From: Frank Brehm Date: Sun, 17 May 2020 09:57:50 +0000 (+0200) Subject: committing changes in /etc after apt run X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=27b08184bd1885b60368016ece4c61f6588a22c7;p=config%2Fbruni%2Fetc-mint-new1.git committing changes in /etc after apt run Package changes: +libnetfilter-acct1 1.0.3-1 amd64 +libnetfilter-log1 1.0.1-1.1 amd64 +ulogd2 2.0.5-5 amd64 +ulogd2-json 2.0.5-5 amd64 +ulogd2-mysql 2.0.5-5 amd64 +ulogd2-pcap 2.0.5-5 amd64 +ulogd2-pgsql 2.0.5-5 amd64 +ulogd2-sqlite3 2.0.5-5 amd64 +wireshark 2.6.10-1~ubuntu18.04.0 amd64 +wireshark-qt 2.6.10-1~ubuntu18.04.0 amd64 --- diff --git a/.etckeeper b/.etckeeper index 86e11b0..19fbb29 100755 --- a/.etckeeper +++ b/.etckeeper @@ -1978,6 +1978,7 @@ maybe chmod 0755 'init.d/speech-dispatcher' maybe chmod 0755 'init.d/ssh' maybe chmod 0755 'init.d/udev' maybe chmod 0755 'init.d/ufw' +maybe chmod 0755 'init.d/ulogd2' maybe chmod 0755 'init.d/uuidd' maybe chmod 0755 'init.d/virtlogd' maybe chmod 0755 'init.d/winbind' @@ -1987,6 +1988,7 @@ maybe chmod 0644 'init/lightdm.conf' maybe chmod 0644 'init/portmap-wait.conf' maybe chmod 0644 'init/rpcbind-boot.conf' maybe chmod 0644 'init/rpcbind.conf' +maybe chmod 0644 'init/ulogd2.conf' maybe chmod 0755 'initramfs-tools' maybe chmod 0755 'initramfs-tools/conf.d' maybe chmod 0755 'initramfs-tools/hooks' @@ -2232,6 +2234,7 @@ maybe chmod 0644 'logrotate.d/rsyslog' maybe chmod 0644 'logrotate.d/samba' maybe chmod 0644 'logrotate.d/speech-dispatcher' maybe chmod 0644 'logrotate.d/ufw' +maybe chmod 0644 'logrotate.d/ulogd2' maybe chmod 0644 'logrotate.d/winbind' maybe chmod 0644 'logrotate.d/wtmp' maybe chmod 0644 'lsb-release' @@ -2936,6 +2939,7 @@ maybe chmod 0644 'ufw/sysctl.conf' maybe chmod 0644 'ufw/ufw.conf' maybe chmod 0640 'ufw/user.rules' maybe chmod 0640 'ufw/user6.rules' +maybe chmod 0600 'ulogd.conf' maybe chmod 0755 'update-manager' maybe chmod 0644 'update-manager/meta-release' maybe chmod 0644 'update-manager/release-upgrades' diff --git a/group b/group index ad8b824..f9e8e0a 100644 --- a/group +++ b/group @@ -82,3 +82,4 @@ stapdev:x:140: stapusr:x:141: stapsys:x:142: wireshark:x:143: +ulog:x:144: diff --git a/group- b/group- index d0eacc4..ad8b824 100644 --- a/group- +++ b/group- @@ -81,3 +81,4 @@ winbindd_priv:x:139: stapdev:x:140: stapusr:x:141: stapsys:x:142: +wireshark:x:143: diff --git a/gshadow b/gshadow index 8081d48..8611f45 100644 --- a/gshadow +++ b/gshadow @@ -82,3 +82,4 @@ stapdev:!:: stapusr:!:: stapsys:!:: wireshark:!:: +ulog:!:: diff --git a/gshadow- b/gshadow- index fbe4aee..8081d48 100644 --- a/gshadow- +++ b/gshadow- @@ -81,3 +81,4 @@ winbindd_priv:!:: stapdev:!:: stapusr:!:: stapsys:!:: +wireshark:!:: diff --git a/init.d/ulogd2 b/init.d/ulogd2 new file mode 100755 index 0000000..2a759e3 --- /dev/null +++ b/init.d/ulogd2 @@ -0,0 +1,131 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: ulogd2 ulogd +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Starts ulogd2 +# Description: Starts the netfilter userspace log daemon +### END INIT INFO + +# Author: Chris Boot + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="netfilter userspace log daemon" +NAME=ulogd +DAEMON=/usr/sbin/$NAME +DAEMON_USER=ulog +PIDDIR=/run/ulog +PIDFILE=$PIDDIR/$NAME.pid +DAEMON_ARGS="--daemon --uid $DAEMON_USER --pidfile $PIDFILE" +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.2-14) to ensure that this file is present +# and status_of_proc is working. