path: root/
Commit message (Collapse)AuthorAgeFilesLines
* output: add new plugin XML to output logs in XMLPablo Neira Ayuso2010-06-171-0/+11
| | | | | | | This patch adds XML that allows to log information in XML for ulogd2. It supports packet and flow-based accounting. Signed-off-by: Pablo Neira Ayuso <>
* NFCT: change `pollinterval' behaviourPablo Neira Ayuso2010-01-171-0/+1
| | | | | | | | | | | | | | | This patch adds support for poll-based logging. Basically, ulogd polls from the kernel periodically to log entries. You can use the `pollinterval' option in the configuration file to set the polling period. This patch changes the current behaviour of `pollinterval' that allowed to mix both the event-driven logging with polling periodically from the kernel. I have tried to look for anyone in google (and asking Eric Leblond) using this feature but I found noone. Signed-off-by: Pablo Neira Ayuso <>
* NFCT: add configurable option to set the value of the resynchronization timerPablo Neira Ayuso2009-07-221-0/+1
| | | | | | | | | This patch adds `netlink_resync_timeout' that allows you to set the number of seconds that we wait to perform a resynchronization due to a netlink overrun. This patch changes the default timeout from 2 to 60 seconds (less agressive). Signed-off-by: Pablo Neira Ayuso <>
* nflog: adjust unit which was inaccurate.Eric Leblond2009-03-061-2/+2
| | | | | Timeout unit is 10ms and not 1ms. This patch fixes an invalid comment in the configuration file.
* Add threshold and timeout option to NFLOG plugin.Eric Leblond2009-01-291-0/+4
| | | | | This patch adds support for setting NFLOG threshold and timeout from ulogd.
* fix config file: MAC2STR has been renamed to HWHDR.Eric Leblond2009-01-131-2/+2
| | | | | This patch replaces all MAC2STR occurences by HWHDR to sync with the renaming of the plugin.
* Add variable to force binding of nfnetlink_log.Eric Leblond2009-01-051-0/+6
| | | | | | | | | | | | | This patch updates the behaviour of the NFLOG input plugin to fix an issue related to kernel older than 2.6.29. The call to nflog_bind_pf() that can be necessary to receive packet from the nfnetlink_log was only done if the used group was 0 (system logging). This is logic for the newest kernel (NFLOG really sends message to nfnetlink_log and not to the nf_log logger). But this is unsufficient for older one. By forcing the binding with the new configuration variable bind, it is now possible to trigger the binding from the ulogd2 configuration file. This gives users a way to be sure that ulogd will receive packets if the NFLOG input plugin is used.
* Document group 0 usage and suppress address_familyEric Leblond2008-12-091-17/+20
| | | | | | | | Document the fact that group 0 is used by system logging and update stack and plugin definition to match the suppression of the address_family variable. Signed-off-by: Eric Leblond <>
* Add new output plugin DBIPierre Chifflier2008-12-091-0/+10
| | | | | | | | | libdbi implements a database-independent abstraction layer in C, similar to the DBI/DBD layer in Perl. This module brings support for all database types supported by libdbi. Signed-off-by: Pierre Chifflier <> Signed-off-by: Eric Leblond <>
* hwhdr: finish missing renamingPierre Chifflier2008-10-201-1/+1
| | | | | | | MAC2STR has been renamed to HWHDR. Signed-off-by: Pierre Chifflier <> Signed-off-by: Pablo Neira Ayuso <>
* config: remove obsolete global variablesEric Leblond2008-09-121-7/+0
| | | | | | | | | 'rmem' and 'bufsize' global variables are unherited from ulogd1 and are not used anymore. This patch suppresses them from the example configuration file. Signed-off-by: Eric Leblond <> Signed-off-by: Pablo Neira Ayuso <>
* Update configfile for MARK moduleEric Leblond2008-06-121-1/+8
| | | | | | Add stack example for MARK and update some wrong stacks. Signed-off-by: Eric Leblond <>
* adds some examples to the configuration fileEric Leblond2008-06-021-0/+36
* improve overrun handling NFLOGPablo Neira Ayuso2008-06-021-0/+2
| | | | | | | | This patch improves the overrun handling. The NFLOG plugin duplicates the netlink buffer size if the size does not goes after the upper boundary. This patch also introduces two new clauses, the netlink_socket_buffer_size and netlink_socket_buffer_maxsize that set the size of the netlink socket buffer.
