Added some nice ulogd config.

diff --git a/config/ulogd2/sqlite3.table b/config/ulogd2/sqlite3.table
new file mode 100644 (file)
index 0000000..200a4c4
--- /dev/null
+++ b/config/ulogd2/sqlite3.table
@@ -0,0 +1,21 @@
+CREATE TABLE ulog (
+                       raw_mac         VARCHAR(80),
+                       oob_time_sec    INT UNSIGNED,
+                       oob_time_usec   INT UNSIGNED,
+                       ip_saddr        INT UNSIGNED,
+                       ip_daddr        INT UNSIGNED,
+                       ip_protocol     TINYINT UNSIGNED,
+                       ip_totlen       SMALLINT UNSIGNED,
+                       tcp_sport       SMALLINT UNSIGNED,
+                       tcp_dport       SMALLINT UNSIGNED,
+                       udp_sport       SMALLINT UNSIGNED,
+                       udp_dport       SMALLINT UNSIGNED,
+                       udp_len         SMALLINT UNSIGNED,
+                       icmp_type       TINYINT UNSIGNED,
+                       icmp_code       TINYINT UNSIGNED,
+                       icmp_echoid     SMALLINT UNSIGNED,
+                       icmp_echoseq    SMALLINT UNSIGNED,
+                       icmp_gateway    INT UNSIGNED,
+                       icmp_fragmtu    SMALLINT UNSIGNED
+               );
+

diff --git a/config/ulogd2/ulogd.conf b/config/ulogd2/ulogd.conf
new file mode 100644 (file)
index 0000000..4806009
--- /dev/null
+++ b/config/ulogd2/ulogd.conf
@@ -0,0 +1,154 @@
+# IPFire configuration for ulogd
+
+[global]
+######################################################################
+# GLOBAL OPTIONS
+######################################################################
+
+# logfile for status messages
+logfile="/var/log/ulogd/ulogd.log"
+
+# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8)
+loglevel=1
+
+######################################################################
+# PLUGIN OPTIONS
+######################################################################
+
+# We have to configure and load all the plugins we want to use
+
+# general rules:
+# 1. load the plugins _first_ from the global section
+# 2. options for each plugin in seperate section below
+
+plugin="/usr/lib/ulogd/ulogd_inppkt_NFLOG.so"
+#plugin="/usr/lib/ulogd/ulogd_inppkt_ULOG.so"
+plugin="/usr/lib/ulogd/ulogd_inpflow_NFCT.so"
+plugin="/usr/lib/ulogd/ulogd_filter_IFINDEX.so"
+plugin="/usr/lib/ulogd/ulogd_filter_IP2STR.so"
+plugin="/usr/lib/ulogd/ulogd_filter_IP2BIN.so"
+plugin="/usr/lib/ulogd/ulogd_filter_PRINTPKT.so"
+plugin="/usr/lib/ulogd/ulogd_filter_HWHDR.so"
+plugin="/usr/lib/ulogd/ulogd_filter_PRINTFLOW.so"
+#plugin="/usr/lib/ulogd/ulogd_filter_MARK.so"
+#plugin="/usr/lib/ulogd/ulogd_output_LOGEMU.so"
+plugin="/usr/lib/ulogd/ulogd_output_SYSLOG.so"
+#plugin="/usr/lib/ulogd/ulogd_output_OPRINT.so"
+#plugin="/usr/lib/ulogd/ulogd_output_NACCT.so"
+#plugin="/usr/lib/ulogd/ulogd_output_PCAP.so"
+#plugin="/usr/lib/ulogd/ulogd_output_PGSQL.so"
+#plugin="/usr/lib/ulogd/ulogd_output_MYSQL.so"
+#plugin="/usr/lib/ulogd/ulogd_output_DBI.so"
+plugin="/usr/lib/ulogd/ulogd_output_SQLITE3.so"
+plugin="/usr/lib/ulogd/ulogd_raw2packet_BASE.so"
+
+# this is a stack for logging packet send by system via LOGEMU
+#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+
+# this is a stack for packet-based logging via LOGEMU
+#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+
+# this is a stack for ULOG packet-based logging via LOGEMU
+#stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+
+# this is a stack for packet-based logging via LOGEMU with filtering on MARK
+#stack=log2:NFLOG,mark1:MARK,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+
+# this is a stack for flow-based logging via LOGEMU
+#stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU
+
+# this is a stack for flow-based logging via OPRINT
+#stack=ct1:NFCT,op1:OPRINT
+
+# this is a stack for NFLOG packet-based logging to PCAP
+#stack=log2:NFLOG,base1:BASE,pcap1:PCAP
+
+# this is a stack for logging packet to MySQL
+#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL
+
+# this is a stack for logging packet to PGsql after a collect via NFLOG
+#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,pgsql1:PGSQL
+
+# this is a stack for logging packets to syslog after a collect via NFLOG
+#stack=log3:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG
+
+# this is a stack for flow-based logging to MySQL
+#stack=ct1:NFCT,ip2bin1:IP2BIN,mysql2:MYSQL
+
+# this is a stack for flow-based logging to PGSQL
+#stack=ct1:NFCT,ip2str1:IP2STR,pgsql2:PGSQL
+
+# this is a stack for flow-based logging to PGSQL without local hash
+#stack=ct1:NFCT,ip2str1:IP2STR,pgsql3:PGSQL
+
+
+# this is a stack for flow-based logging in NACCT compatible format
+#stack=ct1:NFCT,ip2str1:IP2STR,nacct1:NACCT
+
+[ct1]
+#netlink_socket_buffer_size=217088
+#netlink_socket_buffer_maxsize=1085440
+
+[ct2]
+#netlink_socket_buffer_size=217088
+#netlink_socket_buffer_maxsize=1085440
+hash_enable=0
+
+# Logging of system packet through NFLOG
+[log1]
+# netlink multicast group (the same as the iptables --nflog-group param)
+# Group O is used by the kernel to log connection tracking invalid message
+group=0
+#netlink_socket_buffer_size=217088
+#netlink_socket_buffer_maxsize=1085440
+# set number of packet to queue inside kernel
+#netlink_qthreshold=1
+# set the delay before flushing packet in the queue inside kernel (in ms)
+#netlink_qtimeout=1000
+
+# packet logging through NFLOG for group 1
+[log2]
+# netlink multicast group (the same as the iptables --nflog-group param)
+group=1 # Group has to be different from the one use in log1
+#netlink_socket_buffer_size=217088
+#netlink_socket_buffer_maxsize=1085440
+# If your kernel is older than 2.6.29 and if a NFLOG input plugin with
+# group 0 is not used by any stack, you need to have at least one NFLOG
+# input plugin with bind set to 1. If you don't do that you may not
+# receive any message from the kernel.
+#bind=1
+
+# packet logging through NFLOG for group 2, numeric_label is
+# set to 1
+[log3]
+# netlink multicast group (the same as the iptables --nflog-group param)
+group=2 # Group has to be different from the one use in log1/log2
+numeric_label=1 # you can label the log info based on the packet verdict
+#netlink_socket_buffer_size=217088
+#netlink_socket_buffer_maxsize=1085440
+#bind=1
+
+[ulog1]
+# netlink multicast group (the same as the iptables --ulog-nlgroup param)
+nlgroup=1
+#numeric_label=0 # optional argument
+
+[emu1]
+file="/var/log/ulogd_syslogemu.log"
+sync=1
+
+[op1]
+file="/var/log/ulogd_oprint.log"
+sync=1
+
+[pcap1]
+sync=1
+
+[sys2]
+facility=LOG_LOCAL2
+
+[nacct1]
+sync = 1
+
+[mark1]
+mark = 1

