This is the sample reptor.cfg file as included in the
distribution.
#
# reptor.cfg
#
#
# This file contains site specific settings that will determine what logfile
# entries Reptor selects for reporting, what types of reports are generated,
# and how those reports are formatted. By creating multiple configuration
# files and using the --config command line option, different reporting
# scenarios may be created.
#
# For example, you may want to generate an alert report that is emailed to
# the firewall administrator, and a separate summary report that is posted
# to an intranet web server. Create one configuration file called alerts.cfg
# that generates alerts only and outputs to email, and create one
# configuration file called summary.cfg that generates summaries only and
# outputs to an ftp server. Then, run Reptor once with each configuration
# file:
#
# perl reptor.pl --config alerts.cfg
# perl reptor.pl --config summary.cfg
#
# Options in this file must be listed one per line. A line beginning with a
# pound sign indicates a comment. Keywords are not case sensitive, but just
# about everything else is.
#
# For example, these two lines are identical:
#
# directory /var/adm/sg/oldlogs
# DIRECTORY /var/adm/sg/oldlogs
#
# but these two lines are not:
#
# directory /var/adm/sg/oldlogs
# directory /VAR/ADM/SG/OLDLOGS
#
# If it's not obvious to you where it makes a difference, stick to lowercase.
#
# Text in <angle brackets> denotes a required field. Text in [square
# brackets] denotes an optional field. The pipe character | is used to denote
# the concept of "OR". For example, <one|two> indicates that either "one" or
# "two" is required.
#
# If you wish to specify a string that contains spaces, you must enclose it
# in double quotes. For example:
#
# alias http "Web Access"
#
# Unless otherwise stated, each option may only be specified once.
#
#
# remotelog <host> [path to remotelogfile executable]
#
# If specified, Reptor will use the remotelog utility provided with the
# firewall to obtain the logfile to process. The remotelog utilities are
# initiated from the client side, so no server side scripting is necessary
# to transfer logfiles. The data stream is also encrypted, so possible
# eavesdropping from packet sniffers is deterred. Use of this option
# requires previous setup of the remotelog utilities. Refer to your firewall
# documentation for further details on this process. Before attempting to
# utilize this feature, verify that the remotelogfile command works when
# manually invoked from a command prompt.
#
# Specify the name or IP address of the firewall server for the <host>
# parameter. If you are not going to use this feature, make sure this
# option is deleted or commented out -- it has precedence over the other
# options.
#
# Depending on how you have installed the remotelog utilities, you may also
# have to specify the full path to the remotelogfile executable.
#
# Examples:
#
# remotelog firewall.domain.com
# remotelog 10.1.1.7 c:/utilities/remotelog
#
#
# save_logfile [directory]
#
# If specified, Reptor will save a copy of the logfile. This is useful if
# you've also specified the remotelog option, and you want to have a local
# copy of the logfile for further analysis or backup. If you haven't
# specified the remotelog option, using this is pretty silly. The logfile
# will be written to the current directory if none is specified.
#
# Example:
#
# save_logfile /usr/local/backup
#
#
# compress <command>
#
# If save_logfile is also specified, Reptor will compress logfiles after
# saving them. The command string is the full path name to the compression
# program, plus any options. If there are any spaces in the command string,
# it must be double quoted. This feature only works with compression programs
# that can work with just the name of the file to compress as an argument.
