#####################################################################
#
# Configuration file template for yule.
#
#####################################################################
# 
# NOTE: This is a log server-only configuration file TEMPLATE.
#
# NOTE: The log server ('yule') will look for THAT configuration file
#       that has been defined at compile time with the configure option 
#         ./configure --with-config-file=FILE
#       The default is "/usr/local/etc/.samhainrc" (NOT "yulerc").
#
#####################################################################
# 
# -- empty lines and lines starting with '#', ';' or '//' are ignored 
# -- you can PGP clearsign this file -- samhain will check (if compiled
#    with support) or otherwise ignore the signature
# -- CHECK mail address
#
# To each log facility, you can assign a threshold severity. Only
# reports with at least the threshold severity will be logged
# to the respective facility (even further below).
#
#####################################################################


[Log]
##
## Switch on/OFF log facilities and set their threshold severity
##
## Values: debug, info, notice, warn, mark, err, crit, alert, none.
## 'mark' is used for timestamps.
##
##
## Use 'none' to SWITCH OFF a log facility
## 
## By default, everything equal to and above the threshold is logged.
## The specifiers '*', '!', and '=' are interpreted as  
## 'all', 'all but', and 'only', respectively (like syslogd(8) does, 
## at least on Linux). Examples:
## MailSeverity=*
## MailSeverity=!warn
## MailSeverity==crit

## E-mail
##
# MailSeverity=none
MailSeverity=crit

## Console
##
# PrintSeverity=info

## Logfile
##
# LogSeverity=none

## Syslog
##
# SyslogSeverity=none

## External script or program
##
# ExternalSeverity = none

## Logging to a database
##
# DatabaseSeverity = none


# [Database]
##
## --- Logging to a relational database
##

## Database name
#
# SetDBName = samhain

## Database table
#
# SetDBTable = log

## Database user
#
# SetDBUser = samhain

## Database password
#
# SetDBPassword = (default: none)

## Database host
#
# SetDBHost = localhost

## Log the server timestamp for received messages
#
SetDBServerTstamp = True

## Use a persistent connection
#
UsePersistent = True



# [External]
##
## Interface to call external scripts/programs for logging
##

## The absolute path to the command
## - Each invocation of this directive will end the definition of the
##   preceding command, and start the definition of 
##   an additional, new command
#
# OpenCommand = (no default)

## Type (log or rv)
## - log for log messages, srv for messages received by the server
#
# SetType = log

## The command (full command line) to execute
#
# SetCommandLine = (no default)

## The environment (KEY=value; repeat for more)
#
# SetEnviron = TZ=(your timezone)

## The TIGER192 checksum (optional)
#
# SetChecksum = (no default)

## User who runs the command
#
# SetCredentials = (default: samhain process uid)

## Words not allowed in message
#
# SetFilterNot = (none)

## Words required (ALL of them)
#
# SetFilterAnd = (none)

## Words required (at least one)
#
# SetFilterOr = (none)

## Deadtime between consecutive calls
#
# SetDeadtime = 0

## Add default environment (HOME, PATH, SHELL)
#
# SetDefault = no


#####################################################
#
# Miscellaneous configuration options
#
#####################################################


[Misc]
# whether to become a daemon process
Daemon=yes

## Interval between time stamp messages
#
# SetLoopTime = 60
SetLoopTime = 600

## Normally, client messages are regarded as data within a
## server message of fixed severity. The following two
## options cause the server to use the original severity/class
## of client messages for logging.
#
# UseClientSeverity = False
# UseClientClass    = False

## The maximum time between client messages (seconds)
## This allows the server to flag clients that have exceeded
## the timeout limits; i.e. might have died for some reason.
#
# SetClientTimeLimit = 86400

## Use client address as known to the communication layer (might be
## incorrect if the client is behind NAT). The default is to use
## the client name as claimed by the client, and verify it against
## the former (might be incorrect if the client has several
## interfaces, and its hostname resolves to the wrong interface).
#
# SetClientFromAccept = False

