1pads.conf(8)                System Manager's Manual               pads.conf(8)
2
3
4

NAME

6       pads.conf - pads configuration file
7
8

DESCRIPTION

10       This man page describes the format of the pads(8) configuration file.
11
12       Empty lines and lines beginning with '#' are ignored.
13
14

PARAMETERS

16       daemon [0/1]
17              his  parameter  determines  whether the application will go into
18              the background.  0 = Disable, 1 = Enable
19
20
21       pid_file <file>
22              Filename of the pads PID file.  This value should be set if  you
23              are planning on using daemon mode.
24
25
26       sig_file <file>
27              Alternate location for the pads-signature-list file.
28
29
30       mac_file <file>
31              Alternate location for the pads-ether-codes file.
32
33
34       user <username>
35              This  is  the  name of the user pads will run as when started as
36              root.
37
38
39       group <groupname>
40              This is the name of the group pads will run as when  started  as
41              root.
42
43
44       interface <interface>
45              This contains the name of the interface PADS will listen to.
46
47
48       filter <filter>
49              This  value  contains a libpcap filter to be applied to the PADS
50              session.  For example, to  filter  only  SSH  traffice,  specify
51              "filter 'port 22'".
52
53
54       network <network>
55              This  string  contains  a comma seperated list of networks to be
56              monitored.   Only  assets  found  in  these  networks  will   be
57              recorded.             For            example,           "network
58              192.168.0.0/24,192.168.1.0/24,10.10.10.0/24".
59
60
61       output screen
62              This output plugin displays PADS data to the screen.  When using
63              the configuration file, it defaults to off.
64
65
66       output csv: <filename> [readonly]
67              This  output plugin writes PADS data to a CSV file.  Optionally,
68              a CSV filename can be specified as an argument. If you want  the
69              file  used  only  to populate the internal known assets list but
70              never be updated, then use the readonly option.  This  would  be
71              handy  when you have a baseline and want to use it for intrusion
72              detection.
73
74
75       output fifo: <filename>
76              This output plugin writes PADS data to a FIFO file.  Optionally,
77              a FIFO filename can be specified as an argument.
78
79
80       output prelude: <profilename>
81              This output plugin writes PADS data as IDMEF alerts via prelude.
82              Optionally you can add a profile name if you want something dif‐
83              ferent than the default of pads.
84
85

SEE ALSO

87       pads(8)
88
89
91       Copyright (C) 2005 Matt Shelton <matt@mattshelton.com>
92
93

BUGS

95       Please send bug reports to the author.
96
97

AUTHORS

99       Matt Shelton <matt@mattshelton.com>
100
101
102
103                                  2005/06/17                      pads.conf(8)
Impressum