# For example, "gzip file" or "bzip2 file". It will not work with programs
# that require archive names like "pkzip file.zip file".
#
# Examples:
#
# compress "/bin/gzip -9"
# compress "/bin/bzip2 -9"
#
#
# directory <directory>
#
# Specifies the directory where the firewall logfiles are located. This
# should be an absolute path name, and should include the drive letter for
# Windows NT installations. There should be no trailing (back)slash. If
# Reptor is being run on the firewall server and this option is omitted,
# Reptor will probably be able to guess where the logfiles are located.
# If the "remotelog" option is used to retrieve logfiles, this option
# should not be specified.
#
# Examples:
#
# directory c:/raptor/eagle/sg/oldlogs
# directory /var/adm/sg/oldlogs
#
directory c:/raptor/eagle/sg/oldlogs
#
# uncompress <command>
#
# If specified, Reptor will assume the logfile is compressed. The command
# string should contain the command to uncompress to stdout, with the full
# path name and any options. The extension string is the filename extension
# that the compression program uses. Strings with spaces should be double
# quoted.
#
# Examples:
#
# uncompress /bin/zcat Z
# uncompress "/bin/gunzip -c" gz
# uncompress "/bin/bunzip2 -c" bz2
#
#
# interface <interface> [alias]
#
# Properly specifying the interface parameters is crucial! The defaults
# set here are probably not correct. If these values are not properly set,
# filtering will not work and most of the report sections will be inaccurate.
#
# Identifies the network interfaces that are installed in the firewall
# server. The firewall uses identifiers such as "Vpn1" to designate these
# interfaces. If you wish to use a more easily understandable identifier, you
# may also specify an alias for the interface. Interface aliases are case
# sensitive.
#
# You'll probably have to manually browse a logfile to determine which
# identifier refers to which interface. Refer to the FAQ for more details.
# For a Windows NT installation, you may be able to use a program that is
# available at the Raptor public ftp site:
# ftp://ftp.raptor.com/pub/unsupported/istat5.exe
#
# One "interface" option must be specified for each interface in your
# firewall.
#
# Examples:
#
# interface Vpn1 Inside
# interface Vpn2 Outside
# interface Vpn3 DMZ
#
interface Vpn1 Inside
interface Vpn2 Outside
interface Vpn3 DMZ
#
# filter <source interface>
#
# Instructs Reptor to process only connections made from the specified source
# interface to the specified destination interface. This option is useful if
# you wish to process traffic in only one direction or if your firewall has
# more than two network interfaces and you want to ignore traffic on one of
# them.
#
# If you specified an alias for an interface, use the alias instead of the
# interface identifier. The special keyword "any" may be used to match any
# interface. More than one "filter" option may be specified.
#
# For example, assuming a network structure where the internal interface is
# called Vpn1, the external interface is called Vpn2, and the DMZ interface
# is called Vpn3:
#
# filter any Vpn2
# Processes traffic from the inside to the outside.
#
# filter Vpn1 Vpn2
# filter Vpn2 Vpn1
# Processes traffic from the inside out and from the outside in.
#
# filter Vpn3 Vpn2
# Processes traffic from the DMZ to the outside.
#
# If you have used the "interface" option to specify interface aliases like
# this:
#
# interface Vpn1 Inside
# interface Vpn2 Outside
# interface Vpn3 DMZ
#
# then you must use those aliases in the filter specification like this:
#
# filter Inside Outside
#
filter any any
