ansible/roles/ulogd2/templates/ulogd.conf.j2

{{ ansible_managed | comment }}

# HWADDR, PRINTFLOW, MARK, NFACCT (pour ct) ?
{%
    set plugins = [
        "ulogd2_inppkt_NFLOG.so",
        "ulogd2_filter_IFINDEX.so",
        "ulogd2_filter_IP2STR.so",
        "ulogd2_filter_PRINTPKT.so",
        "ulogd2_filter_PRINTPKT.so",
        "ulogd2_output_SYSLOG.so",
        "ulogd2_raw2packet_BASE.so",
    ]
%}

[global]
logfile="syslog"
loglevel=3

{% for plugin in plugins %}
plugin="{{ ulogd2_plugins_dir }}/{{ plugin }}"
{% endfor %}

stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG
#stack=ct1:NFCT,ip2str1:IP2STR,nacct1:NACCT

[ct1]
#netlink_socket_buffer_size=217088
#netlink_socket_buffer_maxsize=1085440
#netlink_resync_timeout=60 # seconds to wait to perform resynchronization
#pollinterval=10 # use poll-based logging instead of event-driven
# If pollinterval is not set, NFCT plugin will work in event mode
# In this case, you can use the following filters on events:
#accept_src_filter=192.168.1.0/24,1:2::/64 # source ip of connection must belong to these networks
#accept_dst_filter=192.168.1.0/24 # destination ip of connection must belong to these networks
#accept_proto_filter=tcp,sctp # layer 4 proto of connections

[log1]
group=10
#netlink_socket_buffer_size=217088
#netlink_socket_buffer_maxsize=1085440
#netlink_qthreshold=1
# set the delay before flushing packet in the queue inside kernel (in 10ms)
#netlink_qtimeout=100

[sys1]
facility=LOG_LOCAL2
WIP: add a role for ulogd2 2021-03-03 03:02:53 +01:00			`{{ ansible_managed \| comment }}`

			`# HWADDR, PRINTFLOW, MARK, NFACCT (pour ct) ?`
			`{%`
			`set plugins = [`
			`"ulogd2_inppkt_NFLOG.so",`
			`"ulogd2_filter_IFINDEX.so",`
			`"ulogd2_filter_IP2STR.so",`
			`"ulogd2_filter_PRINTPKT.so",`
			`"ulogd2_filter_PRINTPKT.so",`
			`"ulogd2_output_SYSLOG.so",`
			`"ulogd2_raw2packet_BASE.so",`
			`]`
			`%}`

			`[global]`
			`logfile="syslog"`
			`loglevel=3`

			`{% for plugin in plugins %}`
			`plugin="{{ ulogd2_plugins_dir }}/{{ plugin }}"`
			`{% endfor %}`

			`stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG`
			`#stack=ct1:NFCT,ip2str1:IP2STR,nacct1:NACCT`

			`[ct1]`
			`#netlink_socket_buffer_size=217088`
			`#netlink_socket_buffer_maxsize=1085440`
			`#netlink_resync_timeout=60 # seconds to wait to perform resynchronization`
			`#pollinterval=10 # use poll-based logging instead of event-driven`
			`# If pollinterval is not set, NFCT plugin will work in event mode`
			`# In this case, you can use the following filters on events:`
			`#accept_src_filter=192.168.1.0/24,1:2::/64 # source ip of connection must belong to these networks`
			`#accept_dst_filter=192.168.1.0/24 # destination ip of connection must belong to these networks`
			`#accept_proto_filter=tcp,sctp # layer 4 proto of connections`

			`[log1]`
			`group=10`
			`#netlink_socket_buffer_size=217088`
			`#netlink_socket_buffer_maxsize=1085440`
			`#netlink_qthreshold=1`
			`# set the delay before flushing packet in the queue inside kernel (in 10ms)`
			`#netlink_qtimeout=100`

			`[sys1]`
			`facility=LOG_LOCAL2`