* improve netlink overrun handling of NFCTPablo Neira Ayuso2008-06-021-0/+2
| | | | | | | | | | | | | | | This patch improves the overrun handling. The logic behind this patch consists of two steps: 1) duplicate the netlink buffer size if the size does not goes after the upper boundary. 2) scheduling a resynchronization (in two seconds) with the kernel conntrack table if we hit ENOBUFS. During the resynchronization, the NFCT plugin dumps the current table and purges the objects that do not exist anymore. This patch also introduces two new clauses, the netlink_socket_buffer_size and netlink_socket_buffer_maxsize that set the size of the netlink socket buffer.
* This patchset adds support for the "numeric_label" option. For instance, it/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-291-0/+2
| | | | | | | can be used to determine if the packet has been dropped, rejected or accepted. The meaning of label is completely user-defined. Signed-off-by: Eric Leblond <>
* example for logging IPv6 packet to PGsql after a collect via NFLOG/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-131-1/+2
| | | | Signed-off-by: Anton Vazir <>
* This patch adds some example to the default configuration file. It modify/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-04-091-2/+9
| | | | | | some stack to take my latest patches into account. Signed-off-by: Eric Leblond <>
* This patch updates included configuration file example by adding some plugins/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-03-261-0/+11
| | | | | | loading and stack example. Signed-off-by: Eric Leblond <>
* This patch adds a sample configuration for logging with ebtables through ↵/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-191-1/+15
| | | | | | nflog out to LOGEMU and SYSLOG. It also fixes a config bug with ipv6 (log2) Signed-off-by: Peter Warasin <>
* Eric Leblond <>:/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-101-4/+13
| | | | Document the difference between IPv4 and IPv6 logging.
* From: Eric Leblond <>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-091-9/+21
| | | | | | This patch adds some examples of stack to the configuration file. It also fixes some comments to avoid confusion. IP2BIN has been added to the list of loaded modules.
* From: Eric leblond <>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-031-1/+9
| | | | | - This patch suppress key relative to IPv6 address because IPv4 and IPv6 can be stored in the same key. - Add missing IP2STR line to
* From: Eric leblond <>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-02-031-0/+7
| | | | | | | | | This patch adds new SQL schema for MySQL and PGsql. The goal is to improve the one line per entry format. There is no more a big table with all fields because this sort of storage is causing bad performance (databases don't like to have a lot of NULL fields to store). Main changes are : * Add new schema for MySQL and PGsql * Use call to configurable procedure in SQL OUTPUT modules * Arguments of a procedure are given by the list of fields of a selected table
* [PATCH]: ulogd2: fix ULOG input plugin/C=EU/ST=EU/CN=Patrick McHardy/emailAddress=kaber@trash.net2008-01-041-0/+6
| | | | | | | The ULOG input plugin of ulogd2 was not working. This patch fixes this and cleans the code via introduction of an enum. Eric Leblond <>
* Eric Leblond <>/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org2008-01-031-0/+2
| | | | | | | - add a call to autoheader which is needed to compile ulogd2 from subversion. - add a warning message to ulogd2 when it exits on error. It simply tell to look at the configuration file. - add an empty section which is needed to have NFCT logging working.
* Add a printflow plugin is similar to the PRINTPKT plugin, but for flows. It's/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-05-231-0/+4
| | | | output is compatible with the SYSLOG and LOGEMU plugins. (Philip Craig)
* Move the printpkt functionality out of SYSLOG and LOGEMU, and into/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge@netfilter.org2006-05-231-1/+2
| | | | | a separate PRINTPKT plugin. This reduces code duplication, and also makes the SYSLOG and LOGEMU plugins more general. (Philip Craig)
* it's now called "group" parameter, not nlgrouplaforge2005-11-241-1/+1
* distribute a reasonable config file templatelaforge2005-11-051-36/+20
* new configuration file syntax (Magnus Boden)laforge2003-09-281-51/+37
* add support for setting of SO_RCVBUF socket option to libipulog and ulogd ↵laforge2003-05-041-3/+6
| | | | (rmem config file entry)
* This patch fixes so the pathes in ulogd.conf matches what you gave tolaforge2003-04-271-0/+86
configure.. (Magnus Boden)