Committing an experimental config for ulogd.

author Michael Tremer <michael.tremer@ipfire.org>

Wed, 29 Apr 2009 14:00:07 +0000 (16:00 +0200)

committer Michael Tremer <michael.tremer@ipfire.org>

Wed, 29 Apr 2009 14:00:07 +0000 (16:00 +0200)
author Michael Tremer <michael.tremer@ipfire.org>
Wed, 29 Apr 2009 14:00:07 +0000 (16:00 +0200)
committer Michael Tremer <michael.tremer@ipfire.org>
Wed, 29 Apr 2009 14:00:07 +0000 (16:00 +0200)
diff --git a/config/ulogd/ulogd.conf b/config/ulogd/ulogd.conf

index 4806009b03980efa016978d741a3513f118bb62f..a243742252edaa0f48f6fe2fc22fc7c36f428a45 100644 (file)
--- a/config/ulogd/ulogd.conf
+++ b/config/ulogd/ulogd.conf
@@ -9,7 +9,7 @@
  logfile="/var/log/ulogd/ulogd.log"
  
  # loglevel: debug(1), info(3), notice(5), error(7) or fatal(8)
-loglevel=1
+loglevel=7
  
  ######################################################################
  # PLUGIN OPTIONS
@@ -22,7 +22,7 @@ loglevel=1
  # 2. options for each plugin in seperate section below
  
  plugin="/usr/lib/ulogd/ulogd_inppkt_NFLOG.so"
-#plugin="/usr/lib/ulogd/ulogd_inppkt_ULOG.so"
+plugin="/usr/lib/ulogd/ulogd_inppkt_ULOG.so"
  plugin="/usr/lib/ulogd/ulogd_inpflow_NFCT.so"
  plugin="/usr/lib/ulogd/ulogd_filter_IFINDEX.so"
  plugin="/usr/lib/ulogd/ulogd_filter_IP2STR.so"
@@ -31,7 +31,7 @@ plugin="/usr/lib/ulogd/ulogd_filter_PRINTPKT.so"
  plugin="/usr/lib/ulogd/ulogd_filter_HWHDR.so"
  plugin="/usr/lib/ulogd/ulogd_filter_PRINTFLOW.so"
  #plugin="/usr/lib/ulogd/ulogd_filter_MARK.so"
-#plugin="/usr/lib/ulogd/ulogd_output_LOGEMU.so"
+plugin="/usr/lib/ulogd/ulogd_output_LOGEMU.so"
  plugin="/usr/lib/ulogd/ulogd_output_SYSLOG.so"
  #plugin="/usr/lib/ulogd/ulogd_output_OPRINT.so"
  #plugin="/usr/lib/ulogd/ulogd_output_NACCT.so"
@@ -43,56 +43,16 @@ plugin="/usr/lib/ulogd/ulogd_output_SQLITE3.so"
  plugin="/usr/lib/ulogd/ulogd_raw2packet_BASE.so"
  
  # this is a stack for logging packet send by system via LOGEMU
-#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
-
-# this is a stack for packet-based logging via LOGEMU
-#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
-
-# this is a stack for ULOG packet-based logging via LOGEMU
-#stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
-
-# this is a stack for packet-based logging via LOGEMU with filtering on MARK
-#stack=log2:NFLOG,mark1:MARK,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
-
-# this is a stack for flow-based logging via LOGEMU
-#stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU
-
-# this is a stack for flow-based logging via OPRINT
-#stack=ct1:NFCT,op1:OPRINT
+stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
  
  # this is a stack for NFLOG packet-based logging to PCAP
-#stack=log2:NFLOG,base1:BASE,pcap1:PCAP
-
-# this is a stack for logging packet to MySQL
-#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL
+#stack=log1:NFLOG,base1:BASE,pcap1:PCAP
  
-# this is a stack for logging packet to PGsql after a collect via NFLOG
-#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,pgsql1:PGSQL
+# this is a stack for logging packet to sqlite
+#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,sqlite1:SQLITE3
  
  # this is a stack for logging packets to syslog after a collect via NFLOG
-#stack=log3:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG
-
-# this is a stack for flow-based logging to MySQL
-#stack=ct1:NFCT,ip2bin1:IP2BIN,mysql2:MYSQL
-
-# this is a stack for flow-based logging to PGSQL
-#stack=ct1:NFCT,ip2str1:IP2STR,pgsql2:PGSQL
-
-# this is a stack for flow-based logging to PGSQL without local hash
-#stack=ct1:NFCT,ip2str1:IP2STR,pgsql3:PGSQL
-
-
-# this is a stack for flow-based logging in NACCT compatible format
-#stack=ct1:NFCT,ip2str1:IP2STR,nacct1:NACCT
-
-[ct1]
-#netlink_socket_buffer_size=217088
-#netlink_socket_buffer_maxsize=1085440
-
-[ct2]
-#netlink_socket_buffer_size=217088
-#netlink_socket_buffer_maxsize=1085440
-hash_enable=0
+#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG
  
  # Logging of system packet through NFLOG
  [log1]
@@ -105,50 +65,15 @@ group=0
  #netlink_qthreshold=1
  # set the delay before flushing packet in the queue inside kernel (in ms)
  #netlink_qtimeout=1000
-
-# packet logging through NFLOG for group 1
-[log2]
-# netlink multicast group (the same as the iptables --nflog-group param)
-group=1 # Group has to be different from the one use in log1
-#netlink_socket_buffer_size=217088
-#netlink_socket_buffer_maxsize=1085440
-# If your kernel is older than 2.6.29 and if a NFLOG input plugin with
-# group 0 is not used by any stack, you need to have at least one NFLOG
-# input plugin with bind set to 1. If you don't do that you may not
-# receive any message from the kernel.
-#bind=1
-
-# packet logging through NFLOG for group 2, numeric_label is
-# set to 1
-[log3]
-# netlink multicast group (the same as the iptables --nflog-group param)
-group=2 # Group has to be different from the one use in log1/log2
-numeric_label=1 # you can label the log info based on the packet verdict
-#netlink_socket_buffer_size=217088
-#netlink_socket_buffer_maxsize=1085440
-#bind=1
-
-[ulog1]
-# netlink multicast group (the same as the iptables --ulog-nlgroup param)
-nlgroup=1
-#numeric_label=0 # optional argument
+bind=1
  
  [emu1]
  file="/var/log/ulogd_syslogemu.log"
  sync=1
  
-[op1]
-file="/var/log/ulogd_oprint.log"
-sync=1
-
  [pcap1]
  sync=1
  
-[sys2]
-facility=LOG_LOCAL2
-
-[nacct1]
-sync = 1
-
-[mark1]
-mark = 1
+[sqlite1]
+db=/var/log/ulogd/ulogd.db
+table=ulog
author	Michael Tremer <michael.tremer@ipfire.org>
	Wed, 29 Apr 2009 14:00:07 +0000 (16:00 +0200)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Wed, 29 Apr 2009 14:00:07 +0000 (16:00 +0200)