#
# alias <protocol>
#
# Protocol aliases allow Reptor to use a more easily understandable string to
# represent protocols that may have confusing identifiers. For example, you
# may wish to use the phrase "Web Access" to represent the HTTP protocol.
# Protocol aliases are case sensitive, and may not refer to other aliases.
#
# The protocol string is the value that actually appears in the firewall log
# file following the "proto=" tag. The alias string is the value that Reptor
# will use to refer to this protocol.
#
# Protocol aliases are often dependent on any GSP services that you may have
# created in your firewall configuration. In this case, the protocol string
# is usually constructed of the port number that the protocol utilizes,
# followed by a forward slash, followed by the transport protocol, which
# is usually tcp or udp.
#
# Examples:
#
# alias 110/tcp pop3
# alias 143/tcp imap
# alias http "Web Browsing"
# alias http-https "Secure Web Browsing"
#
# Two or more similar protocols may be combined into a single reporting group
# by giving them the same alias. For example:
#
# alias http "Web Browsing"
# alias http-https "Secure Web Browsing"
# alias ftp "File Transfer"
# alias ftp-data "File Transfer"
# alias 110/tcp "Email"
# alias 143/tcp "Email"
# alias smtp "Email"
#
# This option may be specified more than once.
#
alias http-https http
alias ftp-data ftp
alias 22/tcp ssh
alias 110/tcp pop3
alias 119/tcp nntp
alias 143/tcp imap
#
# totals
#
# If specified, Reptor will generate a table of statistics summarizing the
# total amount of traffic detailed in the logfile.
#
totals
#
# alerts
#
# If specified, Reptor will generate a table of details about individual
# logfile entries that have triggered alert conditions. At least one of the
# "time", "duration", "volume", "user", or "word" options must also be
# specified in order to define the alert conditions.
#
alerts
#
# show_reason
#
# If specified, the reason for the alert will be included in the alert
# section. If this option is specified, the "alerts" option must be also.
#
show_reason
#
# show_interface
#
# If specified, the source and destination interface will be included in the
# alert section of the report. If this option is specified, the "alerts"
# option must be also.
#
#show_interface
#
# show_user
#
# If specified, the logfile "user" field will be included in the alert
# section of the report. This field contains the user name for authenticated
# connections or the email address of the sender for SMTP connections. If
# this option is specified, the "alerts" option must be also.
#
#show_user
#
# show_auth
#
# If specified, the logfile "auth" field will be included in the alert
# section of the report. This field contains the type of authentication used
# for authenticated connections. If this option is specified, the "alerts"
# option must be also.
#
#show_auth
#
# show_rule
#
# If specified, the rule number that allows a connection to pass through the
# firewall will be included in the alert section of the report. If this
# option is specified, the "alerts" option must be also.
#
#show_rule
#
# show_op
#
# If specified, the logfile "op" field will be included in the alert section
# of the report. If this option is specified, the "alerts" option must be
# also.
#
#show_op
#
# show_id
#
# If specified, the logfile "id" field will be included in the alert section
# of the report. I have no idea what the id field contains, but if you do,
# there it is. If this option is specified, the "alerts" option must be also.
#
#show_id
#
# show_result
#
# If specified, the logfile "result" field will be included in the alert
# section of the report. If this option is specified, the "alerts" option
# must be also.
#
#show_result
#
# show_arg
#
# If specified, the logfile "arg" field will be included in the alert
# section of the report. This field typically contains the URL for the
# connection. If this option is specified, the "alerts" option must be also.
#
show_arg
