This commit is contained in:
parent
6525508401
commit
7ada2fe769
4 changed files with 80 additions and 0 deletions
3
roles/ulogd2/defaults/main.yml
Normal file
3
roles/ulogd2/defaults/main.yml
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
ulogd2_plugins_dir: /usr/lib/x86_64-linux-gnu/ulogd
|
||||
...
|
||||
6
roles/ulogd2/handlers/main.yml
Normal file
6
roles/ulogd2/handlers/main.yml
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
- name: Restart ulogd2
|
||||
systemd:
|
||||
name: ulogd.service
|
||||
state: reloaded
|
||||
...
|
||||
24
roles/ulogd2/tasks/main.yml
Normal file
24
roles/ulogd2/tasks/main.yml
Normal file
|
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
- name: Install ulogd2
|
||||
become: true
|
||||
apt:
|
||||
name: ulogd2
|
||||
state: latest
|
||||
|
||||
- name: Configure ulogd2
|
||||
become: true
|
||||
template:
|
||||
src: ulogd.conf.j2
|
||||
dest: /etc/ulogd.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: u=rw,g=r,o=
|
||||
notify: Restart ulogd2
|
||||
|
||||
- name: Enable ulogd2
|
||||
become: true
|
||||
systemd:
|
||||
name: ulogd.service
|
||||
enabled: true
|
||||
state: started
|
||||
...
|
||||
47
roles/ulogd2/templates/ulogd.conf.j2
Normal file
47
roles/ulogd2/templates/ulogd.conf.j2
Normal file
|
|
@ -0,0 +1,47 @@
|
|||
{{ ansible_managed | comment }}
|
||||
|
||||
# HWADDR, PRINTFLOW, MARK, NFACCT (pour ct) ?
|
||||
{%
|
||||
set plugins = [
|
||||
"ulogd2_inppkt_NFLOG.so",
|
||||
"ulogd2_filter_IFINDEX.so",
|
||||
"ulogd2_filter_IP2STR.so",
|
||||
"ulogd2_filter_PRINTPKT.so",
|
||||
"ulogd2_filter_PRINTPKT.so",
|
||||
"ulogd2_output_SYSLOG.so",
|
||||
"ulogd2_raw2packet_BASE.so",
|
||||
]
|
||||
%}
|
||||
|
||||
[global]
|
||||
logfile="syslog"
|
||||
loglevel=3
|
||||
|
||||
{% for plugin in plugins %}
|
||||
plugin="{{ ulogd2_plugins_dir }}/{{ plugin }}"
|
||||
{% endfor %}
|
||||
|
||||
stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG
|
||||
#stack=ct1:NFCT,ip2str1:IP2STR,nacct1:NACCT
|
||||
|
||||
[ct1]
|
||||
#netlink_socket_buffer_size=217088
|
||||
#netlink_socket_buffer_maxsize=1085440
|
||||
#netlink_resync_timeout=60 # seconds to wait to perform resynchronization
|
||||
#pollinterval=10 # use poll-based logging instead of event-driven
|
||||
# If pollinterval is not set, NFCT plugin will work in event mode
|
||||
# In this case, you can use the following filters on events:
|
||||
#accept_src_filter=192.168.1.0/24,1:2::/64 # source ip of connection must belong to these networks
|
||||
#accept_dst_filter=192.168.1.0/24 # destination ip of connection must belong to these networks
|
||||
#accept_proto_filter=tcp,sctp # layer 4 proto of connections
|
||||
|
||||
[log1]
|
||||
group=10
|
||||
#netlink_socket_buffer_size=217088
|
||||
#netlink_socket_buffer_maxsize=1085440
|
||||
#netlink_qthreshold=1
|
||||
# set the delay before flushing packet in the queue inside kernel (in 10ms)
|
||||
#netlink_qtimeout=100
|
||||
|
||||
[sys1]
|
||||
facility=LOG_LOCAL2
|
||||
Loading…
Reference in a new issue