Monitoraggio con ulogd2

apt install ulogd2

/etc/ulogd.conf

We configure one plugin stack adding this line into the configuration file:

# Custom stack for logging connections metadata.
stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU

[ct1]
event_mask=0x00000001
hash_enable=0

Plugin Stacks Explained

Input plugin
None, one or multiple filter plugins
One output plugin

In the example above we use the NFCT input plugin, which interfaces with the nfnetlink_conntrack kernel subsystem, and provides flow-based logging.

The option hash_enable …

/etc/logrotate.d/ulogd2

systemctl enable ulogd2.service
systemctl start ulogd2.service