| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Pcap file variable was not quoted. This was confusing
as the correct file was not open if the user did
uncomment the variable.
Signed-off-by: Eric Leblond <eric@regit.org>
|
| |
|
|
|
|
|
|
|
| |
This patch adds a configuration variable for PostgreSQL output.
Named connstring it stores the character string that will be
used to connect to the PostgreSQL server. This allows the user
to use all options available like TLS parameters for example.
Signed-off-by: Eric Leblond <eric@regit.org>
|
| |
|
|
|
|
|
|
|
|
| |
This patch improves latest patch by splitting in two part the pid
file creation. This allows to display a message to stdout when
ulogd can not be started. Another linked improvement is that the
plugin initialization is not done if the pid file existence will
result in a ulogd exit.
Signed-off-by: Eric Leblond <eric@regit.org>
|
| |
|
|
|
|
|
|
| |
The deamon currently does not have the ability to write a PID file to track its
process ID. This is very useful to an init script and to ensure there is only
one running instance. This patch implements this functionality.
Signed-off-by: Chris Boot <bootc@bootc.net>
|
| |
|
|
|
|
|
|
| |
The daemon code currently tries to nice(-1) just after having given up root
privileges, which fails. This patch moves the nice(-1) call to just before
the code that gives up the required privileges.
Signed-off-by: Chris Boot <bootc@bootc.net>
|
| |
|
|
|
|
| |
In case nfacct is not enabled in ulogd2, libmnl is not used. So it shouldn't
be a hard global dependency, but instead only a dependency in case nfacct is
enabled.
|
| | |
|
| |
|
|
|
|
|
| |
The handling of signal when using threads can be complicated. When
ring buffer is used for query, this means ulogd will have to follow
some sort of mutex. Thus, it is easier and better performance wise
to disable the reload via SIGHUP when the ring buffer is used.
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch adds an optional ring buffer option which modify
the way database queries are made. The main thread is only handling
kernel message reading and query formatting. The SQL request is made
in a separate dedicated thread.
The idea is to try to avoid buffer overrun by minimizing the time
requested to treat kernel message. Doing synchronous SQL request, as
it was made before was causing a delay which could cause some messages
to be lost in case of burst from kernel side.
|
| |
|
|
|
| |
Use an offset approach to get the start of values printing area. It
is more generic and will be use soon.
|
| |
|
|
|
| |
The field is currently only used in a single function as a string
pointer and can thus be removed from the db instance structure.
|
| |
|
|
|
|
|
| |
This patch is adding a mechanism to store query in a backlog build
in memory. This allow to store events during downtime in memory and
realize the effective insertion when the database comes back.
A memory cap is used to avoid any memory flooding.
|
| |
|
|
| |
Nullify sqlite3 handler at deinit.
|
| |
|
|
| |
Nullify mysql handler at deinit.
|
| |
|
|
| |
Clean postgresql handler at deinit.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ulogd has automagic deps for several output plugins right now, namely dbi,
pcap and sqlite3. These plugins are built if the appropriate libs are present
on user's system. While this situation is fine with binary distros it is not OK
on source-based ones such as Gentoo.
The problem arises when such a program links against libs without user's
request and libs are later removed from system which leaves program in a
broken state.
This patch is modifying configure.ac which we apply in our package and which
fixes mentioned issue. It adds 3 new configure options: --
without-{dbi,pcap.sqlite}. I would like to emphasize that this patch doesn't
change default behaviour of configure script at all, so all other distros won't
suffer. We simply add options to explicitly disable any attempts to try and
detect libs for automagic deps, which is enough to avoid unnecessary linkage.
|
| | |
|
| |
|
|
|
|
|
| |
This reverts commit 3179bd4de89de7c2388849f5bc48e8f5aad9e5b9.
Pointing to the wrong place. This is not the file descriptor
that ulogd is leaking.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Joan Touzet reported that file descriptor 3 was not ever closed
in the exit path of the parent process:
open("ulogd.conf", O_RDONLY) = 3
That corresponds to the the file descriptor that was used to
parse the configuration file was not closed.
This closes: http://bugzilla.netfilter.org/show_bug.cgi?id=793
Reported-by: Joan Touzet <joant@cloudant.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
| |
The "registering plugin" message is not really useful as the message
is really explicit if a plugin is missing.
|
| |
|
|
|
|
|
| |
If conntrack object sent by connection tracking system is containing
a timestamp we use it instead of a gettimeofday() based counter.
Signed-off-by: Eric Leblond <eric@regit.org>
|
| |
|
|
|
| |
Update release number and delete Changes file because we can use
git changelog fot that.
|
| |
|
|
| |
Get rid of ULOG only documentation and adds some new stuffs.
|
| | |
|
| | |
|
| |
|
|
|
| |
When an argument or a line is too long, it can not be store
into ulogd configuration and this must results in a error.
|
| | |
|
| |
|
|
|
| |
This patch adds a call to access to check the readability of the
configuration file.
|
| | |
|
| |
|
|
| |
Try to sync TODO with real state of the project.
|
| |
|
|
|
|
|
|
| |
It seems a cast of time_t is needed for i386 system to avoid a
crash. I've added a cast to uint64_t that should be ok on all
Linux system.
Reported-by: netfilter@openenterprise.co.uk
|
| |
|
|
| |
Recently introduced addr.h was missing from Makefile.am.
|
| | |
|
| |
|
|
|
| |
clang is complaining about missing = being a gnu extension. This
patch adds equal sign to fix the warning.
|
| | |
|
| |
|
|
|
| |
It seems Z is a libc5 only format modifier. Using standard 'z'
instead.
|
| |
|
|
| |
This patch also update some copyright and licence declaration.
|
| |
|
|
|
|
| |
This patch adds a '-l' option which can be used to setup ulogd
loglevel. Command line option has precedence on the configuration
file one.
|
| |
|
|
|
|
| |
This patch adds a flag to the config_entry structure to be able to
tune setup. First usage is to ask config parser not to update a key
if it has been already set.
|
| |
|
|
|
| |
If can be painful to have to check the logfile, so this patch adds
a '-v' option which display logs message to stderr.
|
| |
|
|
|
| |
This patch fixes a compilation warning related to a signed and
unsigned integer comparison.
|
| |
|
|
|
|
|
| |
This patch adds a new configuration variable which is used to limit
conntrack event to connection of these protocols:
For example:
accept_proto_filter=tcp,sctp
|
| |
|
|
|
|
|
| |
This patch implements two filtering options in NFCT input plugin.
If 'accept_src_filter' is set to a network it will only catch the
event where the source is that specific network. 'accept_dst_filter'
does the same for the destination.
|
| | |
|
| |
|
|
|
| |
nfctp_callback_register was called on the regular handler instead
of begin called on the newly opened handler dedicated to the dump.
|
| |
|
|
|
|
|
| |
Graphite is a web application which provide real-time visualization
and storage of numeric time-series data. This patch adds a module
named GRAPHITE which sends NFACCT accounting data to a graphite
server.
|
| | |
|
| |
|
|
|
| |
Rename internal keyname ip6.payload_len to remove "_"
to facilitate this.
|
| |
|
|
| |
Add 'schema' variable to look into corresponding schema.
|
| |
|
|
| |
Mask should be applied after ntohl conversion.
|
