| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
This patch adds XML that allows to log information in XML for
ulogd2. It supports packet and flow-based accounting.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds support for poll-based logging. Basically,
ulogd polls from the kernel periodically to log entries. You
can use the `pollinterval' option in the configuration file to
set the polling period.
This patch changes the current behaviour of `pollinterval'
that allowed to mix both the event-driven logging with
polling periodically from the kernel. I have tried to look
for anyone in google (and asking Eric Leblond) using this
feature but I found noone.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
This patch adds `netlink_resync_timeout' that allows you to set
the number of seconds that we wait to perform a resynchronization
due to a netlink overrun. This patch changes the default timeout
from 2 to 60 seconds (less agressive).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
| |
Timeout unit is 10ms and not 1ms. This patch fixes an invalid comment
in the configuration file.
|
|
|
|
|
| |
This patch adds support for setting NFLOG threshold and timeout
from ulogd.
|
|
|
|
|
| |
This patch replaces all MAC2STR occurences by HWHDR to sync with the
renaming of the plugin.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch updates the behaviour of the NFLOG input plugin to fix an
issue related to kernel older than 2.6.29. The call to nflog_bind_pf()
that can be necessary to receive packet from the nfnetlink_log was only
done if the used group was 0 (system logging). This is logic for the
newest kernel (NFLOG really sends message to nfnetlink_log and not to
the nf_log logger). But this is unsufficient for older one. By forcing
the binding with the new configuration variable bind, it is now possible
to trigger the binding from the ulogd2 configuration file. This gives
users a way to be sure that ulogd will receive packets if the NFLOG
input plugin is used.
|
|
|
|
|
|
|
|
| |
Document the fact that group 0 is used by system logging and
update stack and plugin definition to match the suppression
of the address_family variable.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
|
|
| |
libdbi implements a database-independent abstraction layer in C, similar to
the DBI/DBD layer in Perl.
This module brings support for all database types supported by libdbi.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
| |
MAC2STR has been renamed to HWHDR.
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
|
|
|
| |
'rmem' and 'bufsize' global variables are unherited from ulogd1
and are not used anymore. This patch suppresses them from the
example configuration file.
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
| |
Add stack example for MARK and update some wrong stacks.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
| |
|
|
|
|
|
|
|
|
| |
This patch improves the overrun handling. The NFLOG plugin duplicates the
netlink buffer size if the size does not goes after the upper boundary.
This patch also introduces two new clauses, the netlink_socket_buffer_size
and netlink_socket_buffer_maxsize that set the size of the netlink socket
buffer.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch improves the overrun handling. The logic behind this patch
consists of two steps:
1) duplicate the netlink buffer size if the size does not goes after the
upper boundary.
2) scheduling a resynchronization (in two seconds) with the kernel conntrack
table if we hit ENOBUFS. During the resynchronization, the NFCT plugin dumps
the current table and purges the objects that do not exist anymore.
This patch also introduces two new clauses, the netlink_socket_buffer_size
and netlink_socket_buffer_maxsize that set the size of the netlink socket
buffer.
|
|
|
|
|
|
|
| |
can be used to determine if the packet has been dropped, rejected or accepted.
The meaning of label is completely user-defined.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
| |
Signed-off-by: Anton Vazir <anton.vazir@gmail.com>
|
|
|
|
|
|
| |
some stack to take my latest patches into account.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
loading and stack example.
Signed-off-by: Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
| |
nflog out to LOGEMU and SYSLOG. It also fixes a config bug with ipv6 (log2)
Signed-off-by: Peter Warasin <peter@endian.com>
|
|
|
|
| |
Document the difference between IPv4 and IPv6 logging.
|
|
|
|
|
|
| |
This patch adds some examples of stack to the configuration file.
It also fixes some comments to avoid confusion. IP2BIN has been
added to the list of loaded modules.
|
|
|
|
|
| |
- This patch suppress key relative to IPv6 address because IPv4 and IPv6 can be stored in the same key.
- Add missing IP2STR line to ulogd.conf.in
|
|
|
|
|
|
|
|
|
| |
This patch adds new SQL schema for MySQL and PGsql. The goal is to improve the one line per entry format. There is no more a big table with all fields because this sort of storage is causing bad performance (databases don't like to have a lot of NULL fields to store).
Main changes are :
* Add new schema for MySQL and PGsql
* Use call to configurable procedure in SQL OUTPUT modules
* Arguments of a procedure are given by the list of fields of a selected table
|
|
|
|
|
|
|
| |
The ULOG input plugin of ulogd2 was not working. This patch fixes this
and cleans the code via introduction of an enum.
Eric Leblond <eric@inl.fr>
|
|
|
|
|
|
|
| |
- add a call to autoheader which is needed to compile ulogd2 from subversion.
- add a warning message to ulogd2 when it exits on error. It simply tell to look at the configuration file.
- add an empty section which is needed to have NFCT logging
working.
|
|
|
|
| |
output is compatible with the SYSLOG and LOGEMU plugins. (Philip Craig)
|
|
|
|
|
| |
a separate PRINTPKT plugin. This reduces code duplication, and also
makes the SYSLOG and LOGEMU plugins more general. (Philip Craig)
|
| |
|
| |
|
| |
|
|
|
|
| |
(rmem config file entry)
|
|
configure.. (Magnus Boden)
|