#
# all
#
# If specified, all logfile entries will be reported in the alert section,
# regardless of the alert settings. If not specified, only logfile entries
# that trigger alerts will be reported. Use of this option may result in a
# huge amount of output. If this option is specified, the "alerts" option
# must be also.
#
# You really don't want to use this. I don't even know why it's here.
#
#all
#
# time <protocol>
#
# Specifies a condition that will trigger an alert if there is any traffic
# of the specified protocol within the specified time period. If you have
# specified an alias for the protocol, use the alias instead of the protocol
# name. The format of the time period string is HHMM. Use "0000" for midnight
# at the beginning of a period, and "2400" for midnight at the end of a
# period If this option is specified, the "alerts" option must be also. This
# option may be specified more than once.
#
# Examples:
#
# time telnet 0000 0800
# Report all telnet activity between midnight and 8am.
#
# time ftp 1830 2400
# Report all ftp activity between 6:30pm and midnight.
#
time telnet 0000 0800
time telnet 2000 2400
time ftp 0000 0800
time ftp 2000 2400
#
# duration <protocol> [modifier]
#
# Specifies a condition that will trigger an alert if the duration of the
# connection is greater than or equal to the specified duration. The
# duration is understood as number of seconds unless followed by a modifier
# of "M" for minutes or "H" for hours. If you have specified an alias for the
# protocol, use the alias instead of the protocol name. If this option is
# specified, the "alerts" option must be also. This option may be specified
# more than once.
#
# Examples:
#
# duration telnet 1 H
# Report all telnet activity that lasts longer than 1 hour.
#
# duration ftp 15 M
# Report all ftp activity that lasts longer than 15 minutes.
#
# duration smtp 30
# Report all smtp activity that lasts longer than 30 seconds.
#
duration ftp 5 M
duration http 2 M
duration pop3 5 M
duration smtp 5 M
duration telnet 30 M
#
# volume <protocol> [modifier]
#
# Specifies a condition that will trigger an alert if the amount of traffic
# transferred (sent + received) during a connection is greater than or equal
# to the specified number of bytes. The volume is understood as number of
# bytes unless followed by a modifier of "K" for kilobytes or "M" for
# megabytes. If you have specified an alias for the protocol, use the alias
# instead of the protocol name. If this option is specified, the "alerts"
# option must be also. This option may be specified more than once.
#
# Examples:
#
# volume ftp 2 M
# Report all ftp transfers that are greater than 2 megabytes.
#
# volume smtp 200 K
# Report all smtp transfers that are greater than 200 kilobytes.
#
# volume telnet 500
# Report all telnet transfers that are greater than 500 bytes.
#
volume ftp 5 M
volume http 1 M
volume pop3 1 M
volume smtp 1 M
volume telnet 1 M
#
# user <protocol>
#
# Specifies a condition that will trigger an alert if the connection is
# authenticated to the specified user. If you have specified an alias for the
# protocol, use the alias instead of the protocol name. If this option is
# specified, the "alerts" option must be also. This option may be specified
# more than once.
#
# Examples:
#
# user telnet joe
# Report all telnet activity attributed to authenticated user joe.
#
# user smtp fred@domain.com
# Report all emails sent from fred@domain.com.
#
#
# ratings
#
# If specified, connections that trigger WebNOT ratings settings will be
# reported in the alert section.
#
ratings
#
# word <word>
#
# Specifies a condition that will trigger an alert if the specified regular
# expression is matched to the search string. The content of the search
# string is determined by the setting of the "search_source",
# "search_destination", and "search_arg" options. If this option is
# specified, the "alerts" option must be also. This option may be specified
# more than once.
#
word casino
word gamble
word playboy
word nude
word naked
word sex
word [^x]xxx[^x]
