#  Config file for Ratrap snort logger.

Gateway					# gateway address.

SyslogHost			# machine to report to via syslog.

IPtables	/usr/sbin/iptables	# firewall manipulation program.

IPtableChains	INPUT			# INPUT, OUTPUT, FORWARD. Add FORWARD if bridging.

FWactions       DROP             	# what to do with miscreant packets: drop and/or tarpit

IFconfig	/sbin/ifconfig

IProute		/sbin/route

PublicInterface	eth0			# public network interface: eth0,eth1 or even br0.

LogFile		/var/log/ratrap.log	# our log file.

Blacklist	/var/log/blacklist	# our blacklist file used to preserve state over reboots/reloads.

Whitelist	/etc/sysconfig/whitelist	# our whitelist file of friendly IPs that snort keeps reporting.

SnortFIFO	/var/log/snort.fifo	# Snort writes to this FIFO via syslog. 

Timeout		86400			# seconds that addresses are blocked for.

AlarmPeriod	60			# seconds between checking for timed-out blocked addresses.

TriggerLevel	2			# attack priority as reported by Snort. >2 is not critical.

SyslogLevel	local4.notice		# syslog facility and level.