debian/0000775000000000000000000000000012301556677007204 5ustar debian/examples/0000775000000000000000000000000012246727067011023 5ustar debian/examples/pcap2ulog0000664000000000000000000001025712246727067012647 0ustar #!/usr/bin/perl -w # Copyright (C) 2009-2010 Pierre Chifflier # # This program is free software; you can redistribute it and/or modify # it under the same terms as Perl itself, either Perl version 5.8.4 or, # at your option, any later version of Perl 5 you may have available. use strict; use IO::Socket; use Net::Pcap; my $ULOGD_SOCKET_MARK = 0x41c90fd4; my $dumpfile = shift or die "Unable to open pcap file"; my($pcap_t, $err); my($ulogd_client); my $socketfile = "/var/run/ulogd2.sock"; my $data_buffer; my $linktype; my $proto_offset; my %linktype_to_offset = ( Net::Pcap::DLT_LINUX_SLL => 14, Net::Pcap::DLT_EN10MB => 12, ); sub connect_ulogd2 { (-S $socketfile) or die "ulogd2 socket $socketfile does not exist - is ulogd running ?"; $ulogd_client = IO::Socket::UNIX->new(Peer => $socketfile, Type => SOCK_STREAM ) or die $!; $ulogd_client->autoflush(0); } sub print_padding { my ($offset) = @_; my $padding; my $align = 8; my $data; $padding = ($align - ($offset % $align)) % $align; #print "offset: $offset padding $padding\n"; $data = "\0" x $padding; $data_buffer .= $data; } sub process_pkt { my($user, $hdr, $pkt) = @_; if (($user ne "xyz") or !defined($hdr) or !defined($pkt)) { print("Bad args passed to callback\n"); print("Bad user data\n"), if ($user ne "xyz"); print("Bad pkthdr\n"), if (!defined($hdr)); print("Bad pkt data\n"), if (!defined($pkt)); print("not ok\n"); exit; } #print "Header: len $hdr->{len}\n"; #my $len = length $pkt; #print "Packet length: $len\n"; my $size = length($pkt) - ($proto_offset+2); #my $pcaphdr = unpack ("H*", substr ($pkt, 0, 16)); #printf("pcap hdr: $pcaphdr\n"); my $proto = unpack ("H*", substr ($pkt, $proto_offset, 2)); #printf("proto: $proto\n"); if ($proto ne "0800") { print "ignoring packet with proto $proto\n"; return; } #my $ip_firstbyte = unpack ("H*", substr ($pkt, $proto_offset+2, 2)); #printf("ip_firstbyte: $ip_firstbyte\n"); # decode packet for a SLL: # packet type (sent by us: 4) # link layer address type: 1 # link layer address length: 6 # src dst # protocol (IP, ARP, PPP, SNMP ...) # data my $srcmac = substr ($pkt, 6, 6); (my $hex_src = unpack("H*", $srcmac)) =~ s/(..)/$1:/g; chop $hex_src; #printf "source mac: $hex_src\n"; my $hex_dst = "\0"; # format data my $data; $data_buffer = undef; # ulogd packet signature $data = pack ('N', $ULOGD_SOCKET_MARK); $data_buffer .= $data; my $options_num=2; my $options_len=length($hex_src) + length($hex_dst); # total length (will be filled later) my $total_size = 0; $data = pack ('n', $total_size); $data_buffer .= $data; # reserved + payload length + payload $data = pack ('Nna*', 0, $size, substr($pkt,$proto_offset+2,$size)); $data_buffer .= $data; print_padding($size); # options my $OOB_IN = 2; $data = pack ('NNa*', $OOB_IN, length($hex_src), $hex_src); $data_buffer .= $data; print_padding(length($hex_src)); my $OOB_OUT = 3; $data = pack ('NNa*', $OOB_OUT, length($hex_dst), $hex_dst); $data_buffer .= $data; print_padding(length($hex_dst)); # replace total size in buffer my $l = length($data_buffer) - 4; substr($data_buffer, 4, 2) = pack('n', $l); #(my $hex = unpack("H*", $data_buffer)) =~ s/(..)/$1 /g; #print "$l will be encoded as " . unpack("H*", pack('n', $l)) . "\n"; #print $hex, "\n"; print $ulogd_client $data_buffer; $ulogd_client->flush; #exit; } connect_ulogd2 or die $!; $pcap_t = Net::Pcap::open_offline($dumpfile, \$err); if (!defined($pcap_t)) { print("Net::Pcap::dump_open failed: ", Net::Pcap::geterr($pcap_t), "\n"); exit; } $linktype = Net::Pcap::pcap_datalink($pcap_t); if (not exists $linktype_to_offset{$linktype}) { print("Unsupported link type ", Net::Pcap::pcap_datalink_val_to_name($linktype), "\n"); exit 1; } $proto_offset = $linktype_to_offset{$linktype}; Net::Pcap::loop($pcap_t, -1, \&process_pkt, "xyz"); Net::Pcap::close($pcap_t); debian/ulogd2-pgsql.install0000664000000000000000000000006112246727067013112 