-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathulogd.conf
executable file
·98 lines (70 loc) · 3.36 KB
/
ulogd.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# ----------------------------------------------
# THOR Firewall Logger
# ----------------------------------------------
# The following netlink groups are used by default:
# - 1 Generic Logging
# DAEMON CONFIG
# ----------------------------------------------
[global]
# logfile for ulog status messages
logfile="syslog"
# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) (default 5)
loglevel=5
# INPUT Plugins
# ----------------------------------------------
# This interfaces the new nfnetlink_log interface
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_inppkt_NFLOG.so"
# OUTPUT Plugins
# ----------------------------------------------
# An output module which tries to emulate the old syslog-based LOG targed as far as possible. Logging is done to a seperate textfile instead of syslog, though.
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_LOGEMU.so"
# An output plugin for logging into a mysql database. This is only compiled if you have the mysql libraries installed, and the configure script was able to detect them.
# Requires Package ulogd2-mysql
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_MYSQL.so"
# Interpreter Plugins
# ----------------------------------------------
# Basic interpreter plugin for nfmark, timestamp, mac address, ip header, tcp header, udp header, icmp header, ah/esp header...
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_raw2packet_BASE.so"
# Filter plugin that provides translation from the numerical ifindex (e.g. '1') to the network interface name (e.g. 'eth4')
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_IFINDEX.so"
# This plugin convert hardware header to string. In the case of ethernet packet, it basically convert mac address to a string represetation.
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_HWHDR.so"
# This plugin convert IP addresses to a binary form usable by databases like MySQL.
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_IP2BIN.so"
# This plugin convert IP addresses to string like 127.0.0.1
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_IP2STR.so"
# Convert the keys relative to a packet in a string readable by human. This plugin has to be used to print packet in the format similar to the LOG target format.
plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_PRINTPKT.so"
# LOGGING STACKS
# ----------------------------------------------
# Store Logs into Mariadb Database
# RULES
stack=nflog_g1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2BIN,mac2str1:HWHDR,mariadb1:MYSQL
# DEBUG
#stack=nflog_g1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,logdebug:LOGEMU
# NFLOG GROUPS
# ----------------------------------------------
# packet logging through NFLOG for group 1 (the same as the iptables --nflog-group param) - LOGACCEPT
[nflog_g1]
group=1
# DEBUG OUTPUT
# ----------------------------------------------
[logdebug]
file="/var/log/firewall.log"
sync=1
# MARIADB OUTPUT - Rule Logging
# ----------------------------------------------
[mariadb1]
db="thor_firewall"
host="localhost"
user="ulogd2"
table="ulogd2_fields"
pass="_CHANGE_ME_"
procedure="CALL_ULOGD2_INSERT"
# backlog configuration:
# set backlog_memcap to the size of memory that will be
# allocated to store events in memory if data is temporary down
# and insert them when the database came back.
backlog_memcap=5000000
# number of events to insert at once when backlog is not empty
backlog_oneshot_requests=10