]> git.ipfire.org Git - people/amarx/ipfire-3.x.git/blame - config/ulogd2/ulogd.conf
projects / people / amarx / ipfire-3.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Added some nice ulogd config.
[people/amarx/ipfire-3.x.git] / config / ulogd2 / ulogd.conf
CommitLineData
d3964792
MT		 1# IPFire configuration for ulogd
2
3[global]
4######################################################################
5# GLOBAL OPTIONS
6######################################################################
7
8# logfile for status messages
9logfile="/var/log/ulogd/ulogd.log"
10
11# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8)
12loglevel=1
13
14######################################################################
15# PLUGIN OPTIONS
16######################################################################
17
18# We have to configure and load all the plugins we want to use
19
20# general rules:
21# 1. load the plugins _first_ from the global section
22# 2. options for each plugin in seperate section below
23
24plugin="/usr/lib/ulogd/ulogd_inppkt_NFLOG.so"
25#plugin="/usr/lib/ulogd/ulogd_inppkt_ULOG.so"
26plugin="/usr/lib/ulogd/ulogd_inpflow_NFCT.so"
27plugin="/usr/lib/ulogd/ulogd_filter_IFINDEX.so"
28plugin="/usr/lib/ulogd/ulogd_filter_IP2STR.so"
29plugin="/usr/lib/ulogd/ulogd_filter_IP2BIN.so"
30plugin="/usr/lib/ulogd/ulogd_filter_PRINTPKT.so"
31plugin="/usr/lib/ulogd/ulogd_filter_HWHDR.so"
32plugin="/usr/lib/ulogd/ulogd_filter_PRINTFLOW.so"
33#plugin="/usr/lib/ulogd/ulogd_filter_MARK.so"
34#plugin="/usr/lib/ulogd/ulogd_output_LOGEMU.so"
35plugin="/usr/lib/ulogd/ulogd_output_SYSLOG.so"
36#plugin="/usr/lib/ulogd/ulogd_output_OPRINT.so"
37#plugin="/usr/lib/ulogd/ulogd_output_NACCT.so"
38#plugin="/usr/lib/ulogd/ulogd_output_PCAP.so"
39#plugin="/usr/lib/ulogd/ulogd_output_PGSQL.so"
40#plugin="/usr/lib/ulogd/ulogd_output_MYSQL.so"
41#plugin="/usr/lib/ulogd/ulogd_output_DBI.so"
42plugin="/usr/lib/ulogd/ulogd_output_SQLITE3.so"
43plugin="/usr/lib/ulogd/ulogd_raw2packet_BASE.so"
44
45# this is a stack for logging packet send by system via LOGEMU
46#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
47
48# this is a stack for packet-based logging via LOGEMU
49#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
50
51# this is a stack for ULOG packet-based logging via LOGEMU
52#stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
53
54# this is a stack for packet-based logging via LOGEMU with filtering on MARK
55#stack=log2:NFLOG,mark1:MARK,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
56
57# this is a stack for flow-based logging via LOGEMU
58#stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU
59
60# this is a stack for flow-based logging via OPRINT
61#stack=ct1:NFCT,op1:OPRINT
62
63# this is a stack for NFLOG packet-based logging to PCAP
64#stack=log2:NFLOG,base1:BASE,pcap1:PCAP
65
66# this is a stack for logging packet to MySQL
67#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL
68
69# this is a stack for logging packet to PGsql after a collect via NFLOG
70#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,pgsql1:PGSQL
71
72# this is a stack for logging packets to syslog after a collect via NFLOG
73#stack=log3:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG
74
75# this is a stack for flow-based logging to MySQL
76#stack=ct1:NFCT,ip2bin1:IP2BIN,mysql2:MYSQL
77
78# this is a stack for flow-based logging to PGSQL
79#stack=ct1:NFCT,ip2str1:IP2STR,pgsql2:PGSQL
80
81# this is a stack for flow-based logging to PGSQL without local hash
82#stack=ct1:NFCT,ip2str1:IP2STR,pgsql3:PGSQL
83
84
85# this is a stack for flow-based logging in NACCT compatible format
86#stack=ct1:NFCT,ip2str1:IP2STR,nacct1:NACCT
87
88[ct1]
89#netlink_socket_buffer_size=217088
90#netlink_socket_buffer_maxsize=1085440
91
92[ct2]
93#netlink_socket_buffer_size=217088
94#netlink_socket_buffer_maxsize=1085440
95hash_enable=0
96
97# Logging of system packet through NFLOG
98[log1]
99# netlink multicast group (the same as the iptables --nflog-group param)
100# Group O is used by the kernel to log connection tracking invalid message
101group=0
102#netlink_socket_buffer_size=217088
103#netlink_socket_buffer_maxsize=1085440
104# set number of packet to queue inside kernel
105#netlink_qthreshold=1
106# set the delay before flushing packet in the queue inside kernel (in ms)
107#netlink_qtimeout=1000
108
109# packet logging through NFLOG for group 1
110[log2]
111# netlink multicast group (the same as the iptables --nflog-group param)
112group=1 # Group has to be different from the one use in log1
113#netlink_socket_buffer_size=217088
114#netlink_socket_buffer_maxsize=1085440
115# If your kernel is older than 2.6.29 and if a NFLOG input plugin with
116# group 0 is not used by any stack, you need to have at least one NFLOG
117# input plugin with bind set to 1. If you don't do that you may not
118# receive any message from the kernel.
119#bind=1
120
121# packet logging through NFLOG for group 2, numeric_label is
122# set to 1
123[log3]
124# netlink multicast group (the same as the iptables --nflog-group param)
125group=2 # Group has to be different from the one use in log1/log2
126numeric_label=1 # you can label the log info based on the packet verdict
127#netlink_socket_buffer_size=217088
128#netlink_socket_buffer_maxsize=1085440
129#bind=1
130
131[ulog1]
132# netlink multicast group (the same as the iptables --ulog-nlgroup param)
133nlgroup=1
134#numeric_label=0 # optional argument
135
136[emu1]
137file="/var/log/ulogd_syslogemu.log"
138sync=1
139
140[op1]
141file="/var/log/ulogd_oprint.log"
142sync=1
143
144[pcap1]
145sync=1
146
147[sys2]
148facility=LOG_LOCAL2
149
150[nacct1]
151sync = 1
152
153[mark1]
154mark = 1
Alex's tree of IPFire 3.x