0ustar debian/tmp/usr/lib/*/ulogd/ulogd_output_PGSQL.so debian/ulogd.lintian-overrides0000664000000000000000000000014012246727067013672 0ustar # There is no upstream changelog shipped with the package ulogd binary: no-upstream-changelog debian/ulogd2.lintian-overrides0000664000000000000000000000110512246727067013756 0ustar # False positives; the files *are* compiled and linked with hardening flags. ulogd2 binary: hardening-no-fortify-functions usr/lib/*/ulogd/ulogd_filter_PWSNIFF.so ulogd2 binary: hardening-no-fortify-functions usr/lib/*/ulogd/ulogd_inppkt_NFLOG.so ulogd2 binary: hardening-no-fortify-functions usr/lib/*/ulogd/ulogd_inppkt_UNIXSOCK.so # Config file may contain plaintext passwords, e.g. for MySQL. ulogd2 binary: non-standard-file-perm etc/ulogd.conf 0600 != 0644 # There is no upstream changelog shipped with the package ulogd2 binary: no-upstream-changelog debian/ulogd2.README.Debian0000664000000000000000000000243012246727067012440 0ustar README for Debian ulogd2 package ================================ Sample configuration -------------------- The default configuration in /etc/ulogd.conf is set up to consume log entries using NFLOG and send them to /var/log/ulog/syslogemu.log with syslog emulation. A copy of the standard configuration is included in /usr/share/doc/ulogd2/examples/ulogd.conf.gz for reference purposes. Upgrading from ulogd 1.x ------------------------ Please note that the ulogd2 package does not consume logs from the kernel using the ULOG target by default. If you are using the ULOG target, you will need to edit /etc/ulogd.conf to enable this. Alternatively, consider changing your firewall to log using the NFLOG target instead, which offers numerous advantages including being available for use with IPv6. Additional logging targets -------------------------- Support for logging into MySQL, PostgreSQL and SQLite 3 databases is available from separate packages called ulogd2-mysql, ulogd2-pgsql and ulogd2-sqlite3 respectively. There is also support for logging to SQL databases using the DBI abstraction layer available in ulogd2-dbi. You can also log packets in pcap file format, using package ulogd2-pcap. Don't forget to adapt your /etc/ulogd.conf to those modules. Example configuration is included. debian/copyright0000664000000000000000000000522212246727067011141 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: ulogd Source: http://git.netfilter.org/ulogd2/ Files: * Copyright: 1996 Bob Jenkins (bob_jenkins@burtleburtle.net) 1999 Andrea Arcangeli 2000-2006 Harald Welte 2000-2010 Pierre Chifflier 2001 Alex Janssen 2001-2002 Florent AIDE 2002 David Woodhouse 2003 David S. Miller 2005 Ben La Monica 2005 Sven Schuster 2005,2012 Jozsef Kadlecsik 2006 Philip Craig 2008-2010 INL 2008-2012 Pablo Neira Ayuso 2008-2013 Eric Leblond 2012 Intra2net AG License: GPL-2 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. . On Debian systems, the full text of the GNU General Public License version 2 can be found in the file `/usr/share/common-licenses/GPL-2'. Files: debian/* Copyright: 2012-2013 Chris Boot License: GPL-2+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. . On Debian systems, the full text of the GNU General Public License version 2 can be found in the file `/usr/share/common-licenses/GPL-2'. debian/ulogd2.preinst0000664000000000000000000000022412247460163011775 0ustar #!