other versions
other sections
RANONYMIZE.CONF(5) | File Formats Manual | RANONYMIZE.CONF(5) |
NAME¶
ranonymize.conf - ranonymize(1) configuration file.COPYRIGHT¶
Copyright (c) 2000-2002 QoSient. All rights reserved.SYNOPSIS¶
ranonymize.confDESCRIPTION¶
This configuration file provides the ability to specify options for argus data anoymization.OPTIONS¶
The anonymization clients have a small number of options for controlling specific aspects of the anonymization function and its output.Timestamps, Reference and Sequence Numbers¶
Ranonymize anonymizes various fields in Argus records, such as the network addresses, protocol specific port numbers, timestamps, transaction reference numbers, and the sequence numbers.RANON_TRANSREFNUM_OFFSET=random RANON_SEQNUM_OFFSET=random RANON_TIME_SEC_OFFSET=random RANON_TIME_USEC_OFFSET=random
Ethernet Address Vendor Codes¶
When anonymizing ethernet addresses, ranonymize has the option to preserve the vendor portion, if desired. This allows analytical programs to differentiate anonymized data by vendor type. This feature is turned off by default.Broadcast Addresses¶
Ranonymize has the option to preserve the semantic that an address is a broadcast address. This is very important when doing flow analysis for either operational or performance managment tasks, using anonymized data.IPv4 Address Anonymization¶
IPv4 address are composed of two parts, a network part and a host part. Because the addressing strategy of a site may have integrated semantics that would want to be retained in the anonymized addresses, IPv4 address anonymization involves specifying a one-to-one translation table for both the network and host address spaces in an IPv4 address. Once a new network address has been allocated, every occurence of that network address will be substituted in the anonymizers output stream. The host address space is anonymized in an independent but similar fashion.RANON_NET_ANONYMIZATION=sequential RANON_HOST_ANONYMIZATION=sequential
Address Hierarchy¶
Ranonymize has the option to preserve the network address hierarchy at various levels of granularity. This allows you to preserve the addressing relationships between addresses. The options are "cidr", "class", "subnet" and "no".Specific Network Address Aliasing¶
Ranonymize can be configured to perform specific network address translation. These must be specified as 24 bit CIDR addresses. RANON_PRESERVE_NET_ADDRESS_HIERARCHY must be set to "cidr", for this feature to work.RANON_SPECIFY_NET_TRANSLATION=192.168.0.0::128.2.134.0 RANON_SPECIFY_NET_TRANSLATION=64.12.0.0::134.5.0.0 RANON_SPECIFY_NET_TRANSLATION=128.2.0.0::200.200.0.0
Specific Host Address Aliasing¶
Ranonymize can be configured to perform specific host address translation. These addresses are allocated prior to reading any data, and are removed from the potential network address pool, regardless of the anonymization strategy. Feel free to list as many addresses that you would like.Transport SAP Aliasing¶
Ranonymize can be configured to preserve specific ranges of port numbers. For convenience, ranonymize() can be configured to preserve the IANA well known port allocation range (0-1023), the registered ports (1024-49151) and/or the private port range (49152 - 65535). Also, ranonymize() can be configured to preserve specific port numbers. These numbers are independent of protocol type, so if port 23461 is to be preserved, it will be preserved for both tcp and udp based flows.RANON_PRESERVE_WELLKNOWN_PORT_NUMS=yes RANON_PRESERVE_REGISTERED_PORT_NUMS=no RANON_PRESERVE_PRIVATE_PORT_NUMS=no
SEE ALSO¶
ranonymize(1)14 November 2001 |