# Example configuration file for Guardian 2.0.

## Log settings.

# The LogFacility configures the target where log messages should be sent.
# Available are console, file and syslog.
LogFacility = syslog

# If guardian has been configured to sent it's log messages to a file, those
# logfile has to be specified by using the LogFile option.
#LogFile = /var/log/guardian.log

# The LogLevel setting describes the amount of the logged messages and can be
# increased when debugging guardian. Available log level are off, error, info, debug.
LogLevel = info

## Block settings.

# The BlockCount setting allow to configure the amount of events until an attacker's
# address will be blocked. This value has to be a natural number.
BlockCount = 3

# BlockTime allows to configure the time (seconds) until the block of an address automatically
# will released.
BlockTime = 86400

# The FirewallEngine which should be used for doing all the block/unblock stuff. Depends on the
# system where guardian should be used. Currently only "IPtables" as firewall engine is supported.
FirewallEngine = IPtables

# The optional FirewallAction option allows to configure weather the created firewall rule to block
# the atackers IP-address should be a "DROP" or "REJECT" one. Defaults to "DROP" if not configured.
#FirewallAction = DROP

# The IgnoreFile contains a list of addresses (one address per line) which are white-listed and
# therefore will not be blocked by guardian at any time. Inside the ignore file additional files
# can be specified to get included by using "Include_File = /path/to/file.name" .
# IgnoreFile = /etc/guardian/guardian.ignore

## Parser/File monitoring configuration.

# Configuring which files should be monitored and which parser should be used for parsing any
# recently added lines is a quite easy task. Each monitoring direction has to be started with
# "Monitor_" followed by the parser which should be used. Finaly the file which should be monitored
# needs to be specified.
#
# A proper configured monitor instruction should look like this:
# Monitor_PARSER = /file/wich/should/be/monitored
#
# Currently supported parser modules are: HTTPD, OWNCLOUD, SNORT and SSH

## Optional settings

# Guardian will open an Unix socket to provide an IPC mechanism for communicating with it's client
# application and maybe other control instances. The SocketOwner option allows to configure the
# ownership of this socket to a different user:group.
#SocketOwner = user:group