#
# search_source
#
# If specified, Reptor will include the name of the source host in the search
# for the indicated alert words.
#
#search_source
#
# search_destination
#
# If specified, Reptor will include the name of the destination host in the
# search for the indicated alert words.
#
search_destination
#
# search_arg
#
# If specified, Reptor will include the "arg" field in the search for the
# indicated alert words. This typically contains the full URL for the
# connection, and is usually where the search words will be found.
#
search_arg
#
# alert_summary <sort> [limit]
#
# If specified, Reptor will generate a summary of the hosts that have
# triggered alerts. The summary will be grouped by source host and
# sorted by the field indicated in <sort>. Valid values for are:
#
# "host" to sort by the name or address of the source host
# "alerts" to sort by the number of alerts generated
#
# The <sort> string may be preceded with "-" to indicate descending order.
#
# To indicate the maximum number of entries allowed in the summary, specify
# a value for [limit].
#
# If this option is specified, the "alerts" option must be also.
#
# Example:
#
# alert_summary -alerts 10
# Generate a summary of the top ten hosts that generated alerts, sorted by
# number of alerts descending.
#
alert_summary -alerts 5
#
# protocol_summary <sort> [limit]
#
# If specified, Reptor will generate a summary of traffic grouped by
# protocol and sorted by the field indicated in <sort>. Valid values for
# <sort> are:
#
# "protocol" to sort by the protocol
# "hits" to sort by the number of logfile entries
# "sent" to sort by the number of bytes sent
# "received" to sort by the number of bytes received
# "total" to sort by the total number of bytes transferred
# "duration" to sort by the amount of time elapsed
#
# The <sort> string may be preceded with "-" to indicate descending order.
#
# To indicate the maximum number of entries allowed in the summary, specify
# a value for [limit].
#
# Example:
#
# protocol_summary -total
# Generate a summary of all protocols, sorted by total traffic volume
# descending.
#
protocol_summary -total
#
# interface_summary <sort> [limit]
#
# If specified, Reptor will generate a summary of traffic for each interface
# specified with the "interface" option, grouped by interface and sorted by
# the field indicated in <sort>. Valid values for are:
#
# "interface" to sort by the interface
# "hits" to sort by the number of logfile entries
# "sent" to sort by the number of bytes sent
# "received" to sort by the number of bytes received
# "total" to sort by the total number of bytes transferred
# "duration" to sort by the amount of time elapsed
#
# The <sort> string may be preceded with "-" to indicate descending order.
#
# To indicate the maximum number of entries allowed in the summary, specify
# a value for [limit].
#
# Example:
#
# interface_summary -total
# Generate a summary of all interfaces, sorted by total traffic volume
# descending.
#
interface_summary -total
#
# host_summary <interface> [limit]
#
# If specified, Reptor will generate a summary of traffic for hosts on the
# specified interface, grouped by host and sorted by the field indicated in
# <sort>. If you have specified an alias for the interface, use the alias
# instead of the interface identifier. Valid values for <sort> are:
#
# "host" to sort by the name or address of the source host
# "hits" to sort by the number of logfile entries
# "sent" to sort by the number of bytes sent
# "received" to sort by the number of bytes received
# "total" to sort by the total number of bytes transferred
# "duration" to sort by the amount of time elapsed
#
# The <sort> string may be preceded with "-" to indicate descending order.
#
# To indicate the maximum number of entries allowed in the summary, specify
# a value for [limit].
#
# One "host_summary" option may be specified for each interface.
#
# Example:
#
# host_summary Vpn1 -total 10
# Generate a summary of the top ten hosts on interface Vpn1, sorted by
# total traffic volume descending.
#
host_summary Inside -total 10
host_summary Outside -total 10
#
# user_summary <sort> [limit]
#
# If specified, Reptor will generate a summary of traffic grouped by user
# and sorted by the field indicated in <sort>. This option is only useful
# if users authenticate with the firewall. Valid values for <sort> are:
#
# "user" to sort by the user
# "hits" to sort by the number of logfile entries
# "sent" to sort by the number of bytes sent
# "received" to sort by the number of bytes received
# "total" to sort by the total number of bytes transferred
# "duration" to sort by the amount of time elapsed
#
# The <sort> string may be preceded with "-" to indicate descending order.
#
# To indicate the maximum number of entries allowed in the summary, specify
# a value for [limit].
#
# Example:
#
# user_summary -total 10
# Generate a summary of the top ten users sorted by total volume descending.
#
user_summary -total 10
