traffic will add up to 200%. This is because each connection utilizes two interfaces.

If you've specified either dns print or dns all in the configuration file, and name resolution fails to obtain a name for an IP address, Reptor will display the IP address in square brackets.

Fiddle with the setting of the graphs option to make the graphs fit just right in your browser window.

To read a logfile from STDIN, use the command line argument --log -.

Reptor will embed the reptor.css default style sheet directly into the report at the time it is generated. This has two noteworthy side effects. Primarily, it is not necessary to have a copy of reptor.css in the same directory that the report files reside in. Also, changes to reptor.css will only affect reports generated in the future.