rigacci.org

User Tools

Site Tools

Trace:
doc:appunti:linux:sa:ulogd2

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
doc:appunti:linux:sa:ulogd2 [2025/02/17 17:21] niccolodoc:appunti:linux:sa:ulogd2 [2025/02/17 18:29] (current) niccolo
Line 7: Line 7:
  
 === /etc/ulogd.conf === === /etc/ulogd.conf ===
 +
 +We configure one **plugin stack** adding this line into the configuration file:
  
 <file> <file>
-Local configured stack for logging connections metadata.+Custom stack for logging connections metadata.
 stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU
 +</file>
  
 +FIXME
 +
 +<file>
 [ct1] [ct1]
 event_mask=0x00000001 event_mask=0x00000001
 hash_enable=0 hash_enable=0
 </file> </file>
 +
 +=== Plugin Stacks Explained ===
 +
 +  * Input plugin
 +  * None, one or multiple filter plugins
 +  * One output plugin
 +
 +In the example above we use the **NFCT** input plugin, which interfaces with the **nfnetlink_conntrack** kernel subsystem, and provides flow-based logging. FIXME
 +
 +The option **hash_enable** ... FIXME
  
 === /etc/logrotate.d/ulogd2 === === /etc/logrotate.d/ulogd2 ===
doc/appunti/linux/sa/ulogd2.1739809281.txt.gz · Last modified: 2025/02/17 17:21 by niccolo