Miscellaneous

Section heading:

[Misc]

Entries:

Daemon=yes/no — Whether to become a daemon (default: no)

SetChrootDir=path — If set, chroot to this directory (server only).

SetStripDomain=yes/no — Whether to strip the domain from the client hostname when logging client messages (server only; default: yes).

VersionString=string — Set version string to include in file signature database (along with hostname and date).

SetNiceLevel=-19..19 — Set scheduling priority during file check. — (see 'man nice').

SetIOLimit=bps — Set IO limits (kilobytes per second) for file check.

SetLoopTime=seconds — Interval between timestamp messages.

SetFilecheckTime=seconds — Interval between file checks.

FileCheckScheduleOne=schedule— Crontab-like schedule for file checks.

ReportOnlyOnce=yes/no — Report only once on a modified file.

ReportFullDetail=yes/no — Report in full detail on modified files.

UseLocalTime=yes/no — Report file timestamps in local time rather than GMT.

ChecksumTest=none/init/update/check — The default action.

SetConsole=device — Set the console device.

MessageQueueActive=1/0 — Use SysV IPC message queue — ('1' is on, '0' is off).

SetMailTime=seconds — Maximum time interval between mail messages.

SetMailNum=0 -- 127 — Maximum number of pending mails on internal queue.

SetMailAddress=recepient — Add a recepient e-mail address (max. 8).

SetMailRelay=IP address — The mail relay (for offsite mail).

MailSubject=string — Custom format for the email subject.

SamhainPath=path — The path of the process image.

SetLogServer=IP address — The log server.

SetTimeServer=IP address — The time server.

TrustedUser=username(,username,..). — List of additional trusted users.

SetDatabasePath=AUTO or /path— Path to database (AUTO to tack — hostname on compiled-in path).

SetLogfilePath=AUTO or /path — Path to log file (AUTO to tack — hostname on compiled-in path).

SetLockfilePath=AUTO or /path— Path to lock file (AUTO to tack — hostname on compiled-in path).

DigestAlgo=SHA1 or MD5 — Use SHA1 or MD5 instead of the TIGER checksum.

RedefReadOnly=+XXX or -XXX — Add or subtract test XXX from the ReadOnly policy.

RedefAttributes=+XXX or -XXX — Add or subtract test XXX from the Attributes policy.

RedefLogFiles=+XXX or -XXX — Add or subtract test XXX from the LogFiles policy.

RedefGrowingLogFiles=-XXX or ~XXX — Add or subtract test XXX from the GrowingLogFiles policy.

RedefIgnoreAll=+XXX or -XXX — Add or subtract test XXX from the IgnoreAll policy.

RedefIgnoreNone=+XXX or -XXX — Add or subtract test XXX from the IgnoreNone policy.

RedefUser0=+XXX or -XXX — Add or subtract test XXX from the User0 policy.

RedefUser1=+XXX or -XXX — Add or subtract test XXX from the User1 policy.

SetClientFromAccept=true/false — If true, use client address as known to the communication layer. Else (default) use client name as claimed by the client, try to verify against the address known to the communication layer, and accept (with a warning message) even if this fails.

SeverityLookup=severity — Severity for name lookup errors when verifying (on the server side) that the socket peer matches the hostname claimed by the client. See the preceding option.

SetReverseLookup=true/false — If false, skip reverse lookups when connecting to a host known by name rather than IP address.

UseSeparateLogs=true/false — If true, messages from different clients will be logged to separate log files (the name of the client will be appended to the name of the main log file to construct the logfile name).

SetClientTimeLimit=seconds — Time limit until next client message (server-only).

MessageHeader="\%S \%T \%F \%L \%C" — Specify custom format for message header.

SetUDPActive=yes/no — yule 1.2.8+: Listen on 514/udp (syslog).

HideSetup=yes/no — Don't log names of config/database files on startup.

SyslogFacility=LOG_xxx — Set syslog facility (default is LOG_AUTHPRIV).

MACType=HASH-TIGER/HMAC-TIGER — Set type of message auth. code (HMAC).

Remarks: (i) root and the effective user are always trusted. (ii) If no time server is given, the local host clock is used. (iii) If the path of the process image is given, the process image will be checksummed at startup and exit, and both checksums compared.