/bin/sh set -e # Ensure any ulogd-1.x instances are stopped if [ -x "/etc/init.d/ulogd" ]; then invoke-rc.d ulogd stop || true fi #DEBHELPER# debian/ulogd2.service0000664000000000000000000000036012246727067011762 0ustar [Unit] Description=Netfilter Userspace Logging Daemon [Service] Type=forking PIDFile=/run/ulog/ulogd.pid ExecStart=/usr/sbin/ulogd --daemon --uid ulog --pidfile /run/ulog/ulogd.pid [Install] Alias=ulogd.service WantedBy=multi-user.target debian/ulogd2.install0000664000000000000000000000116612246727067011775 0ustar ulogd.conf etc/ debian/tmp/usr/sbin/ulogd usr/sbin usr/share/man/man8/ulogd.8 usr/share/man/man8 debian/tmp/usr/lib/*/ulogd/ulogd_filter_*.so debian/tmp/usr/lib/*/ulogd/ulogd_inpflow_*.so debian/tmp/usr/lib/*/ulogd/ulogd_inppkt_*.so debian/tmp/usr/lib/*/ulogd/ulogd_output_GPRINT.so debian/tmp/usr/lib/*/ulogd/ulogd_output_GRAPHITE.so debian/tmp/usr/lib/*/ulogd/ulogd_output_LOGEMU.so debian/tmp/usr/lib/*/ulogd/ulogd_output_NACCT.so debian/tmp/usr/lib/*/ulogd/ulogd_output_OPRINT.so debian/tmp/usr/lib/*/ulogd/ulogd_output_SYSLOG.so debian/tmp/usr/lib/*/ulogd/ulogd_output_XML.so debian/tmp/usr/lib/*/ulogd/ulogd_raw2packet_*.so debian/ulogd2.doc-base0000664000000000000000000000064712246727067012007 0ustar Document: ulogd2-manual Title: ULOGD 2.x - the Netfilter Userspace Logging Daemon Author: Harald Welte, Eric Leblond Abstract: This manual explains how to install and configure ulogd-2.x, the second generation Netfilter Userspace logging daemon. Section: System/Security Format: Text Files: /usr/share/doc/ulogd2/ulogd.txt.gz Format: HTML Index: /usr/share/doc/ulogd2/ulogd.html Files: /usr/share/doc/ulogd2/ulogd.html debian/ulogd2.postrm0000664000000000000000000000022512246727067011646 0ustar #!/bin/sh set -e #DEBHELPER# # Clean up the log directory if [ "$1" = "purge" ]; then if [ -d /var/log/ulog ]; then rm -rf /var/log/ulog fi fi debian/ulogd2.postinst0000664000000000000000000000072412246727067012211 0ustar #!/bin/sh set -e # create ulog group if there isn't one already if ! getent group ulog >/dev/null; then addgroup --system ulog >/dev/null fi # create ulog user if there isn't one already if ! getent passwd ulog >/dev/null; then adduser --system --ingroup ulog --shell /bin/false \ --home /var/log/ulog ulog >/dev/null fi # ensure the ulogd 1.x init script doesn't run if [ -x "/etc/init.d/ulogd" ]; then update-rc.d -f ulogd remove >/dev/null fi #DEBHELPER# debian/ulogd2-mysql.install0000664000000000000000000000006112246727067013131 0ustar debian/tmp/usr/lib/*/ulogd/ulogd_output_MYSQL.so debian/source/0000775000000000000000000000000012246727067010505 5ustar debian/source/format0000664000000000000000000000001412246727067011713 0ustar 3.0 (quilt) debian/source/lintian-overrides0000664000000000000000000000020012246727067014056 0ustar # transitional packages only ulogd2 source: duplicate-long-description ulogd ulogd-mysql ulogd-pcap ulogd-pgsql ulogd-sqlite3 debian/ulogd.NEWS0000664000000000000000000000133612246727067011020 0ustar ulogd2 (2.0.2-3) unstable; urgency=low The ulogd packages containing ulogd-1.x are being replaced by the ulogd2 packages, containing ulogd-2.x. The configuration file for ulogd is not compatible between versions 1.x and 2.x. Please take the time to review /etc/ulogd.conf to ensure the file is upgraded to the new format and re-incorporate any local changes you may require. . Please note that the default /etc/ulogd.conf for ulogd2 does NOT enable the deprecated ULOG logging target. If you are upgrading from ulogd-1.x, you will need to either migrate your iptables ruleset to use NFLOG target instead, or enable the ULOG stack in ulogd.conf. -- Chris Boot Sat, 15 Jun 2013 22:03:14 +0100 debian/ulogd2.examples0000664000000000000000000000003512246727067012137 0ustar debian/examples/* ulogd.conf debian/ulogd2.upstart0000664000000000000000000000040512246727067012024 0ustar # ulogd2 - Netfilter Userspace Logging Daemon # # ulogd is an advanced netfilter logging daemon. description "Netfilter Userspace Logging Daemon" start on runlevel [2345] stop on runlevel [!2345] expect fork respawn exec /usr/sbin/ulogd --daemon --uid ulog debian/ulogd2.docs0000664000000000000000000000024112246727067011250 0ustar AUTHORS doc/mysql-ulogd2-flat.sql doc/mysql-ulogd2.sql doc/pgsql-ulogd2-flat.sql doc/pgsql-ulogd2.sql doc/sqlite3.table doc/ulogd.html doc/ulogd.txt README TODO debian/changelog0000664000000000000000000000651612301556577011065 0ustar ulogd2 (2.0.3-1ubuntu2) trusty; urgency=medium * Pull patch from Hideki Yamane in Debian bug #738407 to fix libdbi FTBFS. -- Adam Conrad Thu, 20 Feb 2014 22:00:15 -0700 ulogd2 (2.0.3-1ubuntu1) trusty; urgency=medium * Use dh-autoreconf instead of autotools-dev to also fix FTBFS on ppc64el by getting new libtool macros (still updates config.