====== Monitoraggio con ulogd2 ======

<code>
apt install ulogd2
</code>


=== /etc/ulogd.conf ===

We configure one **plugin stack** adding this line into the configuration file:

<file>
# Custom stack for logging connections metadata.
stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU
</file>

FIXME

<file>
[ct1]
event_mask=0x00000001
hash_enable=0
</file>

=== Plugin Stacks Explained ===

  * Input plugin
  * None, one or multiple filter plugins
  * One output plugin

In the example above we use the **NFCT** input plugin, which interfaces with the **nfnetlink_conntrack** kernel subsystem, and provides flow-based logging. FIXME

The option **hash_enable** ... FIXME

=== /etc/logrotate.d/ulogd2 ===

<code>
systemctl enable ulogd2.service
systemctl start ulogd2.service
</code>