From 9b2810150dcaa280302dc69d492e939f17b7440a Mon Sep 17 00:00:00 2001
From: frank <frank@uhu1.uhu-banane.de>
Date: Sat, 28 Jan 2012 22:17:35 +0100
Subject: [PATCH] committing changes in /etc after emerge run

Package changes:
+app-admin/ulogd-2.0.0_beta4
---
 .etckeeper        |   3 +
 init.d/ulogd      |  36 ++++++++
 logrotate.d/ulogd |   7 ++
 ulogd.conf        | 219 ++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 265 insertions(+)
 create mode 100755 init.d/ulogd
 create mode 100644 logrotate.d/ulogd
 create mode 100644 ulogd.conf

diff --git a/.etckeeper b/.etckeeper
index c6bb1f8..beb26d1 100755
--- a/.etckeeper
+++ b/.etckeeper
@@ -586,6 +586,7 @@ maybe chmod 0755 './init.d/termencoding'
 maybe chmod 0755 './init.d/udev'
 maybe chmod 0755 './init.d/udev-mount'
 maybe chmod 0755 './init.d/udev-postmount'
+maybe chmod 0755 './init.d/ulogd'
 maybe chmod 0755 './init.d/urandom'
 maybe chmod 0755 './init.d/vixie-cron'
 maybe chmod 0644 './inittab'
@@ -635,6 +636,7 @@ maybe chmod 0644 './logrotate.d/mysql'
 maybe chmod 0644 './logrotate.d/openrc'
 maybe chmod 0644 './logrotate.d/rsyncd'
 maybe chmod 0644 './logrotate.d/syslog-ng'
+maybe chmod 0644 './logrotate.d/ulogd'
 maybe chmod 0755 './lvm'
 maybe chmod 0700 './lvm/archive'
 maybe chmod 0600 './lvm/archive/vg00_00000.vg'
@@ -998,6 +1000,7 @@ maybe chmod 0755 './udev/rules.d'
 maybe chmod 0644 './udev/rules.d/.keep_sys-fs_udev-0'
 maybe chmod 0644 './udev/rules.d/70-persistent-cd.rules'
 maybe chmod 0644 './udev/udev.conf'
+maybe chmod 0644 './ulogd.conf'
 maybe chmod 0755 './unixODBC'
 maybe chmod 0755 './unixODBC/ODBCDataSources'
 maybe chmod 0644 './unixODBC/odbc.ini'
diff --git a/init.d/ulogd b/init.d/ulogd
new file mode 100755
index 0000000..e2f76a1
--- /dev/null
+++ b/init.d/ulogd
@@ -0,0 +1,36 @@
+#!/sbin/runscript
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-admin/ulogd/files/ulogd,v 1.5 2012/01/01 01:01:06 idl0r Exp $
+
+extra_started_commands="reload"
+
+depend() {
+	need net
+}
+
+checkconfig() {
+	if [ ! -e /etc/ulogd.conf ]; then
+		eerror "You need /etc/ulogd.conf"
+		return 1
+	fi
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Starting ulogd"
+	start-stop-daemon --start --quiet --exec /usr/sbin/ulogd -- -u ulogd -d >/dev/null 2>&1
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping ulogd"
+	start-stop-daemon --stop --quiet --exec /usr/sbin/ulogd >/dev/null 2>&1
+	eend $?
+}
+
+reload() {
+	ebegin "Reloading ulogd.conf file"
+	killall -HUP ulogd &>/dev/null
+	eend $?
