| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
|
| |
|
|
|
|
|
| |
This option was left behind when the code was rewritten and is no longer
functional or useful. Remove it entirely.
Signed-off-by: Alex Xu (Hello71) <alex_y_xu@yahoo.ca>
|
| |
|
|
| |
This patch also update some copyright and licence declaration.
|
| |
|
|
|
| |
Rename internal keyname ip6.payload_len to remove "_"
to facilitate this.
|
| |
|
|
|
|
|
|
|
| |
Set timestamp default value to now() not now which is the time at
table creation.
Reported-by: Mr Dash Four <mr.dash.four@googlemail.com>
Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
This patch adds a nfacct table to the postgresql schema. It enables
the storage of all counters at each poll.
Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
Signal SIGUSR2 makes plugin ulogd_inpflow_NFCT to
* dump conntrack table
* flush counters
Signed-off-by: Björn Lässig <laessig@bitformer.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
The plugin converts the IPv4 addresses to host order for databases
like MySQL. The expected name of the table fields are ip.hsaddr,
ip.hdaddr, etc.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
| |
|
|
|
|
|
|
|
|
|
| |
MySQL stored procedures must be invoked by the "CALL" SQL command and
not by "SELECT". Add the convention that if the procedure name starts
with "CALL", then the issued SQL command is "CALL procedurename(args)".
The stored procedure support in MySQL automatically brings transaction
support too.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch removes the creation of the `daily' table. Now, we assume
that the table that we use are created before launching ulogd2.
This code is broken because you have to specify in the configuration
file that the table used is `daily', otherwise this `daily' table is
created and dropped during the daemon starting, but not used.
Moreover, the code explicit shows a message that it says:
/* FIXME make this configurable */
So, I think that this patch is the way to go :-).
This patch also documents the table creation in ulogd.sgml
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
| |
This patch adds two configuration examples for sqlite3 to log
flows and packets.
We use two tables, one for packet logging information, and
another for flow-based information.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
It seems that some version of MySQL were more delicate about comment
in procedure. THis patch fixes a problem with a procedure comment
and fix the inner code which was not using the correct variable.
|
| |
|
|
|
|
|
| |
The use of delimiter was not correct in the MySQL schema. This patch
fixes this issue my correctly switching from ";" to "$$" when needed.
Based on a patch by Bruno Friedmann <bruno@ioda-net.ch>
|
| |
|
|
|
|
| |
Create views using the ip_protocol field (and not the oob_family).
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
|
| |
|
|
|
| |
This patch documents the "procedure" option in the database
plugin configurations.
|
| |
|
|
|
| |
The oob_protocol does not fit into a smallint (IPv6 case for example).
This patch switches the length of the related field to an integer.
|
| |
|
|
|
|
|
| |
This schema is designed for performance, by putting all fields in a
single table. It should be used in combination with plain INSERT.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
|
| |
|
|
|
|
|
| |
This schema is designed for performance, by putting all fields in a
single table. It should be used in combination with plain INSERT.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
|
| |
|
|
|
|
|
| |
Constraints on TCP/UDP port number validity are useless and only slow
down insertions.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
|
| |
|
|
|
|
|
|
| |
This patch adds support for SCTP in the MySQL and PGSQL
output plugins. It adds a dedicated SCTP table and modifies
the insert_packet_full procedure.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
|
| |
This patch removes useless checkings.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
This patch adds Eric Lenblond as documentation author and
it removes a reference to the ulogd ML which is closed.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
| |
This patch updates the SGML documentation to be in sync with the latest
version of the code.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
| |
This patch fixes the `make distcheck' magic
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch adds support for logging the destination mac address and
raw header in the SQL databases.
In case of an ethernet header, a tuple (mac_saddr,mac_daddr,mac_proto)
is logged only once.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
This patch modifies the SQL schema for MySQL and PostgreSQL to store
the mac address only once (instead of duplicating the mac address for
each packet). This is done by using a shared reference to the entry
containing the tuple (mac_address,mac_protocol).
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
|
| |
|
|
| |
entries depending on the event type parameter.
|
| | |
|
| |
|
|
|
|
|
| |
can be used to determine if the packet has been dropped, rejected or accepted.
The meaning of label is completely user-defined.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
| |
connections.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
|
| |
|
|
|
|
| |
Update view_tcp_quad and view_udp_quad.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
|
| | |
|
| |
|
|
| |
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
|
| |
accross the stack NFCT IP2BIN MYSQL.In fact IP2BIN out .bin suffixed
fields.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
| |
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
|
| |
patch also removes mac_daddr which does not provide any interesting
logging information.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
|
| |
adds the capability to know where the packet has been logged and will be used
to make a link between connection and logged packets.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
| |
Add Icmpv6 support to SQL schema.
|
| | |
|
| |
|
|
|
| |
This patch fixes the type of some fields in the SQL schema to sync
with datatype of the corresponding ulogd2 keys.
|
| |
|
|
|
| |
This patch adds an state extension to SQL schema. This can be used to store
the information about the packet being dropped or accepted.
|
| |
|
|
|
| |
SQL standard says a function has to be called with SELECT and not CALL.
This patch modify code accordingly.
|
| |
|
|
| |
This patch fixes some small typo in MySQL schema.
|
| |
|
|
| |
This patch adds oob_family to the schema. Thus it is now possible to easily select IPv4 or IPv6 entries in the database. This patch also explicitly selects fields to create view.
|
| |
|
|
| |
This patch clarifies code which will be modified in next patch.
|
| |
|
|
| |
Add insert functions for the PostgreSQL version
|
| |
|
|
|
|
|
|
|
| |
This patch adds new SQL schema for MySQL and PGsql. The goal is to improve the one line per entry format. There is no more a big table with all fields because this sort of storage is causing bad performance (databases don't like to have a lot of NULL fields to store).
Main changes are :
* Add new schema for MySQL and PGsql
* Use call to configurable procedure in SQL OUTPUT modules
* Arguments of a procedure are given by the list of fields of a selected table
|
| | |
|
| | |
|
| | |
|
