Bug#502305: Temporary packages for ulogd2 : Configuration changes

To: 502305@bugs.debian.org
Subject: Bug#502305: Temporary packages for ulogd2 : Configuration changes
From: Jim Barber <jim.barber@ddihealth.com>
Date: Fri, 07 Jan 2011 15:21:31 +0800
Message-id: <[🔎] 4D26BEFB.6030805@ddihealth.com>
Reply-to: Jim Barber <jim.barber@ddihealth.com>, 502305@bugs.debian.org

Hi.

Further to my previous email, I've now installed the newly built packageand here are some observations.


There is a lack of documentation in the built package.

If the build also formatted the doc/ulogd.sgml file in the source areainto txt and html files to be installed under the /usr/share/doc/ulogd/directory, then there will be a lot more useful information on how toconfigure the new ulogd daemon.


I made the following changes to the /etc/ulogd.conf file.
Take and leave each of them as you like.

I've attached the patch that makes all of these changes to the finalinstalled configuration file.

- I've made changes to produce logs in the /var/log/ulogd/ directorylike the old ulogd v1.23 did.This way users upgrading from the old ulogd to the new ulogd will stillfind the files in the same location as before.Likewise I adjusted log file names to match what they were before(removed leading ulogd_)If the package doesn't create the /var/log/ulogd/ directory as part ofits install, then it would need to be modified to do this as well.

- I changed the log level to notice. I guess you can ignore this, butI've left it in the patch.

- I've enabled the ULOG support. This way, people upgrading from the oldulogd daemon to the new one will still have their logging working. Thiswill give them a chance to transition over from ULOG to NFLOG at theirconvenience.


- There was no XML output plugin built with the package.

So I've commented that plugin out to remove the error message about itnot being found.I guess the other approach is to get the package to build that plugin ifpossible.

- I added commented out plugin entries for the SQLITE3 output plugin,and the PWSNIFF filter plugin (which maybe you don't want to include).

- Added a [sqlite3] section for the SQLITE3 plugin to match the examplefor SQLLITE3 on the old version of ulogd.


Regards,

--
----------
Jim Barber
DDI Health

--- /etc/ulogd.conf.dpkg-dist	2011-01-07 14:00:16.000000000 +0800
+++ /etc/ulogd.conf	2011-01-07 14:54:57.000000000 +0800
@@ -9,10 +9,10 @@
 
 
 # logfile for status messages
-logfile="/var/log/ulogd.log"
+logfile="/var/log/ulog/ulogd.log"
 
 # loglevel: debug(1), info(3), notice(5), error(7) or fatal(8)
-loglevel=1
+loglevel=5
 
 ######################################################################
 # PLUGIN OPTIONS
@@ -26,7 +26,7 @@
 
 
 plugin="/usr/lib/ulogd/ulogd_inppkt_NFLOG.so"
-#plugin="/usr/lib/ulogd/ulogd_inppkt_ULOG.so"
+plugin="/usr/lib/ulogd/ulogd_inppkt_ULOG.so"
 plugin="/usr/lib/ulogd/ulogd_inpflow_NFCT.so"
 plugin="/usr/lib/ulogd/ulogd_filter_IFINDEX.so"
 plugin="/usr/lib/ulogd/ulogd_filter_IP2STR.so"
@@ -35,15 +35,17 @@
 plugin="/usr/lib/ulogd/ulogd_filter_HWHDR.so"
 plugin="/usr/lib/ulogd/ulogd_filter_PRINTFLOW.so"
 #plugin="/usr/lib/ulogd/ulogd_filter_MARK.so"
+#plugin="/usr/lib/ulogd/ulogd_filter_PWSNIFF.so"
 plugin="/usr/lib/ulogd/ulogd_output_LOGEMU.so"
 plugin="/usr/lib/ulogd/ulogd_output_SYSLOG.so"
-plugin="/usr/lib/ulogd/ulogd_output_XML.so"
+#plugin="/usr/lib/ulogd/ulogd_output_XML.so"
 #plugin="/usr/lib/ulogd/ulogd_output_OPRINT.so"
 #plugin="/usr/lib/ulogd/ulogd_output_NACCT.so"
 #plugin="/usr/lib/ulogd/ulogd_output_PCAP.so"
 #plugin="/usr/lib/ulogd/ulogd_output_PGSQL.so"
 #plugin="/usr/lib/ulogd/ulogd_output_MYSQL.so"
 #plugin="/usr/lib/ulogd/ulogd_output_DBI.so"
+#plugin="/usr/lib/ulogd/ulogd_output_SQLITE3.so"
 plugin="/usr/lib/ulogd/ulogd_raw2packet_BASE.so"
 
 # this is a stack for logging packet send by system via LOGEMU
@@ -53,7 +55,7 @@
 #stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
 
 # this is a stack for ULOG packet-based logging via LOGEMU
-#stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
 
 # this is a stack for packet-based logging via LOGEMU with filtering on MARK
 #stack=log2:NFLOG,mark1:MARK,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
@@ -148,15 +150,15 @@
 #numeric_label=0 # optional argument
 
 [emu1]
-file="/var/log/ulogd_syslogemu.log"
+file="/var/log/ulog/syslogemu.log"
 sync=1
 
 [op1]
-file="/var/log/ulogd_oprint.log"
+file="/var/log/ulog/oprint.log"
 sync=1
 
 [xml1]
-directory="/var/log/"
+directory="/var/log/ulog/"
 sync=1
 
 [pcap1]
@@ -202,6 +204,11 @@
 pass="changeme"
 procedure="INSERT_OR_REPLACE_CT"
 
+[sqlite3]
+table="ulog"
+db="/path/to/sqlite/db"
+buffer=200
+
 [dbi1]
 db="ulog2"
 dbtype="pgsql"

Reply to:

Prev by Date: Processed: tagging as pending bugs that are closed by packages in NEW
Next by Date: Processed: I use it
Previous by thread: Bug#502305: Temporary packages for ulogd2 : Build dependency wrong
Next by thread: Processed: I use it
Index(es):
- Date
- Thread