diff --git a/config/ulogd2/ulogd.logrotate b/config/ulogd2/ulogd.logrotate
new file mode 100644 (file)
index 0000000..b3fb6d1
--- /dev/null
+++ b/config/ulogd2/ulogd.logrotate
@@ -0,0 +1,7 @@
+/var/log/ulogd.log /var/log/ulogd.syslogemu /var/log/ulogd.pktlog /var/log/ulogd.pcap {
+    missingok
+    sharedscripts
+    postrotate
+       /bin/killall -HUP ulogd 2> /dev/null || true
+    endscript
+}

diff --git a/lfs/ulogd2 b/lfs/ulogd2
index b2798b7e31a2fe0a57fcfa35a4e1e1baa7f44e26..a7aac61886bb93fcadaf85c65ff8dc0ce6b35148 100644 (file)
--- a/lfs/ulogd2
+++ b/lfs/ulogd2
@@ -61,8 +61,12 @@ $(OBJECT) :
                ./configure \
                        $(CONFIGURE_ARCH) \
                        --prefix=/usr \
+                       --sysconfdir=/etc \
                        --disable-static
        cd $(DIR_APP) && make $(PARALLELISMFLAGS)
        cd $(DIR_APP) && make install
+       cp -vf $(DIR_CONFIG)/$(PKG_NAME)/ulogd.conf /etc/ulogd.conf
+       -mkdir -pv /var/log/ulogd
+       sqlite3 -echo /var/log/ulogd/ulogd.db < $(DIR_CONFIG)/$(PKG_NAME)/sqlite3.table
        @rm -rf $(DIR_APP)
        @$(POSTBUILD)