{sub,guess}). -- Logan Rosen Fri, 17 Jan 2014 02:23:24 -0500 ulogd2 (2.0.3-1) unstable; urgency=low * New upstream release. * Refresh put-logfiles-in-var-log-ulog.patch. * Remove patches applied upstream: - nice-before-setuid.patch - write-pidfile.patch - improve-pid-file-handling.patch - nflog-close-handle-after-unbind.patch * Use ./configure --disable-silent-rules instead of make V=1. * Correct Vcs-Browser entry to point at gitweb on Alioth. * If the old ulogd init script exists during preinst, try to stop ulogd using that script. (Closes: #731257) -- Chris Boot Tue, 03 Dec 2013 22:50:05 +0000 ulogd2 (2.0.2-4) unstable; urgency=low * Change priority of transitional packages to extra. * Change Vcs-{Browser,Git} to Alioth. * Update paths to docs in ulogd(8). (LP: #1232104) * Disable and remove old ulogd init script. (Closes: #729657, LP: #1250520) - Forcibly disable the init script in postinst. - Remove the script safely using rm_conffile. - Make the ulogd2 init script provide ulogd. * Fix assertion failure in libnfnetlink caused by running multiple instances of ulogd. (Closes: #729055) - Add nflog-close-handle-after-unbind.patch. * Add systemd unit and upstart job files. * Update Standards-Version to 3.9.5 (no changes required). -- Chris Boot Fri, 15 Nov 2013 16:36:17 +0000 ulogd2 (2.0.2-3) unstable; urgency=low * Set up transition from ulogd to ulogd2. (Closes: #395302, #699767) * Update debian/ulogd2.examples to use a wildcard for debian/examples/* * Complete changing my email address in the package source. -- Chris Boot Fri, 21 Jun 2013 19:56:29 +0100 ulogd2 (2.0.2-2) unstable; urgency=low [ Chris Boot ] * Add ulogd2-dbi to Suggests, improve package descriptions. * Activate full hardening build flags (pie + bindnow). * Create ulog user; drop root privileges when starting daemon. * Add nice-before-setuid.patch (applied upstream): - Fixes daemon failing to renice when run as non-root. * Add write-pidfile.patch (applied upstream): - Add PID file capability to daemon. * Add improve-pid-file-handling.patch (from upstream): - Improves PID file handling added in the earlier patch. * Rewrite init script using current best practices: - Uses PID files; based on /etc/init.d/skeleton; uses LSB exit codes. * Remove libnetfilter_conntrack-1.0.1.patch and libnfnetlink-1.0.0.patch: - The requisite versions are in unstable. - Add versioned build-depends for those packages instead. * Include /usr/share/doc/ulogd2/examples/pcap2ulog.gz from upstream git file contrib/pcap2ulog (not included in upstream tarball). [ Jonathan Wiltshire ] * Update maintainer address -- Chris Boot Thu, 30 May 2013 20:09:51 +0100 ulogd2 (2.0.2-1) unstable; urgency=low * Initial release (Closes: #502305) -- Chris Boot Mon, 29 Apr 2013 09:12:48 +0100 debian/ulogd2.init0000664000000000000000000000555312246727067011276 0ustar #!/bin/sh ### BEGIN INIT INFO # Provides: ulogd2 ulogd # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Starts ulogd2 # Description: Starts the netfilter userspace log daemon ### END INIT INFO # Author: Chris Boot PATH=/sbin:/usr/sbin:/bin:/usr/bin DESC="netfilter userspace log daemon" NAME=ulogd DAEMON=/usr/sbin/$NAME DAEMON_USER=ulog PIDDIR=/run/ulog PIDFILE=$PIDDIR/$NAME.pid DAEMON_ARGS="--daemon --uid $DAEMON_USER --pidfile $PIDFILE" SCRIPTNAME=/etc/init.d/$NAME # Exit if the package is not installed [ -x "$DAEMON" ] || exit 0 # Read configuration variable file if it is present [ -r /etc/default/$NAME ] && . /etc/default/$NAME # Load the VERBOSE setting and other rcS variables . /lib/init/vars.sh # Define LSB log_* functions. # Depend on lsb-base (>= 3.2-14) to ensure that this file is present # and status_of_proc is working. . /lib/lsb/init-functions # # Function that starts the daemon/service # do_start() { # Make sure our /run directory