| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the PCAP output plugin uses ip.totlen to determine both the
"len" and "caplen" pcap header fields, as well as the amount of packet
data written to the file. There are two issues with this:
- For obvious reasons it doesn't work for IPv6.
- AFAICT, in case of an incompletely captured packet (--nflog-range)
it will attempt to write out the whole packet, not just the part
captured.
This patch changes the behavior to:
- Use raw.pktlen to set the "caplen" field, and the amount of data
written.
- Determine the "len" (original length) field from ip.totlen or
ip6.payload_len if possible, default to the same value as "caplen"
otherwise.
Signed-off-by: Jan Andres <jandres@gmx.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
This patch removes the IPFIX from the Makefile. Thus, we keep
it in the tree in the hope that we'll have time to finish it
in the future but don't compile it. This confuses users since
they think that it works.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
| |
This patch adds an infix to the XML file to avoid problems if we are
logging packets and flows at the same time. Thus, we create two
different XML files whose filename describes the sort of logging
information that it contains. It is also useful when listing files
at a quick sight.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
This feature is useful for log-rotation.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
This patch adds XML that allows to log information in XML for
ulogd2. It supports packet and flow-based accounting.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
This patch fixes a crash if the output file was not correctly opened.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
This patch is a preliminary fix for the yet-unfinished IPFIX
support. This patch resolves a couple of bugs that made ulogd
crash and a couple of missing symbols that didn't allow to
use this plugin in the configuration file.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
This patch affect type and flag to PCAP input key.
|
|
|
|
|
| |
This patch fixes autotools warning about deprecated usage of INCLUDES in
Makefile.am.
|
|
|
|
|
|
|
| |
The modules are pretty much bound to ulogd, and it does not seem
to make sense to specially version these.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
|
|
|
|
|
|
|
|
| |
This patch allows to connect to the server using the local (unix) socket,
thus not using a network socket and SSL encryption.
Local connection is used if host parameter is omitted or empty.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
|
|
|
|
|
|
|
| |
Some databases (e.g Oracle) return column name in uppercase, while
key name is in lowercase. This patch allows to match keys correctly.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
|
|
|
|
|
|
|
|
|
| |
This patch cleans up the current key assignation by introducing a
set of functions ukey_* to set the key value as Eric Leblond and
we discussed during the latest Netfilter Workshop. This patch is
based on an idea from Holger Eitzenberger.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
| |
libdbi implements a database-independent abstraction layer in C, similar to
the DBI/DBD layer in Perl.
This module brings support for all database types supported by libdbi.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
| |
Fix gcc warning related to the lack of parenthesis.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
This patch adds parenthesis around an expression to avoid confusion
between order preference of && and || operators.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
| |
This patch cast to (char *) some (void *) to avoid a gcc warning in
string format parsing.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org
|
|
|
|
|
|
|
|
| |
This patch adds a stop function to the module which closes the
connection to the log system.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
This patch fixes some gcc warnings:
* Unused variables
* Functions with wrong return (or without return)
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
| |
IPFIX needs some huge work. This patch fixes some basic logic errors.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
| |
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
| |
This patch modifies plugins to use the already defined but not used
define. This also fixes some weird behaviours in error treatment (like
not stopping after OOM).
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
| |
This patch introduces a explicit list of input keys and obtains IPv6
compliance by using IP2STR output as input for IP address.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
| |
This patch fixes the type of some fields in the SQL schema to sync
with datatype of the corresponding ulogd2 keys.
|
|
|
|
|
| |
Change from procedure to function in mysql schema adds the need to free MySQL
result after request.
|
|
|
|
| |
Mark ID as inactive (sequence in pg schema)
|
|
|
|
| |
Fix incorrect options for PGsql module.
|
|
|
|
| |
MySQL client library does not reconnect automatically since 5.0.
|
|
|
|
|
| |
Display filename in the other error case.
Based on Marius Tomaschewski work.
|
|
|
|
|
| |
Changed to show pcap file name when open failed.
Based on Marius Tomaschewski work.
|
|
|
|
|
| |
Add some missing line break.
Based on Marius Tomaschewski work.
|
|
|
|
|
| |
For OPRINT, changed sighup_handler_print to fallback to continue using old descriptor on new file opening failure.
Based on Marius Tomaschewski work.
|
|
|
|
|
|
| |
Changed sighup_handler_print to fallback to continue using old descriptor on new file opening failure.
This patch is a backport of Marius Tomaschewski <mt@suse.de> work on ulogd.
|
|
|
|
| |
Add NACCT output plugin
|
|
|
|
|
|
|
|
|
| |
This patch stores the converted values from the configuration file
into the syslog instance structure.
Otherwise configuration parameters are senseless and only the
default values will be used.
Signed-off-by: Peter Warasin <peter@endian.com>
|
|
|
|
| |
output is compatible with the SYSLOG and LOGEMU plugins. (Philip Craig)
|
|
|
|
|
| |
a separate PRINTPKT plugin. This reduces code duplication, and also
makes the SYSLOG and LOGEMU plugins more general. (Philip Craig)
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
directly into db plugins
|
| |
|
| |
|
| |
|