+}
diff --git a/logrotate.d/ulogd b/logrotate.d/ulogd
new file mode 100644
index 0000000..b3fb6d1
--- /dev/null
+++ b/logrotate.d/ulogd
@@ -0,0 +1,7 @@
+/var/log/ulogd.log /var/log/ulogd.syslogemu /var/log/ulogd.pktlog /var/log/ulogd.pcap {
+    missingok
+    sharedscripts
+    postrotate
+	/bin/killall -HUP ulogd 2> /dev/null || true
+    endscript
+}
diff --git a/ulogd.conf b/ulogd.conf
new file mode 100644
index 0000000..bd72e6b
--- /dev/null
+++ b/ulogd.conf
@@ -0,0 +1,219 @@
+# Example configuration for ulogd
+# $Id$
+# Adapted to Debian by Achilleas Kotsis <achille@debian.gr>
+
+[global]
+######################################################################
+# GLOBAL OPTIONS
+######################################################################
+
+
+# logfile for status messages
+logfile="/var/log/ulogd.log"
+
+# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8)
+loglevel=1
+
+######################################################################
+# PLUGIN OPTIONS
+######################################################################
+
+# We have to configure and load all the plugins we want to use
+
+# general rules:
+# 1. load the plugins _first_ from the global section
+# 2. options for each plugin in seperate section below
+
+
+plugin="/usr/lib64/ulogd/ulogd_inppkt_NFLOG.so"
+#plugin="/usr/lib64/ulogd/ulogd_inppkt_ULOG.so"
+plugin="/usr/lib64/ulogd/ulogd_inpflow_NFCT.so"
+plugin="/usr/lib64/ulogd/ulogd_filter_IFINDEX.so"
+plugin="/usr/lib64/ulogd/ulogd_filter_IP2STR.so"
+plugin="/usr/lib64/ulogd/ulogd_filter_IP2BIN.so"
+plugin="/usr/lib64/ulogd/ulogd_filter_PRINTPKT.so"
+plugin="/usr/lib64/ulogd/ulogd_filter_HWHDR.so"
+plugin="/usr/lib64/ulogd/ulogd_filter_PRINTFLOW.so"
+#plugin="/usr/lib64/ulogd/ulogd_filter_MARK.so"
+plugin="/usr/lib64/ulogd/ulogd_output_LOGEMU.so"
+plugin="/usr/lib64/ulogd/ulogd_output_SYSLOG.so"
+plugin="/usr/lib64/ulogd/ulogd_output_XML.so"
+#plugin="/usr/lib64/ulogd/ulogd_output_OPRINT.so"
+#plugin="/usr/lib64/ulogd/ulogd_output_NACCT.so"
+#plugin="/usr/lib64/ulogd/ulogd_output_PCAP.so"
+#plugin="/usr/lib64/ulogd/ulogd_output_PGSQL.so"
+#plugin="/usr/lib64/ulogd/ulogd_output_MYSQL.so"
+#plugin="/usr/lib64/ulogd/ulogd_output_DBI.so"
+plugin="/usr/lib64/ulogd/ulogd_raw2packet_BASE.so"
+
+# this is a stack for logging packet send by system via LOGEMU
+#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+
+# this is a stack for packet-based logging via LOGEMU
+#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+
+# this is a stack for ULOG packet-based logging via LOGEMU
+#stack=ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+
+# this is a stack for packet-based logging via LOGEMU with filtering on MARK
+#stack=log2:NFLOG,mark1:MARK,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+
+# this is a stack for flow-based logging via LOGEMU
+#stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU
+
+# this is a stack for flow-based logging via OPRINT
+#stack=ct1:NFCT,op1:OPRINT
+
+# this is a stack for flow-based logging via XML
+#stack=ct1:NFCT,xml1:XML
+
+# this is a stack for logging in XML
+#stack=log1:NFLOG,xml1:XML
+
+# this is a stack for NFLOG packet-based logging to PCAP
+#stack=log2:NFLOG,base1:BASE,pcap1:PCAP
+
+# this is a stack for logging packet to MySQL
+#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL
+
+# this is a stack for logging packet to PGsql after a collect via NFLOG