exists if [ ! -d $PIDDIR ]; then mkdir $PIDDIR chown $DAEMON_USER: $PIDDIR fi # Return # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON \ --test > /dev/null || return 1 start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ $DAEMON_ARGS || return 2 } # # Function that stops the daemon/service # do_stop() { # Return # 0 if daemon has been stopped # 1 if daemon was already stopped # 2 if daemon could not be stopped # other if a failure occurred start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 \ --pidfile $PIDFILE --name $NAME } # # Function that sends a SIGHUP to the daemon/service # do_reload() { start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDFILE \ --name $NAME return 0 } case "$1" in start) log_daemon_msg "Starting $DESC" "$NAME" do_start; RET=$? case $RET in 0|1) log_end_msg 0; exit 0 ;; *) log_end_msg 1; exit 1 ;; esac ;; stop) log_daemon_msg "Stopping $DESC" "$NAME" do_stop; RET=$? case $RET in 0|1) log_end_msg 0; exit 0 ;; *) log_end_msg 1; exit 1 ;; esac ;; status) status_of_proc "$DAEMON" "$NAME" ;; reload|force-reload) log_daemon_msg "Reloading $DESC" "$NAME" do_reload; RET=$? log_end_msg $RET exit $RET ;; restart) log_daemon_msg "Restarting $DESC" "$NAME" do_stop; RET=$? case $RET in 0|1) do_start; RET=$? case $RET in 0) log_end_msg 0; exit 0 ;; 1) log_end_msg 1; exit 1 ;; # Old process is still running *) log_end_msg 1; exit 1 ;; # Failed to start esac ;; *) # Failed to stop log_end_msg 1; exit 1 ;; esac ;; *) echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2 exit 3 ;; esac debian/compat0000664000000000000000000000000212246727067010403 0ustar 9 debian/ulogd2-sqlite3.install0000664000000000000000000000006312246727067013352 0ustar debian/tmp/usr/lib/*/ulogd/ulogd_output_SQLITE3.so debian/rules0000775000000000000000000000312512301556677010265 0ustar #!/usr/bin/make -f # -*- mode: makefile; coding: utf-8 -*- # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 # This has to be exported to make some magic below work. export DH_OPTIONS # Activate full hardening build flags export DEB_BUILD_MAINT_OPTIONS := hardening=+pie,+bindnow DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) PACKAGE = $(firstword $(shell dh_listpackages)) TMP = $(CURDIR)/debian/$(PACKAGE) %: dh $@ --with autoreconf,systemd override_dh_auto_configure: dh_auto_configure -- --disable-silent-rules --with-pgsql --with-mysql \ --with-dbi --with-dbi-lib=/usr/lib/$(DEB_HOST_MULTIARCH) override_dh_auto_build: dh_auto_build ( cd doc && sgml2txt ulogd.sgml && sgml2html -s 0 ulogd.sgml ) override_dh_auto_clean: dh_auto_clean $(MAKE) -C doc clean rm -f ulogd.conf override_dh_fixperms: dh_fixperms chmod 600 $(TMP)/etc/ulogd.conf override_dh_install: dh_install -X.la --fail-missing override_dh_installdocs: # The ulogd transitional packages need their /usr/share/doc directories # handling specially in order to pick up the correct NEWS file. dh_installdocs -pulogd dh_installdocs -pulogd-mysql --link-doc=ulogd dh_installdocs -pulogd-pgsql --link-doc=ulogd dh_installdocs -pulogd-pcap --link-doc=ulogd dh_installdocs -pulogd-sqlite3 --link-doc=ulogd dh_installdocs --link-doc=$(PACKAGE) override_dh_strip: dh_strip --dbg-package=$(PACKAGE)-dbg .PHONY: override_dh_auto_configure override_dh_auto_build \ override_dh_auto_clean override_dh_fixperms override_dh_install \ override_dh_installdocs override_dh_strip debian/ulogd2.dirs0000664000000000000000000000003212246727067011257 0ustar usr/sbin etc var/log/ulog debian/control0000664000000000000000000001664612266155202010611 0ustar Source: ulogd2 Section: net Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Chris Boot Build-Depends: debhelper (>= 9), dh-autoreconf, pkg-config, libnfnetlink-dev (>= 1.0.1), libmnl-dev, libnetfilter-acct-dev, libnetfilter-conntrack-dev (>= 1.0.2), libnetfilter-log-dev, libmysqlclient-dev, libpq-dev, libsqlite3-dev, libdbi-dev, libpcap-dev, linuxdoc-tools, groff, dh-systemd (>= 1.5) Standards-Version: 3.9.5 Homepage: