diff options
| author | Eric Leblond <eric@regit.org> | 2014-01-26 17:05:29 +0100 |
|---|---|---|
| committer | Eric Leblond <eric@regit.org> | 2014-01-28 23:12:14 +0100 |
| commit | e0ae1870e5b15138c12071d9d96522a2720bf44a (patch) | |
| tree | a77a48efc8cb9b069186736db9369931d19e429d /ulogd.conf.in | |
| parent | 0d213c1f1de63a016bcd730106e3aea83439c388 (diff) | |
json: introduce new JSON output plugin
This patch introduces a new JSON output plugin. This
patch displays CIM field name instead of ulogd key valu
if this CIM field is available.
The module does not display binary address but uses the
string version of them. So a complete stack is for example:
stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,json1:JSON
If boolean_label is set to 1, then the numeric_label put on packet
by the input plugin is coding the decision on packet. If 0, then
packet has been blocked and if non null it has been accepted.
Diffstat (limited to 'ulogd.conf.in')
| -rw-r--r-- | ulogd.conf.in | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/ulogd.conf.in b/ulogd.conf.in index 0f9df7b..8893175 100644 --- a/ulogd.conf.in +++ b/ulogd.conf.in @@ -49,6 +49,7 @@ plugin="@pkglibdir@/ulogd_output_GPRINT.so" plugin="@pkglibdir@/ulogd_raw2packet_BASE.so" plugin="@pkglibdir@/ulogd_inpflow_NFACCT.so" plugin="@pkglibdir@/ulogd_output_GRAPHITE.so" +#plugin="@pkglibdir@/ulogd_output_JSON.so" # this is a stack for logging packet send by system via LOGEMU #stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU @@ -92,6 +93,9 @@ plugin="@pkglibdir@/ulogd_output_GRAPHITE.so" # this is a stack for logging packet to PGsql after a collect via NFLOG #stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,pgsql1:PGSQL +# this is a stack for logging packet to JSON formatted file after a collect via NFLOG +#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,json1:JSON + # this is a stack for logging packets to syslog after a collect via NFLOG #stack=log3:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG @@ -195,6 +199,17 @@ timestamp=1 directory="/var/log/" sync=1 +[json1] +sync=1 +#file="/var/log/ulogd.json" +#timestamp=0 +# device name to be used in JSON message +#device="My awesome Netfilter firewall" +# If boolean_label is set to 1 then the numeric_label put on packet +# by the input plugin is coding the action on packet: if 0, then +# packet has been blocked and if non null it has been accepted. +#boolean_label=1 + [pcap1] #default file is /var/log/ulogd.pcap #file="/var/log/ulogd.pcap" |