From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 29 Apr 2009 14:00:07 +0000 (+0200)
Subject: Committing an experimental config for ulogd.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aad412dea877638f7dd8d87b6282e5ebddb32fe6;p=ipfire-3.x.git

Committing an experimental config for ulogd.

This was lying around here and I didn't know where to put
it that it won't get lost.
---

diff --git a/config/ulogd/ulogd.conf b/config/ulogd/ulogd.conf
index 4806009b0..a24374225 100644
--- a/config/ulogd/ulogd.conf
+++ b/config/ulogd/ulogd.conf
@@ -9,7 +9,7 @@
 logfile="/var/log/ulogd/ulogd.log"
 
 # loglevel: debug(1), info(3), notice(5), error(7) or fatal(8)
-loglevel=1
+loglevel=7
 
 ######################################################################
 # PLUGIN OPTIONS
@@ -22,7 +22,7 @@ loglevel=1
 # 2. options for each plugin in seperate section below
 
 plugin="/usr/lib/ulogd/ulogd_inppkt_NFLOG.so"
-#plugin="/usr/lib/ulogd/ulogd_inppkt_ULOG.so"
+plugin="/usr/lib/ulogd/ulogd_inppkt_ULOG.so"
 plugin="/usr/lib/ulogd/ulogd_inpflow_NFCT.so"
 plugin="/usr/lib/ulogd/ulogd_filter_IFINDEX.so"
 plugin="/usr/lib/ulogd/ulogd_filter_IP2STR.so"
@@ -31,7 +31,7 @@ plugin="/usr/lib/ulogd/ulogd_filter_PRINTPKT.so"
 plugin="/usr/lib/ulogd/ulogd_filter_HWHDR.so"
 plugin="/usr/lib/ulogd/ulogd_filter_PRINTFLOW.so"
 #plugin="/usr/lib/ulogd/ulogd_filter_MARK.so"
-#plugin="/usr/lib/ulogd/ulogd_output_LOGEMU.so"
+plugin="/usr/lib/ulogd/ulogd_output_LOGEMU.so"
 plugin="/usr/lib/ulogd/ulogd_output_SYSLOG.so"
 #plugin="/usr/lib/ulogd/ulogd_output_OPRINT.so"
 #plugin="/usr/lib/ulogd/ulogd_output_NACCT.so"
@@ -43,56 +43,16 @@ plugin="/usr/lib/ulogd/ulogd_output_SQLITE3.so"
 plugin="/usr/lib/ulogd/ulogd_raw2packet_BASE.so"
 
 # this is a stack for logging packet send by system via LOGEMU
-#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
-
-# this is a stack for packet-based logging via LOGEMU
-#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
-
-# this is a stack for ULOG packet-based logging via LOGEMU
-#stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
-
-# this is a stack for packet-based logging via LOGEMU with filtering on MARK
-#stack=log2:NFLOG,mark1:MARK,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
-
-# this is a stack for flow-based logging via LOGEMU
-#stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU
-
-# this is a stack for flow-based logging via OPRINT
-#stack=ct1:NFCT,op1:OPRINT
+stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
 
 # this is a stack for NFLOG packet-based logging to PCAP
-#stack=log2:NFLOG,base1:BASE,pcap1:PCAP
-
-# this is a stack for logging packet to MySQL
-#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL
+#stack=log1:NFLOG,base1:BASE,pcap1:PCAP
 
-# this is a stack for logging packet to PGsql after a collect via NFLOG
-#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,pgsql1:PGSQL
+# this is a stack for logging packet to sqlite
+#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,sqlite1:SQLITE3
 
 # this is a stack for logging packets to syslog after a collect via NFLOG
-#stack=log3:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG
-
-# this is a stack for flow-based logging to MySQL
-#stack=ct1:NFCT,ip2bin1:IP2BIN,mysql2:MYSQL
-
-# this is a stack for flow-based logging to PGSQL
-#stack=ct1:NFCT,ip2str1:IP2STR,pgsql2:PGSQL
-
-# this is a stack for flow-based logging to PGSQL without local hash
-#stack=ct1:NFCT,ip2str1:IP2STR,pgsql3:PGSQL
-
-
-# this is a stack for flow-based logging in NACCT compatible format
-#stack=ct1:NFCT,ip2str1:IP2STR,nacct1:NACCT
-
-[ct1]
-#netlink_socket_buffer_size=217088
-#netlink_socket_buffer_maxsize=1085440
-
-[ct2]
-#netlink_socket_buffer_size=217088
-#netlink_socket_buffer_maxsize=1085440
-hash_enable=0
+#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG
 
 # Logging of system packet through NFLOG
 [log1]
@@ -105,50 +65,15 @@ group=0
 #netlink_qthreshold=1
 # set the delay before flushing packet in the queue inside kernel (in ms)
 #netlink_qtimeout=1000
-
-# packet logging through NFLOG for group 1
-[log2]
-# netlink multicast group (the same as the iptables --nflog-group param)
-group=1 # Group has to be different from the one use in log1
-#netlink_socket_buffer_size=217088
-#netlink_socket_buffer_maxsize=1085440
-# If your kernel is older than 2.6.29 and if a NFLOG input plugin with
-# group 0 is not used by any stack, you need to have at least one NFLOG
-# input plugin with bind set to 1. If you don't do that you may not
-# receive any message from the kernel.
-#bind=1
-
-# packet logging through NFLOG for group 2, numeric_label is
-# set to 1
-[log3]
-# netlink multicast group (the same as the iptables --nflog-group param)
-group=2 # Group has to be different from the one use in log1/log2
-numeric_label=1 # you can label the log info based on the packet verdict
-#netlink_socket_buffer_size=217088
-#netlink_socket_buffer_maxsize=1085440
-#bind=1
-
-[ulog1]
-# netlink multicast group (the same as the iptables --ulog-nlgroup param)
-nlgroup=1
-#numeric_label=0 # optional argument
+bind=1
 
 [emu1]
 file="/var/log/ulogd_syslogemu.log"
 sync=1
 
-[op1]
-file="/var/log/ulogd_oprint.log"
-sync=1
-
 [pcap1]
 sync=1
 
-[sys2]
-facility=LOG_LOCAL2
-
-[nacct1]
-sync = 1
-
-[mark1]
-mark = 1
+[sqlite1]
+db=/var/log/ulogd/ulogd.db
+table=ulog