http://www.netfilter.org/projects/ulogd/ Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/ulogd2.git;a=summary Vcs-Git: git://anonscm.debian.org/collab-maint/ulogd2.git Package: ulogd2 Architecture: linux-any Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, lsb-base, ${misc:Depends}, adduser Suggests: ulogd2-dbi, ulogd2-mysql, ulogd2-pgsql, ulogd2-pcap, ulogd2-sqlite3 Breaks: ulogd (<< 2.0.2-3~) Replaces: ulogd (<< 2.0.2-3~) Description: Netfilter Userspace Logging Daemon ulogd is an advanced netfilter logging daemon. It can act as a replacement for syslog for logging netfilter ruleset violations (via the NFLOG or ULOG iptables targets), can gather per-connection accounting using NFCT, or gather per-rule accounting using NFACCT. Output can be sent to plain text log files, a variety of SQL database formats, XML files, pcap files, syslog, and many other formats. . Support for DBI, MySQL, PostgreSQL and SQLite 3 are in separate packages called ulogd2-dbi, ulogd2-mysql, ulogd2-pgsql and ulogd2-sqlite3 respectively. Support for writing to pcap files is in the ulogd2-pcap package. Package: ulogd2-dbi Architecture: linux-any Pre-Depends: ${misc:Pre-Depends} Depends: ulogd2 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} Description: DBI extension to ulogd ulogd is an advanced netfilter logging daemon. It can act as a replacement for syslog for logging netfilter ruleset violations (via the NFLOG or ULOG iptables targets), can gather per-connection accounting using NFCT, or gather per-rule accounting using NFACCT. Output can be sent to plain text log files, a variety of SQL database formats, XML files, pcap files, syslog, and many other formats. . This module adds DBI support to ulogd. If you install this package, you can send netfilter logs or accounting data to an SQL database via the DBI database abstraction layer. Package: ulogd2-mysql Architecture: linux-any Pre-Depends: ${misc:Pre-Depends} Depends: ulogd2 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} Breaks: ulogd-mysql (<< 2.0.2-3~) Replaces: ulogd-mysql (<< 2.0.2-3~) Description: MySQL extension to ulogd ulogd is an advanced netfilter logging daemon. It can act as a replacement for syslog for logging netfilter ruleset violations (via the NFLOG or ULOG iptables targets), can gather per-connection accounting using NFCT, or gather per-rule accounting using NFACCT. Output can be sent to plain text log files, a variety of SQL database formats, XML files, pcap files, syslog, and many other formats. . This module adds MySQL support to ulogd. If you install this package, you can send netfilter logs or accounting data to a MySQL database. Package: ulogd2-pcap Architecture: linux-any Pre-Depends: ${misc:Pre-Depends} Depends: ulogd2 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} Suggests: tcpdump, wireshark, tshark Breaks: ulogd-pcap (<< 2.0.2-3~) Replaces: ulogd-pcap (<< 2.0.2-3~) Description: pcap extension to ulogd ulogd is an advanced netfilter logging daemon. It can act as a replacement for syslog for logging netfilter ruleset violations (via the NFLOG or ULOG iptables targets), can gather per-connection accounting using NFCT, or gather per-rule accounting using NFACCT. Output can be sent to plain text log files, a variety of SQL database formats, XML files, pcap files, syslog, and many other formats. . This module add pcap file support to ulogd. If you install this package, you can use ulogd to dump packets to a file for later analysis using tools such as tcpdump or wireshark. Package: ulogd2-pgsql Architecture: linux-any Pre-Depends: ${misc:Pre-Depends} Depends: ulogd2 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} Breaks: ulogd-pgsql (<< 2.0.2-3~) Replaces: ulogd-pgsql (<< 2.0.2-3~) Description: PostgreSQL extension to ulogd ulogd is an advanced netfilter logging daemon. It can act as a replacement for syslog for logging netfilter ruleset violations (via the NFLOG or ULOG iptables targets), can gather per-connection accounting using NFCT, or gather per-rule accounting using NFACCT. Output can be