## If SetClientFromAccept is False (default), severity of a 
## failure to resolve the hostname claimed by the client
## to the IP address of the socket peer. 
#
# SeverityLookup = crit

## The console device (can also be a file or named pipe)
## - There are two console devices. Accordingly, you can use
##   this directive a second time to set the second console device.
##   If you have not defined the second device at compile time,
##   and you don't want to use it, then:
##   setting it to /dev/null is less effective than just leaving
##   it alone (setting to /dev/null will waste time by opening
##   /dev/null and writing to it)
#
# SetConsole = /dev/console

## Use separate logfiles for individual clients
#
# UseSeparateLogs = False

## Enable listening on port 514/udp for logging of remote syslog
## messages (if optionally compiled with support for this)
#
# SetUDPActive = False


## Activate the SysV IPC message queue
#
# MessageQueueActive = False


## If false, skip reverse lookup when connecting to a host known 
## by name rather than IP address (i.e. trust the DNS)
#
# SetReverseLookup = True

## If true, open a Unix domain socket to listen for commands that should
## be passed to clients upon next connection. Only works on systems
## that support passing of peer credentials (for authentication) via sockets.
## Use yulectl to access the socket.
#
# SetUseSocket = False

## The UID of the user that is allowed to pass commands to the server
## via the Unix domain socket.
#
# SetSocketAllowUid = 0

## --- E-Mail ---

# Only highest-level (alert) reports will be mailed immediately,
# others will be queued. Here you can define, when the queue will
# be flushed (Note: the queue is automatically flushed after
# completing a file check).
#
# SetMailTime = 86400

## Maximum number of mails to queue
#
# SetMailNum = 10

## Recipient (max. 8)
#
# SetMailAddress=root@localhost

## Mail relay (IP address)
#
# SetMailRelay = NULL

## Custom subject format
#
# MailSubject = NULL

## --- end E-Mail ---

# The binary. Setting the path will allow
# samhain to check for modifications between
# startup and exit.
#
# SamhainPath=/usr/local/bin/yule

## The IP address of the time server
#
# SetTimeServer = (default: compiled-in)

## Trusted Users (comma delimited list of user names) 
#
# TrustedUser = (no default; this adds to the compiled-in list)

## Custom format for message header. 
## CAREFUL if you use XML logfile format.
##
## %S severity
## %T timestamp
## %C class
##
## %F source file
## %L source line
#
# MessageHeader="%S %T "


## Don't log path to config/database file on startup
#
# HideSetup = False

## The syslog facility, if you log to syslog
#
# SyslogFacility = LOG_AUTHPRIV


## The message authentication method
## - If you change this, you *must* change it
##   on client *and* server
#
# MACType = HMAC-TIGER


[Clients]
##
## This is a sample registry entry for a client at host 'HOSTNAME'. This entry
## is valid for the default password.
## You are STRONGLY ADVISED to reset te password (see the README) and
## compute your own entries using 'samhain -P <password>'  
##
## Usually, HOSTNAME should be a fully qualified hostname, 
## no numerical address.
## -- exception: if the client (samhain) cannot determine the 
##               fully qualified hostname of its host,  
##		 the numerical address may be required.
##               You will know if you get a message like:
##               'Invalid connection attempt: Not in 
##                client list  what.ever.it.is'
##
## First entry is for challenge/response, second one for SRP authentication.
#
# Client=HOSTNAME@00000000@C39F0EEFBC64E4A8BBF72349637CC07577F714B420B62882
# Client=HOSTNAME@8F81BA58956F8F42@8932D08C49CA76BD843C51EDD1D6640510FA032A7A2403E572BBDA2E5C6B753991CF7E091141D20A2499C5CD3E14C1639D17482E14E1548E5246ACF4E7193D524CDDAC9C9D6A9A36C596B4ECC68BEB0C5BB7082224946FC98E3ADE214EA1343E2DA8DF4229D4D8572AD8679228928A787B6E5390D3A713102FFCC9D0B2188C92
