summaryrefslogtreecommitdiffstats
path: root/ulogd.conf.in
blob: 6d76909b32deca80189579497575e32b58331c1a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# Example configuration for ulogd
# $Id$
# Adapted to Debian by Achilleas Kotsis <achille@debian.gr>

[global]
######################################################################
# GLOBAL OPTIONS
######################################################################


# logfile for status messages
logfile="/var/log/ulogd.log"

# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8)
loglevel=1

# socket receive buffer size (should be at least the size of the
# in-kernel buffer (ipt_ULOG.o 'nlbufsiz' parameter)
rmem=131071

# libipulog/ulogd receive buffer size, should be > rmem
bufsize=150000

######################################################################
# PLUGIN OPTIONS
######################################################################

# We have to configure and load all the plugins we want to use

# general rules:
# 1. load the plugins _first_ from the global section
# 2. options for each plugin in seperate section below


plugin="@libdir@/ulogd/ulogd_inppkt_NFLOG.so"
plugin="@libdir@/ulogd/ulogd_inpflow_NFCT.so"
plugin="@libdir@/ulogd/ulogd_filter_IFINDEX.so"
plugin="@libdir@/ulogd/ulogd_filter_IP2STR.so"
plugin="@libdir@/ulogd/ulogd_filter_IP2BIN.so"
plugin="@libdir@/ulogd/ulogd_filter_PRINTPKT.so"
plugin="@libdir@/ulogd/ulogd_filter_PRINTFLOW.so"
plugin="@libdir@/ulogd/ulogd_output_LOGEMU.so"
plugin="@libdir@/ulogd/ulogd_output_OPRINT.so"
plugin="@libdir@/ulogd/ulogd_raw2packet_BASE.so"

# this is a stack for IPv4 packet-based logging via LOGEMU
#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU

# this is a stack for IPv6 packet-based logging via LOGEMU
#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU

# this is a stack for ULOG packet-based logging via LOGEMU
#stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU

# this is a stack for flow-based logging via LOGEMU
#stack=ct1:NFCT,print1:PRINTFLOW,emu1:LOGEMU

# this is a stack for flow-based logging via OPRINT
#stack=ct1:NFCT,op1:OPRINT

# this is a stack for logging packet to MySQL
#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mysql1:MYSQL

# this is a stack for logging IPv6 packet to PGsql after a collect via NFLOG
#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,pgsql1:PGSQL

# this is a stack for flow-based logging to MySQL
#stack=ct1:NFCT,ip2bin1:IP2BIN,mysql2:MYSQL

[ct1]

# IPv4 logging through NFLOG
[log1]
# netlink multicast group (the same as the iptables --nflog-group param)
group=0

# IPv6 logging through NFLOG
[log1]
group=1 # Group has to be different from the one use in log1
addressfamily=10 # 10 is value of AF_INET6

[ulog1]
# netlink multicast group (the same as the iptables --ulog-nlgroup param)
nlgroup=1

[emu1]
file="/var/log/ulogd_syslogemu.log"
sync=1

[op1]
file="/var/log/ulogd_oprint.log"
sync=1

[mysql1]
db="nulog"
host="localhost"
user="nupik"
table="ulog"
pass="changeme"
procedure="INSERT_PACKET_FULL"

[pgsql1]
db="nulog"
host="localhost"
user="nupik"
table="ulog"
pass="changeme"
procedure="INSERT_PACKET_FULL"