# IPFire configuration for ulogd

[global]
######################################################################
# GLOBAL OPTIONS
######################################################################

# logfile for status messages
logfile="/var/log/ulogd/ulogd.log"

# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8)
loglevel=7

######################################################################
# PLUGIN OPTIONS
######################################################################

# We have to configure and load all the plugins we want to use

# general rules:
# 1. load the plugins _first_ from the global section
# 2. options for each plugin in seperate section below

plugin="/usr/lib/ulogd/ulogd_inppkt_NFLOG.so"
plugin="/usr/lib/ulogd/ulogd_inppkt_ULOG.so"
plugin="/usr/lib/ulogd/ulogd_inpflow_NFCT.so"
plugin="/usr/lib/ulogd/ulogd_filter_IFINDEX.so"
plugin="/usr/lib/ulogd/ulogd_filter_IP2STR.so"
plugin="/usr/lib/ulogd/ulogd_filter_IP2BIN.so"
plugin="/usr/lib/ulogd/ulogd_filter_PRINTPKT.so"
plugin="/usr/lib/ulogd/ulogd_filter_HWHDR.so"
plugin="/usr/lib/ulogd/ulogd_filter_PRINTFLOW.so"
#plugin="/usr/lib/ulogd/ulogd_filter_MARK.so"
plugin="/usr/lib/ulogd/ulogd_output_LOGEMU.so"
plugin="/usr/lib/ulogd/ulogd_output_SYSLOG.so"
#plugin="/usr/lib/ulogd/ulogd_output_OPRINT.so"
#plugin="/usr/lib/ulogd/ulogd_output_NACCT.so"
#plugin="/usr/lib/ulogd/ulogd_output_PCAP.so"
#plugin="/usr/lib/ulogd/ulogd_output_PGSQL.so"
#plugin="/usr/lib/ulogd/ulogd_output_MYSQL.so"
#plugin="/usr/lib/ulogd/ulogd_output_DBI.so"
plugin="/usr/lib/ulogd/ulogd_output_SQLITE3.so"
plugin="/usr/lib/ulogd/ulogd_raw2packet_BASE.so"

# this is a stack for logging packet send by system via LOGEMU
stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU

# this is a stack for NFLOG packet-based logging to PCAP
#stack=log1:NFLOG,base1:BASE,pcap1:PCAP

# this is a stack for logging packet to sqlite
#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,sqlite1:SQLITE3

# this is a stack for logging packets to syslog after a collect via NFLOG
#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG

# Logging of system packet through NFLOG
[log1]
# netlink multicast group (the same as the iptables --nflog-group param)
# Group O is used by the kernel to log connection tracking invalid message
group=0
#netlink_socket_buffer_size=217088
#netlink_socket_buffer_maxsize=1085440
# set number of packet to queue inside kernel
#netlink_qthreshold=1
# set the delay before flushing packet in the queue inside kernel (in ms)
#netlink_qtimeout=1000
bind=1

[emu1]
file="/var/log/ulogd/syslogemu.log"
sync=1

[pcap1]
sync=1

[sqlite1]
db=/var/log/ulogd/ulogd.db
table=ulog