{{ ansible_managed | comment }}

# HWADDR, PRINTFLOW, MARK, NFACCT (pour ct) ?
{%
    set plugins = [
        "ulogd2_inppkt_NFLOG.so",
        "ulogd2_filter_IFINDEX.so",
        "ulogd2_filter_IP2STR.so",
        "ulogd2_filter_PRINTPKT.so",
        "ulogd2_filter_PRINTPKT.so",
        "ulogd2_output_SYSLOG.so",
        "ulogd2_raw2packet_BASE.so",
    ]
%}

[global]
logfile="syslog"
loglevel=3

{% for plugin in plugins %}
plugin="{{ ulogd2_plugins_dir }}/{{ plugin }}"
{% endfor %}

stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG
#stack=ct1:NFCT,ip2str1:IP2STR,nacct1:NACCT

[ct1]
#netlink_socket_buffer_size=217088
#netlink_socket_buffer_maxsize=1085440
#netlink_resync_timeout=60 # seconds to wait to perform resynchronization
#pollinterval=10 # use poll-based logging instead of event-driven
# If pollinterval is not set, NFCT plugin will work in event mode
# In this case, you can use the following filters on events:
#accept_src_filter=192.168.1.0/24,1:2::/64 # source ip of connection must belong to these networks
#accept_dst_filter=192.168.1.0/24 # destination ip of connection must belong to these networks
#accept_proto_filter=tcp,sctp # layer 4 proto of connections

[log1]
group=10
#netlink_socket_buffer_size=217088
#netlink_socket_buffer_maxsize=1085440
#netlink_qthreshold=1
# set the delay before flushing packet in the queue inside kernel (in 10ms)
#netlink_qtimeout=100

[sys1]
facility=LOG_LOCAL2