doc:appunti:linux:sa:ulogd2
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| doc:appunti:linux:sa:ulogd2 [2025/02/17 16:52] – created niccolo | doc:appunti:linux:sa:ulogd2 [2025/02/17 18:29] (current) – niccolo | ||
|---|---|---|---|
| Line 5: | Line 5: | ||
| </ | </ | ||
| + | |||
| + | === / | ||
| + | |||
| + | We configure one **plugin stack** adding this line into the configuration file: | ||
| + | |||
| + | < | ||
| + | # Custom stack for logging connections metadata. | ||
| + | stack=ct1: | ||
| + | </ | ||
| + | |||
| + | FIXME | ||
| + | |||
| + | < | ||
| + | [ct1] | ||
| + | event_mask=0x00000001 | ||
| + | hash_enable=0 | ||
| + | </ | ||
| + | |||
| + | === Plugin Stacks Explained === | ||
| + | |||
| + | * Input plugin | ||
| + | * None, one or multiple filter plugins | ||
| + | * One output plugin | ||
| + | |||
| + | In the example above we use the **NFCT** input plugin, which interfaces with the **nfnetlink_conntrack** kernel subsystem, and provides flow-based logging. FIXME | ||
| + | |||
| + | The option **hash_enable** ... FIXME | ||
| + | |||
| + | === / | ||
| < | < | ||
doc/appunti/linux/sa/ulogd2.1739807543.txt.gz · Last modified: 2025/02/17 16:52 by niccolo