#
# hour_summary <sort> [limit]
#
# If specified, Reptor will generate a summary of traffic grouped by time of
# day (in one hour periods) and sorted by the field indicated in <sort>.
# Valid values for <sort> are:
#
# "hour" to sort by time of day
# "hits" to sort by the number of logfile entries
# "sent" to sort by the number of bytes sent
# "received" to sort by the number of bytes received
# "total" to sort by the total number of bytes transferred
# "duration" to sort by the amount of time elapsed
#
# The <sort> string may be preceded with "-" to indicate descending order.
#
# To indicate the maximum number of entries allowed in the summary, specify
# a value for [limit].
#
# Example:
#
# hour_summary hour 12
# Generate a summary of the first twelve hours of the day.
#
hour_summary hour
#
# domain_summary <sort> [limit]
#
# If specified, Reptor will generate a summary of top-level domains. The
# summary will be grouped by domain and sorted by the field indicated in
# <sort>. Valid values for are:
#
# "domain" to sort by the name of the top-level domain
# "hits" to sort by the number of logfile entries
# "sent" to sort by the number of bytes sent
# "received" to sort by the number of bytes received
# "total" to sort by the total number of bytes transferred
#
# The <sort> string may be preceded with "-" to indicate descending order.
#
# To indicate the maximum number of entries allowed in the summary, specify
# a value for [limit].
#
# Note: In order for this summary to be useful, either the "dns all" option
# must be specified, or DNS resolution at the firewall must be enabled. Also,
# the sum of all traffic reported by the this summary will probably not reach
# 100% because not all logfile entries can be resolved.
#
# Example:
#
# domain_summary -total 10
# Generate a summary of the top ten domains, sorted by number of bytes
# descending.
#
domain_summary -total 5
#
# mobile_summary <sort> [limit]
#
# If specified, Reptor will generate a summary of Raptor Mobile connections.
# The summary will be grouped by source host and sorted by the field
# indicated in <sort>. Valid values for are:
#
# "host" to sort by the name or address of the source host
# "hits" to sort by the number of connections made
#
# The <sort> string may be preceded with "-" to indicate descending order.
#
# To indicate the maximum number of entries allowed in the summary, specify
# a value for [limit].
#
# Example:
#
# mobile_summary -count 10
# Generate a summary of the top ten hosts that connected via Raptor Mobile,
# sorted by number of connections descending.
#
mobile_summary -count
#
# message_summary <sort> [severity]
#
# If specified, Reptor will generate a summary of all logfile messages. The
# summary will be grouped by message type and sorted by the field indicated
# in <sort>. Valid values for are:
#
# "hits" to sort by the number of messages
# "message" to sort by the message number
#
# The <sort> string may be preceded with "-" to indicate descending order.
#
# To only show messages "more severe" than a certain value, specify a value
# for [severity]. The message severify values are as follows:
#
# 100-199 Information
# 200-299 Notice
# 300-399 Warning
# 400-499 Error
# 500-599 Alert
# 600-699 Critical
# 700-799 Emergency
#
# Example:
#
# message_summary message
# Generate a summary of all messages, sorted by message.
#
# message_summary -hits 400
# Generate a summary of messages that are severity "Error" and above,
# sorted by the number of messages descending.
#
message_summary message
#
# history_summary <value>
#
# Reptor can accumulate a file that contains historical traffic summary
# statistics for each day that is processed. If this option is specified,
# this file will be used to generate a simple historical summary graph of
# recent traffic. In order to generate the history file, you must specify the
# history_file option. In order for the summary to show anything, you must
# also specify the graphs option. The value of <value> determines what the
# graph graphs. Valid values are:
#
# "hits" to graph the total number of hits for each day
# "total" to graph the total number of bytes for each day
# "duration" to graph the total connection duration for each day
#
# The history summary (but not the history file) will be limited to <limit>
# days. This option may be specified more than once if you want to graph
# multiple values.
#
# Example:
#
# history_summary total 30
# Graph the total number of bytes for each day over the past 30 days.
#
history_summary total 30
history_summary hits 30