sent to plain text log files, a variety of SQL database formats, XML files, pcap files, syslog, and many other formats. . This module adds PostgreSQL support to ulogd. If you install this package, you can send netfilter logs or accounting data to a PostgreSQL database. Package: ulogd2-sqlite3 Architecture: linux-any Pre-Depends: ${misc:Pre-Depends} Depends: ulogd2 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} Breaks: ulogd-sqlite3 (<< 2.0.2-3~) Replaces: ulogd-sqlite3 (<< 2.0.2-3~) Description: SQLite 3 extension to ulogd ulogd is an advanced netfilter logging daemon. It can act as a replacement for syslog for logging netfilter ruleset violations (via the NFLOG or ULOG iptables targets), can gather per-connection accounting using NFCT, or gather per-rule accounting using NFACCT. Output can be sent to plain text log files, a variety of SQL database formats, XML files, pcap files, syslog, and many other formats. . This module adds SQLite 3 support to ulogd. If you install this package, you can send netfilter logs or accounting data to an SQLite 3 database. Package: ulogd2-dbg Section: debug Priority: extra Architecture: linux-any Depends: ulogd2 (= ${binary:Version}), ${misc:Depends} Description: Netfilter Userspace Logging Daemon (debug symbols) ulogd is an advanced netfilter logging daemon. It can act as a replacement for syslog for logging netfilter ruleset violations (via the NFLOG or ULOG iptables targets), can gather per-connection accounting using NFCT, or gather per-rule accounting using NFACCT. Output can be sent to plain text log files, a variety of SQL database formats, XML files, pcap files, syslog, and many other formats. . This package provides debugging symbols for ulogd and its plugins. Package: ulogd Architecture: linux-any Depends: ulogd2, ${misc:Depends} Section: oldlibs Priority: extra Description: transitional dummy package for ulogd2 This is a transitional dummy package. It can safely be removed. Package: ulogd-mysql Architecture: linux-any Depends: ulogd2-mysql, ${misc:Depends} Section: oldlibs Priority: extra Description: transitional dummy package for ulogd2-mysql This is a transitional dummy package. It can safely be removed. Package: ulogd-pgsql Architecture: linux-any Depends: ulogd2-pgsql, ${misc:Depends} Section: oldlibs Priority: extra Description: transitional dummy package for ulogd2-pgsql This is a transitional dummy package. It can safely be removed. Package: ulogd-pcap Architecture: linux-any Depends: ulogd2-pcap, ${misc:Depends} Section: oldlibs Priority: extra Description: transitional dummy package for ulogd2-pcap This is a transitional dummy package. It can safely be removed. Package: ulogd-sqlite3 Architecture: linux-any Depends: ulogd2-sqlite3, ${misc:Depends} Section: oldlibs Priority: extra Description: transitional dummy package for ulogd2-sqlite3 This is a transitional dummy package. It can safely be removed. debian/ulogd2.maintscript0000664000000000000000000000017212246727067012660 0ustar # Remove the old ulogd 1.x init script, as it can cause problems/confusion rm_conffile /etc/init.d/ulogd 2.0.2-4~ ulogd debian/ulogd2-dbi.install0000664000000000000000000000005712246727067012527 0ustar debian/tmp/usr/lib/*/ulogd/ulogd_output_DBI.so debian/watch0000664000000000000000000000012212246727067010231 0ustar version=3 opts=pasv ftp://ftp.netfilter.org/pub/ulogd/ulogd-(.*)\.tar\.bz2 debian debian/gbp.conf0000664000000000000000000000006612246727067010626 0ustar [DEFAULT] debian-branch = debian pristine-tar = True debian/patches/0000775000000000000000000000000012247357604010631 5ustar debian/patches/put-logfiles-in-var-log-ulog.patch0000664000000000000000000000201212247357604017174 0ustar Description: Update logfile paths to log to /var/log/ulog/* The standard configuration file sends logs to a number of files under /var/log/. To keep things tidy, including the logrotate script, move all the logs into a common parent directory. Forwarded: not-needed Author: Chris Boot Last-Update: 2013-04-27 --- a/ulogd.conf.in +++ b/ulogd.conf.in @@ -179,25 +179,24 @@ socket_path="/tmp/nuauth_ulogd2.sock" [emu1] -file="/var/log/ulogd_syslogemu.log" +file="/var/log/ulog/syslogemu.log" sync=1 [op1] -file="/var/log/ulogd_oprint.log" +file="/var/log/ulog/oprint.log" sync=1 [gp1] -file="/var/log/ulogd_gprint.log" +file="/var/log/ulog/gprint.log" sync=1 timestamp=1 [xml1] -directory="/var/log/" +directory="/var/log/ulog/" sync=1 [pcap1] -#default file is /var/log/ulogd.pcap -#file="/var/log/ulogd.pcap" +file="/var/log/ulog/ulogd.pcap" sync=1 [mysql1] @@ -295,7 +294,7 @@ [nacct1] sync = 1 -#file = /var/log/ulogd_nacct.log +file = /var/log/ulog/nacct.log [mark1] mark = 1 debian/patches/enable-nflog-by-default.patch0000664000000000000000000000170012246727067016236 0ustar Description: Enable NFLOG => LOGEMU stack by default The simplest and likely most common usage scenario is to log packets to a logfile using NFLOG, bypassing the kernel ringbuffer. Enable this by default. Forwarded: not-needed Author: Chris Boot Last-Update: 2013-04-27 Index: ulogd2/ulogd.conf.in =================================================================== --- ulogd2.orig/ulogd.conf.in 2013-04-01 12:00:44.781476506 +0100 +++ ulogd2/ulogd.conf.in 2013-04-01 12:02:36.908069963 +0100 @@ -51,7 +51,7 @@ plugin="@pkglibdir@/ulogd_output_GRAPHITE.so" # this is a stack for logging packet send by system via LOGEMU -#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU +stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU # this is a stack for packet-based logging via LOGEMU #stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU debian/patches/series0000664000000000000000000000015512247357604012047 0ustar configure-logging.patch enable-nflog-by-default.patch put-logfiles-in-var-log-ulog.patch ulogd8-ulogd2.patch debian/patches/ulogd8-ulogd2.patch0000664000000000000000000000177112246727067014257 0ustar Description: Correct ulogd(8) paths to /usr/share/doc/ulogd2 The paths in the ulogd(8) man page assume the package is called 'ulogd' and not 'ulogd2'. This patch updates the paths. Author: Chris Boot Bug-Ubuntu: https://launchpad.net/bugs/1232104 Forwarded: not-needed Last-Update: 2013-11-14 --- ulogd2-2.0.2.orig/ulogd.8 +++ ulogd2-2.0.2/ulogd.8 @@ -62,21 +62,19 @@ display infos about plugin record the ulogd process ID to the given file name .SH FILES .I /etc/ulogd.conf -.br -.I /var/log/ulogd.log .SH SEE ALSO There is more documentation about the daemon and the database plugins (including examples) in the directories .nf .br -.I /usr/share/doc/ulogd +.I /usr/share/doc/ulogd2 .br .fi -.I /usr/share/doc/ulogd-mysql +.I /usr/share/doc/ulogd2-mysql and .nf .br -.I /usr/share/doc/ulogd-pgsql +.I /usr/share/doc/ulogd2-pgsql .SH AUTHOR This manual page was written by Joerg Wendland , for the Debian GNU/Linux system (but may be used by others). debian/patches/configure-logging.patch0000664000000000000000000000120112246727067015254 0ustar Description: Tweak log destination and loglevel in ulogd.conf.in Send logging for ulogd itself to syslog rather than to file (not for iptables logging), and explicitly set loglevel to info. Forwarded: not-needed Author: Chris Boot Last-Update: 2013-04-27 --- ulogd2-2.0.2.orig/ulogd.conf.in +++ ulogd2-2.0.2/ulogd.conf.in @@ -8,10 +8,10 @@ # logfile for status messages -logfile="/var/log/ulogd.log" +logfile="syslog" # loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) (default 5) -# loglevel=1 +loglevel=3 ###################################################################### # PLUGIN OPTIONS debian/ulogd2-pcap.install0000664000000000000000000000006012246727067012706 0ustar debian/tmp/usr/lib/*/ulogd/ulogd_output_PCAP.so debian/ulogd2.logrotate0000664000000000000000000000026612246727067012327 0ustar /var/log/ulog/*.log /var/log/ulog/*.pcap { missingok compress sharedscripts create 640 ulog adm postrotate invoke-rc.d ulogd2 reload > /dev/null endscript } debian/ulogd2.tmpfile0000664000000000000000000000003712246727067011763 0ustar d /run/ulog 0755 ulog ulog - -