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Make sure our /run directory exists + if [ ! -d $PIDDIR ]; then + mkdir $PIDDIR + chown $DAEMON_USER: $PIDDIR + fi + + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON \ + --test > /dev/null || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ + $DAEMON_ARGS || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 \ + --pidfile $PIDFILE --name $NAME +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDFILE \ + --name $NAME + return 0 +} + +case "$1" in + start) + log_daemon_msg "Starting $DESC" "$NAME" + do_start; RET=$? + case $RET in + 0|1) log_end_msg 0; exit 0 ;; + *) log_end_msg 1; exit 1 ;; + esac + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + do_stop; RET=$? + case $RET in + 0|1) log_end_msg 0; exit 0 ;; + *) log_end_msg 1; exit 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" + ;; + reload|force-reload) + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload; RET=$? + log_end_msg $RET + exit $RET + ;; + restart) + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop; RET=$? + case $RET in + 0|1) + do_start; RET=$? + case $RET in + 0) log_end_msg 0; exit 0 ;; + 1) log_end_msg 1; exit 1 ;; # Old process is still running + *) log_end_msg 1; exit 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1; exit 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2 + exit 3 + ;; +esac + diff --git a/init/ulogd2.conf b/init/ulogd2.conf new file mode 100644 index 0000000..e0ddf04 --- /dev/null +++ b/init/ulogd2.conf @@ -0,0 +1,13 @@ +# ulogd2 - Netfilter Userspace Logging Daemon +# +# ulogd is an advanced netfilter logging daemon. + +description "Netfilter Userspace Logging Daemon" + +start on runlevel [2345] +stop on runlevel [!2345] + +expect fork +respawn + +exec /usr/sbin/ulogd --daemon --uid ulog diff --git a/logrotate.d/ulogd2 b/logrotate.d/ulogd2 new file mode 100644 index 0000000..56c691e --- /dev/null +++ b/logrotate.d/ulogd2 @@ -0,0 +1,9 @@ +/var/log/ulog/*.log /var/log/ulog/*.pcap { + missingok + compress + sharedscripts + create 640 ulog adm + postrotate + invoke-rc.d ulogd2 reload > /dev/null + endscript +} diff --git a/mailcap b/mailcap index 4dfd276..79901a3 100644 --- a/mailcap +++ b/mailcap @@ -922,6 +922,23 @@ text/x-c++; vim %s; needsterminal application/x-vnc; vinagre -F %s; test=test -n "$DISPLAY" application/x-remote-connection; vinagre %s; test=test -n "$DISPLAY" x-scheme-handler/vnc; vinagre %s; test=test -n "$DISPLAY" +application/vnd.tcpdump.pcap; wireshark %s; test=test -n "$DISPLAY" +application/x-pcapng; wireshark %s; test=test -n "$DISPLAY" +application/x-snoop; wireshark %s; test=test -n "$DISPLAY" +application/x-iptrace; wireshark %s; test=test -n "$DISPLAY" +application/x-lanalyzer; wireshark %s; test=test -n "$DISPLAY" +application/x-nettl; wireshark %s; test=test -n "$DISPLAY" +application/x-radcom; wireshark %s; test=test -n "$DISPLAY" +application/x-etherpeek; wireshark %s; test=test -n "$DISPLAY" +application/x-visualnetworks; wireshark %s; test=test -n "$DISPLAY" +application/x-netinstobserver; wireshark %s; test=test -n "$DISPLAY" +application/x-5view; wireshark %s; test=test -n "$DISPLAY" +application/x-tektronix-rf5; wireshark %s; test=test -n "$DISPLAY" +application/x-micropross-mplog; wireshark %s; test=test -n "$DISPLAY" +application/x-apple-packetlogger; wireshark %s; test=test -n "$DISPLAY" +application/x-endace-erf; wireshark %s; test=test -n "$DISPLAY" +application/ipfix; wireshark %s; test=test -n "$DISPLAY" +application/x-ixia-vwr; wireshark %s; test=test -n "$DISPLAY" text/plain; xed %s; test=test -n "$DISPLAY" application/mxf; xplayer --fullscreen %s; test=test -n "$DISPLAY" application/ogg; xplayer --fullscreen %s; test=test -n "$DISPLAY" diff --git a/passwd b/passwd index 0af34c7..a639173 100644 --- a/passwd +++ b/passwd @@ -58,3 +58,4 @@ libvirt-qemu:x:64055:133:Libvirt Qemu,,,:/var/lib/libvirt:/usr/sbin/nologin libvirt-dnsmasq:x:127:137:Libvirt Dnsmasq,,,:/var/lib/libvirt/dnsmasq:/usr/sbin/nologin mysql:x:128:138:MySQL Server,,,:/nonexistent:/bin/false statd:x:129:65534::/var/lib/nfs:/usr/sbin/nologin +ulog:x:130:144::/var/log/ulog:/bin/false diff --git a/passwd- b/passwd- index 0af34c7..a639173 100644 --- a/passwd- +++ b/passwd- @@ -58,3 +58,4 @@ libvirt-qemu:x:64055:133:Libvirt Qemu,,,:/var/lib/libvirt:/usr/sbin/nologin libvirt-dnsmasq:x:127:137:Libvirt Dnsmasq,,,:/var/lib/libvirt/dnsmasq:/usr/sbin/nologin mysql:x:128:138:MySQL Server,,,:/nonexistent:/bin/false statd:x:129:65534::/var/lib/nfs:/usr/sbin/nologin +ulog:x:130:144::/var/log/ulog:/bin/false diff --git a/rc0.d/K01ulogd2 b/rc0.d/K01ulogd2 new file mode 120000 index 0000000..aac15cc --- /dev/null +++ b/rc0.d/K01ulogd2 @@ -0,0 +1 @@ +../init.d/ulogd2 \ No newline at end of file diff --git a/rc1.d/K01ulogd2 b/rc1.d/K01ulogd2 new file mode 120000 index 0000000..aac15cc --- /dev/null +++ b/rc1.d/K01ulogd2 @@ -0,0 +1 @@ +../init.d/ulogd2 \ No newline at end of file diff --git a/rc2.d/S01ulogd2 b/rc2.d/S01ulogd2 new file mode 120000 index 0000000..aac15cc --- /dev/null +++ b/rc2.d/S01ulogd2 @@ -0,0 +1 @@ +../init.d/ulogd2 \ No newline at end of file diff --git a/rc3.d/S01ulogd2 b/rc3.d/S01ulogd2 new file mode 120000 index 0000000..aac15cc --- /dev/null +++ b/rc3.d/S01ulogd2 @@ -0,0 +1 @@ +../init.d/ulogd2 \ No newline at end of file diff --git a/rc4.d/S01ulogd2 b/rc4.d/S01ulogd2 new file mode 120000 index 0000000..aac15cc --- /dev/null +++ b/rc4.d/S01ulogd2 @@ -0,0 +1 @@ +../init.d/ulogd2 \ No newline at end of file diff --git a/rc5.d/S01ulogd2 b/rc5.d/S01ulogd2 new file mode 120000 index 0000000..aac15cc --- /dev/null +++ b/rc5.d/S01ulogd2 @@ -0,0 +1 @@ +../init.d/ulogd2 \ No newline at end of file diff --git a/rc6.d/K01ulogd2 b/rc6.d/K01ulogd2 new file mode 120000 index 0000000..aac15cc --- /dev/null +++ b/rc6.d/K01ulogd2 @@ -0,0 +1 @@ +../init.d/ulogd2 \ No newline at end of file diff --git a/shadow b/shadow index 44b51d7..c9059f9 100644 --- a/shadow +++ b/shadow @@ -58,3 +58,4 @@ libvirt-qemu:!:18385:0:99999:7::: libvirt-dnsmasq:!:18385:0:99999:7::: mysql:!:18386:0:99999:7::: statd:*:18393:0:99999:7::: +ulog:*:18399:0:99999:7::: diff --git a/shadow- b/shadow- index 44b51d7..c9059f9 100644 --- a/shadow- +++ b/shadow- @@ -58,3 +58,4 @@ libvirt-qemu:!:18385:0:99999:7::: libvirt-dnsmasq:!:18385:0:99999:7::: mysql:!:18386:0:99999:7::: statd:*:18393:0:99999:7::: +ulog:*:18399:0:99999:7::: diff --git a/systemd/system/multi-user.target.wants/ulogd2.service b/systemd/system/multi-user.target.wants/ulogd2.service new file mode 120000 index 0000000..c2b8879 --- /dev/null +++ b/systemd/system/multi-user.target.wants/ulogd2.service @@ -0,0 +1 @@ +/lib/systemd/system/ulogd2.service \ No newline at end of file diff --git a/systemd/system/ulogd.service b/systemd/system/ulogd.service new file mode 120000 index 0000000..c2b8879 --- /dev/null +++ b/systemd/system/ulogd.service @@ -0,0 +1 @@ +/lib/systemd/system/ulogd2.service \ No newline at end of file diff --git a/ulogd.conf b/ulogd.conf new file mode 100644 index 0000000..331d538 --- /dev/null +++ b/ulogd.conf @@ -0,0 +1,330 @@ +# Example configuration for ulogd +# Adapted to Debian by Achilleas Kotsis + +[global] +###################################################################### +# GLOBAL OPTIONS +###################################################################### + + +# logfile for status messages +logfile="syslog" + +# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) (default 5) +loglevel=3 + +###################################################################### +# PLUGIN OPTIONS +###################################################################### + +# We have to configure and load all the plugins we want to use + +# general rules: +# 1. load the plugins _first_ from the global section +# 2. options for each plugin in seperate section below + + +plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_inppkt_NFLOG.so" +#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_inppkt_ULOG.so" +#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_inppkt_UNIXSOCK.so" +plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_inpflow_NFCT.so" +plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_IFINDEX.so" +plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_IP2STR.so" +plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_IP2BIN.so" +#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_IP2HBIN.so" +plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_PRINTPKT.so" +plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_HWHDR.so" +plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_PRINTFLOW.so" +#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_MARK.so" +plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_LOGEMU.so" +plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_SYSLOG.so" +plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_XML.so" +#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_SQLITE3.so" +plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_GPRINT.so" +#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_NACCT.so" +#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_PCAP.so" +#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_PGSQL.so" +#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_MYSQL.so" +#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_DBI.so" +plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_raw2packet_BASE.so" +plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_inpflow_NFACCT.so" +plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_GRAPHITE.so" +#plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_JSON.so" + +# this is a stack for logging packet send by system via LOGEMU +stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU + +# this is a stack for packet-based logging via LOGEMU +#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU + +# this is a stack for ULOG packet-based logging via LOGEMU +#stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU + +# this is a stack for packet-based logging via LOGEMU with filtering on MARK +#stack=log2:NFLOG,mark1:MARK,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU + +# this is a stack for packet-based logging via GPRINT +#stack=log1:NFLOG,gp1:GPRINT + +# this is a stack for flow-based logging via LOGEMU +#stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU + +# this is a stack for flow-based logging via GPRINT +#stack=ct1:NFCT,gp1:GPRINT + +# this is a stack for flow-based logging via XML +#stack=ct1:NFCT,xml1:XML + +# this is a stack for logging in XML +#stack=log1:NFLOG,xml1:XML + +# this is a stack for accounting-based logging via XML +#stack=acct1:NFACCT,xml1:XML + +# this is a stack for accounting-based logging to