You will have to use the same group number in the ULOG target and ulogd in order to make logging work. This works like the 'snaplen' parameter of tcpdump.
You can specify a number of bytes up to which the packet is copied. If you say '40', you will receive the first fourty bytes of every packet. Leave it to 0. Queue threshold. If a packet is matched by the iptables rule, and already N packets are in the queue, the queue is flushed to userspace.
You can use this to implement a policy like: Use a big queue in order to gain high performance, but still have certain packets logged immediately to userspace. A string that is associated with every packet logged by this rule. You can use this option to later tell from which rule the packet was logged. A buffer of the specified size N is allocated for every netlink group that is used.
The backside of this performance gain is a potentially larger delay. The default value is bytes, which is quite small. This can be used to have the advantage of a large buffer, but still a finite maximum delay introduced.
The default value is set to 10 seconds. The following configuration parameters are available: nlgroup The netlink multicast group, which ulgogd should bind to. This is the same as given with the '--ulog-nlgroup' option to iptables. The main logfile, where ulogd reports any errors, warnings and other unexpected conditions. This specifies, how verbose the logging to logfile is.
This option is followed by a filename of a ulogd plugin, which ulogd shold load upon initialization. This option may appear more than once. Size of the netlink socket receive memory. The module defines the following configuration directives: dumpfile The filename where it should log to.
An output module which tries to emulate the old syslog-based LOG targed as far as possible. Logging is done to a seperate textfile instead of syslog, though. The module defines the following configuration directives: file The filename where it should log to. Set this to 1 if you want to have your logfile written synchronously. This may reduce performance, but makes your log-lines appear immediately.
The default is 0. An output plugin for logging into a mysql database. This is only compiled if you have the mysql libraries installed, and the configure script was able to detect them. The plugin automagically runs a procedure with arguments taken from a the configurable table; It connects to mysql during the startup phase of ulogd and obtains a list of the columns in the table. Then it tries to resolve the column names against keys of interpreter plugins.
This way you can easily select which information you want to log - just by the layout of the table. The module defines the following configuration directives: table Name of the table which ulogd will use to build arguments list.
Stored procedure that will be run with the argument specified in the table variable. Behaviour of the procedure option can be twitted by using specific name. An output plugin for logging into a postgresql database. This is only compiled if you have the pgsql libraries installed, and the configure script was able to detect them.
The plugin automagically runs a procedure with arguments taken from a the configurable table; It connects to pgsql during the startup phase of ulogd and obtains a list of the columns in the table. This way you can easily build your own procedure and select it arguments just by modifying the layout of the table.
An output plugin that can be used to generate libpcap-style packet logfiles. This can be useful for later analysing the packet log with tools like tcpdump or ethereal. Set this to 1 if you want to have your pcap logfile written synchronously. This may reduce performance, but makes your packets appear immediately in the file on disk. This is only compiled if you have the sqlite libraries installed, and the configure script was able to detect them.
The plugin automagically inserts the data into the configured table; It opens the sqlite db during the startup phase of ulogd and obtains a list of the columns in the table. Just delete the fields you are not interested in, and create the table. This file contains two tables, one for packet-based logging and another for flow-based logging. Site Search User. UTM Firewall.
Thread Info. RSS More Cancel. This discussion has been locked. Up 0 Down Cancel. The same thing is happening to me. Same this happening here - updated to 9. Could not load branches. Could not load tags. Latest commit. Git stats commits. Failed to load latest commit information. View code.
0コメント