Official location for a .conf file?

Michael, et al.,

Where is the “official” IPFire location for a conf file? I find some in:


I think the second option is the UNIX/Linux style.

I should have been more specific. I am looking for the official IPFire location for .conf files.

Well, it depends.

Configuration files should normally be in /etc or /etc/<program name>. The web user interface stores stuff in /var/ipfire and some exceptions were also made there.

What are you building?

Just updating the wiki…

In the swatch wiki there is a configuration file at /var/ipfire/snort/swatchrc which didn’t seem correct. The default configuration is ${HOME}/.swatchdogrc but that didn’t seem correct for IPFire.

So I was looking for the official location.

Hi @jon,
Since you can run multiple instances of swatch with each watching different files, I created a directory:


And then created a subdirctory for each thing monitored. Since I’m only using it to monitor Suricata’s fast.log currently, I created a subdirctory:


containing an instance of swatch.conf


If I want to run swatch monitoring some other file, I can simply add another subdirctory and the corresponding new swatch.conf instance.

Seemed reasonable to my simple caveman brain

[Edit]: I suppose it would be just as well to create meaningful named *.conf files for each thing monitored rather than using a subdirectory for each.

I am almost positive you can put all of the configuration in one file and just run one daemon. (I have not tried this yet)

I did some web searches looking for examples of swatch watching multiple files but didn’t find any.

After playing around a bit – doing backup, reinstall, and restores – I like having my swatch.conf for Suricata’s fast.log saved in /var/ipfire/suricata. That way my swatch.conf gets restored along with other settings. When I had the swatch.conf under /etc/… , it did not get restored.

FYI - What you have done is a fine and no need to change. If you are interested here is an example:

This one watches three files:

/usr/local/bin/swatch -c /server/swatch.conf  --daemon \
-t "/var/log/secure /var/log/php.log /server/log/nginx/error.log" \