a Graphite server +#stack=acct1:NFACCT,graphite1:GRAPHITE + +# this is a stack for NFLOG packet-based logging to PCAP +#stack=log2:NFLOG,base1:BASE,pcap1:PCAP + +# this is a stack for logging packet to MySQL +#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL + +# this is a stack for logging packet to PGsql after a collect via NFLOG +#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,pgsql1:PGSQL + +# this is a stack for logging packet to JSON formatted file after a collect via NFLOG +#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,json1:JSON + +# this is a stack for logging packets to syslog after a collect via NFLOG +#stack=log3:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG + +# this is a stack for logging packets to syslog after a collect via NuFW +#stack=nuauth1:UNIXSOCK,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG + +# this is a stack for flow-based logging to MySQL +#stack=ct1:NFCT,ip2bin1:IP2BIN,mysql2:MYSQL + +# this is a stack for flow-based logging to PGSQL +#stack=ct1:NFCT,ip2str1:IP2STR,pgsql2:PGSQL + +# this is a stack for flow-based logging to PGSQL without local hash +#stack=ct1:NFCT,ip2str1:IP2STR,pgsql3:PGSQL + +# this is a stack for flow-based logging to SQLITE3 +#stack=ct1:NFCT,sqlite3_ct:SQLITE3 + +# this is a stack for logging packet to SQLITE3 +#stack=log1:NFLOG,sqlite3_pkt:SQLITE3 + +# this is a stack for flow-based logging in NACCT compatible format +#stack=ct1:NFCT,ip2str1:IP2STR,nacct1:NACCT + +# this is a stack for accounting-based logging via GPRINT +#stack=acct1:NFACCT,gp1:GPRINT + +[ct1] +#netlink_socket_buffer_size=217088 +#netlink_socket_buffer_maxsize=1085440 +#netlink_resync_timeout=60 # seconds to wait to perform resynchronization +#pollinterval=10 # use poll-based logging instead of event-driven +# If pollinterval is not set, NFCT plugin will work in event mode +# In this case, you can use the following filters on events: +#accept_src_filter=192.168.1.0/24,1:2::/64 # source ip of connection must belong to these networks +#accept_dst_filter=192.168.1.0/24 # destination ip of connection must belong to these networks +#accept_proto_filter=tcp,sctp # layer 4 proto of connections + +[ct2] +#netlink_socket_buffer_size=217088 +#netlink_socket_buffer_maxsize=1085440 +#reliable=1 # enable reliable flow-based logging (may drop packets) +hash_enable=0 + +# Logging of system packet through NFLOG +[log1] +# netlink multicast group (the same as the iptables --nflog-group param) +# Group O is used by the kernel to log connection tracking invalid message +group=0 +#netlink_socket_buffer_size=217088 +#netlink_socket_buffer_maxsize=1085440 +# set number of packet to queue inside kernel +#netlink_qthreshold=1 +# set the delay before flushing packet in the queue inside kernel (in 10ms) +#netlink_qtimeout=100 + +# packet logging through NFLOG for group 1 +[log2] +# netlink multicast group (the same as the iptables --nflog-group param) +group=1 # Group has to be different from the one use in log1 +#netlink_socket_buffer_size=217088 +#netlink_socket_buffer_maxsize=1085440 +# If your kernel is older than 2.6.29 and if a NFLOG input plugin with +# group 0 is not used by any stack, you need to have at least one NFLOG +# input plugin with bind set to 1. If you don't do that you may not +# receive any message from the kernel. +#bind=1 + +# packet logging through NFLOG for group 2, numeric_label is +# set to 1 +[log3] +# netlink multicast group (the same as the iptables --nflog-group param) +group=2 # Group has to be different from the one