+#stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,mac2str1:HWHDR,pgsql1:PGSQL
+
+# this is a stack for logging packets to syslog after a collect via NFLOG
+#stack=log3:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG
+
+# this is a stack for flow-based logging to MySQL
+#stack=ct1:NFCT,ip2bin1:IP2BIN,mysql2:MYSQL
+
+# this is a stack for flow-based logging to PGSQL
+#stack=ct1:NFCT,ip2str1:IP2STR,pgsql2:PGSQL
+
+# this is a stack for flow-based logging to PGSQL without local hash
+#stack=ct1:NFCT,ip2str1:IP2STR,pgsql3:PGSQL
+
+
+# this is a stack for flow-based logging in NACCT compatible format
+#stack=ct1:NFCT,ip2str1:IP2STR,nacct1:NACCT
+
+[ct1]
+#netlink_socket_buffer_size=217088
+#netlink_socket_buffer_maxsize=1085440
+#netlink_resync_timeout=60 # seconds to wait to perform resynchronization
+#pollinterval=10 # use poll-based logging instead of event-driven
+
+[ct2]
+#netlink_socket_buffer_size=217088
+#netlink_socket_buffer_maxsize=1085440
+hash_enable=0
+
+# Logging of system packet through NFLOG
+[log1]
+# netlink multicast group (the same as the iptables --nflog-group param)
+# Group O is used by the kernel to log connection tracking invalid message
+group=0
+#netlink_socket_buffer_size=217088
+#netlink_socket_buffer_maxsize=1085440
+# set number of packet to queue inside kernel
+#netlink_qthreshold=1
+# set the delay before flushing packet in the queue inside kernel (in 10ms)
+#netlink_qtimeout=100
+
+# packet logging through NFLOG for group 1
+[log2]
+# netlink multicast group (the same as the iptables --nflog-group param)
+group=1 # Group has to be different from the one use in log1
+#netlink_socket_buffer_size=217088
+#netlink_socket_buffer_maxsize=1085440
+# If your kernel is older than 2.6.29 and if a NFLOG input plugin with
+# group 0 is not used by any stack, you need to have at least one NFLOG
+# input plugin with bind set to 1. If you don't do that you may not
+# receive any message from the kernel.
+#bind=1
+
+# packet logging through NFLOG for group 2, numeric_label is
+# set to 1
+[log3]
+# netlink multicast group (the same as the iptables --nflog-group param)
+group=2 # Group has to be different from the one use in log1/log2
+numeric_label=1 # you can label the log info based on the packet verdict
+#netlink_socket_buffer_size=217088
+#netlink_socket_buffer_maxsize=1085440
+#bind=1
+
+[ulog1]
+# netlink multicast group (the same as the iptables --ulog-nlgroup param)
+nlgroup=1
+#numeric_label=0 # optional argument
+
+[emu1]
+file="/var/log/ulogd_syslogemu.log"
+sync=1
+
+[op1]
+file="/var/log/ulogd_oprint.log"
+sync=1
+
+[xml1]
+directory="/var/log/"
+sync=1
+
+[pcap1]
+sync=1
+
+[mysql1]
+db="nulog"
+host="localhost"
+user="nupik"
+table="ulog"
+pass="changeme"
+procedure="INSERT_PACKET_FULL"
+
+[mysql2]
+db="nulog"
+host="localhost"
+user="nupik"
+table="ulog"
+pass="changeme"
+procedure="INSERT_CT"
+
+[pgsql1]
+db="nulog"
+host="localhost"
+user="nupik"
+table="ulog"
+pass="changeme"
+procedure="INSERT_PACKET_FULL"
+
+[pgsql2]
+db="nulog"
+host="localhost"
+user="nupik"
+table="ulog2_ct"
+pass="changeme"
+procedure="INSERT_CT"
+
+[pgsql3]
+db="nulog"
+host="localhost"
+user="nupik"
+table="ulog2_ct"
+pass="changeme"
+procedure="INSERT_OR_REPLACE_CT"
+
+[dbi1]
+db="ulog2"
+dbtype="pgsql"
+host="localhost"
+user="ulog2"
+table="ulog"
+pass="ulog2"
+procedure="INSERT_PACKET_FULL"
+
+[sys2]
+facility=LOG_LOCAL2
+
+[nacct1]
+sync = 1
+
+[mark1]
+mark = 1
-- 
2.39.5