71 lines
2.2 KiB
Plaintext
71 lines
2.2 KiB
Plaintext
# Tutorial:
|
|
# https://connect.ed-diamond.com/GNU-Linux-Magazine/glmfhs-041/ulogd2-journalisation-avancee-avec-netfilter
|
|
|
|
[global]
|
|
# logfile for status messages
|
|
logfile="syslog"
|
|
# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) (default 5)
|
|
loglevel=3
|
|
|
|
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_inppkt_NFLOG.so"
|
|
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_inpflow_NFCT.so"
|
|
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_IFINDEX.so"
|
|
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_IP2STR.so"
|
|
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_IP2BIN.so"
|
|
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_PRINTPKT.so"
|
|
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_HWHDR.so"
|
|
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_PRINTFLOW.so"
|
|
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_LOGEMU.so"
|
|
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_PGSQL.so"
|
|
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_raw2packet_BASE.so"
|
|
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_JSON.so"
|
|
|
|
# System packet logging
|
|
stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
|
|
|
|
# Packet logging
|
|
stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,print1:PRINTPKT,json1:JSON
|
|
|
|
# Conntrack logging
|
|
stack=ct1:NFCT,ip2str1:IP2STR,printflow1:PRINTFLOW,json2:JSON
|
|
stack=ct1:NFCT,ip2bin1:IP2BIN,pgsql1:PGSQL
|
|
|
|
[log1]
|
|
# netlink multicast group (the same as the iptables --nflog-group param)
|
|
# Group O is used by the kernel to log connection tracking invalid message
|
|
group=0
|
|
|
|
[log2]
|
|
# Group has to be different from the one use in log1
|
|
group=1
|
|
|
|
[ct1]
|
|
# NEW = 1
|
|
# UPDATE = 2
|
|
# DESTROY = 4
|
|
event_mask=0x0000005
|
|
# If hash_enable=1 (the default), the kernel will automatically
|
|
# match NEW and DESTROY events and only report DESTROY events.
|
|
hash_enable=0
|
|
# reliable=1 # enable reliable flow-based logging (may drop packets)
|
|
|
|
[emu1]
|
|
file="/var/log/ulog/kernel.log"
|
|
sync=1
|
|
|
|
[json1]
|
|
sync=1
|
|
file="/var/log/ulog/ulogd.json"
|
|
|
|
[json2]
|
|
sync=1
|
|
file="/var/log/ulog/ct.json"
|
|
|
|
[pgsql1]
|
|
db="ulog"
|
|
host="localhost"
|
|
user="root"
|
|
table="ulog2_ct"
|
|
pass="CHANGE_ME"
|
|
procedure="INSERT_OR_REPLACE_CT"
|
|
connstring="dbname=ulog user=root password=CHANGE_ME" |