use in log1/log2 +numeric_label=1 # you can label the log info based on the packet verdict +#netlink_socket_buffer_size=217088 +#netlink_socket_buffer_maxsize=1085440 +#bind=1 + +[ulog1] +# netlink multicast group (the same as the iptables --ulog-nlgroup param) +nlgroup=1 +#numeric_label=0 # optional argument + +[nuauth1] +socket_path="/tmp/nuauth_ulogd2.sock" + +[emu1] +file="/var/log/ulog/syslogemu.log" +sync=1 + +[op1] +file="/var/log/ulog/oprint.log" +sync=1 + +[gp1] +file="/var/log/ulog/gprint.log" +sync=1 +timestamp=1 + +[xml1] +directory="/var/log/" +sync=1 + +[json1] +sync=1 +#file="/var/log/ulog/ulogd.json" +#timestamp=0 +# device name to be used in JSON message +#device="My awesome Netfilter firewall" +# If boolean_label is set to 1 then the numeric_label put on packet +# by the input plugin is coding the action on packet: if 0, then +# packet has been blocked and if non null it has been accepted. +#boolean_label=1 + +[pcap1] +#default file is /var/log/ulogd.pcap +#file="/var/log/ulog/ulogd.pcap" +sync=1 + +[mysql1] +db="nulog" +host="localhost" +user="nupik" +table="ulog" +pass="changeme" +procedure="INSERT_PACKET_FULL" +# backlog configuration: +# set backlog_memcap to the size of memory that will be +# allocated to store events in memory if data is temporary down +# and insert them when the database came back. +#backlog_memcap=1000000 +# number of events to insert at once when backlog is not empty +#backlog_oneshot_requests=10 + +[mysql2] +db="nulog" +host="localhost" +user="nupik" +table="conntrack" +pass="changeme" +procedure="INSERT_CT" + +[pgsql1] +db="nulog" +host="localhost" +user="nupik" +table="ulog" +#schema="public" +pass="changeme" +procedure="INSERT_PACKET_FULL" +# connstring can be used to define PostgreSQL connection string which +# contains all parameters of the connection. If set, this value has +# precedence on other variables used to build the connection string. +# See http://www.postgresql.org/docs/9.2/static/libpq-connect.html#LIBPQ-CONNSTRING +# for a complete description of options. +#connstring="host=localhost port=4321 dbname=nulog user=nupik password=changeme" +#backlog_memcap=1000000 +#backlog_oneshot_requests=10 +# If superior to 1 a thread dedicated to SQL request execution +# is created. The value stores the number of SQL request to keep +# in the ring buffer +#ring_buffer_size=1000 + +[pgsql2] +db="nulog" +host="localhost" +user="nupik" +table="ulog2_ct" +#schema="public" +pass="changeme" +procedure="INSERT_CT" + +[pgsql3] +db="nulog" +host="localhost" +user="nupik" +table="ulog2_ct" +#schema="public" +pass="changeme" +procedure="INSERT_OR_REPLACE_CT" + +[pgsql4] +db="nulog" +host="localhost" +user="nupik" +table="nfacct" +#schema="public" +pass="changeme" +procedure="INSERT_NFACCT" + +[dbi1] +db="ulog2" +dbtype="pgsql" +host="localhost" +user="ulog2" +table="ulog" +pass="ulog2" +procedure="INSERT_PACKET_FULL" + +[sqlite3_ct] +table="ulog_ct" +db="/var/log/ulog/ulogd.sqlite3db" +buffer=200 + +[sqlite3_pkt] +table="ulog_pkt" +db="/var/log/ulog/ulogd.sqlite3db" +buffer=200 + +[sys2] +facility=LOG_LOCAL2 + +[nacct1] +sync = 1 +#file = /var/log/ulog/nacct.log + +[mark1] +mark = 1 + +[acct1] +pollinterval = 2 +# If set to 0, we don't reset the counters for each polling (default is 1). +#zerocounter = 0 +# Set timestamp (default is 0, which means not set). This timestamp can be +# interpreted by the output plugin. +#timestamp = 1 + +[graphite1] +host="127.0.0.1" +port="2003" +# Prefix of data name sent to graphite server +prefix="netfilter.nfacct"