#
# history_file <file>
#
# If specified, Reptor will accumulate a file that contains historical traffic
# summary statistics. The file will only be updated if the logfile being
# processed is yesterday's log. This is to prevent duplicate entries in the
# case of using the --date or --log command line options.
#
# Note: If you are running Reptor from within a shell script or batch file,
# you may not be changing to the Reptor directory before running it. If this
# is the case, you will have to specify a full path name here, so that Reptor
# can properly find the file.
#
# The history file contains four comma separated fields per line. The fields
# (from left to right) are:
#
# date (in YYYYMMDD format)
# total number of hits for that day
# total number of bytes transferred for that day
# total duration of connections for that day
#
# Examples:
# history_file /usr/local/reptor/history
# history_file c:\reptor\history
#
history_file history
#
# links
#
# If specified, Reptor will make hyperlinks in the output where appropriate.
# If the "alerts" and "show_arg" options are also specified, the report will
# include links that will allow you to click on and visit the exact offending
# URL. Of course, doing so will cause an alert in tomorrow's report...
#
links
#
# output <
# stdout |
# file [>]directory/[filename] |
# ftp username,password,address,directory/[filename] |
# mail user@domain[,user@domain[...]]
# >
#
# Specifies the desired destination for the output. If "stdout" is
# specified, the output will be sent to the screen if not otherwise piped or
# redirected. If "file" is specified, you must also specify the desired
# target directory, and optionally, the desired file name. If specified
# without a filename, the directory should include a trailing (back)slash. If
# the filename is omitted, Reptor will automatically generate it based on the
# date of the logfile processed. If the string begins with ">", the output
# will be appended to the file if it already exists. Otherwise, it will
# overwrite an existing file of the same name. If "ftp" is specified, Reptor
# will upload the output to an ftp server using the specified settings. If
# "mail" is specified, Reptor will email the output to the list of addresses
# specified.
#
# Examples:
#
# output file /reports/
# Save the output to the file /reports/<date>.html.
#
# output file /reports/output.html
# Save the output to the file /reports/output.html, overwriting it if it
# already exists.
#
# output file >/reports/output.html
# Save the output to the file /reports/output.html, appending to it if it
# already exists.
#
# output ftp anonymous,reptor,ftpsrv,/pub/incoming/reptor.html
# Upload the output to the ftp server named ftpsrv. Log in with the userid
# anonymous and the password reptor. Upload the file to the directory
# /pub/incoming and name it reptor.html.
#
# output ftp apache,george,websrv,/apache/htdocs/reptor/
# Upload the output to the ftp server named websrv. Log in with the userid
# apache and the password george. Upload the file to the directory
# /apache/htdocs/reptor and name it <date>.html.
#
# output mail joe@domain1.com,fred@domain2.com
# Email the output to joe@domain1.com and fred@domain2.com.
#
output file ./
#
# mail_server <address>
#
# If you have indicated email output, this option specifies an SMTP server to
# relay mail through. If not specified, it will default to the local host.
#
# Example:
#
# mail_server 1.2.3.4
#
#
# mail_from <address>
#
# Indicates what to use for a From address when sending email output. This is
# not always required, but you may discover that your mail server has an
# anti-spam feature that rejects Reptor's output because the message does not
# have a valid From address.
#
# Example:
#
# mail_from root@domain.com
#
#
# dns <all|print>
#
# If specified, Reptor will perform reverse DNS lookups on unresolved IP
# addresses. If the "all" option is specified, Reptor will lookup all
# unresolved IP addresses, whether or not the logfile entry is selected to
# print. If the "print" option is specified, Reptor will only lookup
# unresolved IP addresses that are selected to print printed. Choosing "all"
# may significantly increase the amount of time required to process a logfile.
# However, in order to utilize the word search feature on a hostname, sort a
# summary by hostname, or specify the domain_summary option, either "all" or
# DNS resolution at the firewall is required.
#
dns print
#
# nice_bytes
#
# If specified, large byte values will be represented in Kb or Mb, as
# appropriate.
#
nice_bytes
#
# title
#
# If specified, will be used as a report title. It may include simple HTML
# tags, but don't get silly with it.
#
title "Company<br>Firewall Activity"
#
# style_sheet <file>
#
# If specified, Reptor will embed the indicated style sheet into the HTML
# output.
#
style_sheet reptor.css
#
# highlight
#
# If specified, Reptor will highlight table rows with alternating colors. In
# order to utilize this feature, you must also specify the style_sheet
# option, and the style sheet definition must contain classes named TD.odd
# and TD.even.
#
highlight
#
# table
#
# If specified, indicates the HTML formatting tags used for rendering tables.
#
table "border=0 cellpadding=2 cellspacing=2"
#
# graphs <scale>
#
# If specified, Reptor will include graphs in summary tables. Reduce the scale
# to make the graphs narrower, increase the scale to make the graphs wider.
#
graphs 0.75