1,26 → 1,21 |
# Example of a simple configuration for ulogd with ALCASAR |
|
[global] |
|
###################################################################### |
# GLOBAL OPTIONS |
###################################################################### |
|
# netlink multicast group (the same as the iptables --ulog-nlgroup param) |
nlgroup=1 |
user="ulogd" |
group="ulogd" |
|
# logfile for status messages |
logfile="/var/log/ulogd.log" |
logfile="/var/log/ulogd/ulogd.log" |
|
# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) |
loglevel=5 |
# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) (default 5) |
#loglevel=8 |
|
# socket receive buffer size (should be at least the size of the |
# in-kernel buffer (ipt_ULOG.o 'nlbufsiz' parameter) |
rmem=131071 |
|
# libipulog/ulogd receive buffer size, should be > rmem |
bufsize=150000 |
|
###################################################################### |
# PLUGIN OPTIONS |
###################################################################### |
31,9 → 26,16 |
# 1. load the plugins _first_ from the global section |
# 2. options for each plugin in seperate section below |
|
# ulogd_BASE.so - interpreter plugin for basic IPv4 header fields |
plugin="/usr/lib64/ulogd/ulogd_BASE.so" |
plugin="/usr/lib64/ulogd/ulogd_inppkt_ULOG.so" |
plugin="/usr/lib64/ulogd/ulogd_filter_IFINDEX.so" |
plugin="/usr/lib64/ulogd/ulogd_filter_IP2STR.so" |
plugin="/usr/lib64/ulogd/ulogd_filter_PRINTPKT.so" |
plugin="/usr/lib64/ulogd/ulogd_filter_PRINTFLOW.so" |
plugin="/usr/lib64/ulogd/ulogd_output_LOGEMU.so" |
plugin="/usr/lib64/ulogd/ulogd_raw2packet_BASE.so" |
|
# output plugins. |
plugin="/usr/lib64/ulogd/ulogd_LOGEMU.so" |
# this is a stack for ULOG packet-based logging via LOGEMU |
stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU |
|
[ulog1] |
nlgroup=CHANGEVALUE |