From 4540766d8000efc33e70dd857eb0e052da71c854 Mon Sep 17 00:00:00 2001 From: Ryan Cavicchioni Date: Mon, 25 Nov 2019 18:24:14 -0600 Subject: [PATCH] Clean up ulogd.conf template --- roles/firewall/defaults/main.yaml | 15 ++++++++--- roles/firewall/templates/ulogd.conf.j2 | 37 +++++++++++++++++++------- 2 files changed, 40 insertions(+), 12 deletions(-) diff --git a/roles/firewall/defaults/main.yaml b/roles/firewall/defaults/main.yaml index c258cbe..1737348 100644 --- a/roles/firewall/defaults/main.yaml +++ b/roles/firewall/defaults/main.yaml @@ -39,10 +39,19 @@ firewall_ulogd_package_name: ulogd2 firewall_ulogd_service_name: ulogd2.service firewall_ulogd_config_path: /etc/ulogd.conf firewall_ulogd_nflog_group: 1 -firewall_ulogd_syslog_facility: LOG_LOCAL0 -firewall_ulogd_syslog_level: LOG_INFO -firewall_iptables_nflog_group: 2 +# debug(1), info(3), notice(5), error(7) or fatal(8) (default 5) +firewall_ulogd_log_level: 3 + +firewall_ulogd_packet_mode_enabled: yes +firewall_ulogd_packet_mode_syslog_facility: LOG_LOCAL0 +firewall_ulogd_packet_mode_syslog_level: LOG_INFO + +firewall_ulogd_flow_mode_enabled: yes +firewall_ulogd_flow_mode_syslog_facility: LOG_LOCAL1 +firewall_ulogd_flow_mode_syslog_level: LOG_INFO + +firewall_iptables_nflog_group: 1 firewall_drop_icmp_flood: true firewall_limit_icmp_flood_seconds: 1 diff --git a/roles/firewall/templates/ulogd.conf.j2 b/roles/firewall/templates/ulogd.conf.j2 index 16aa6a5..2b949c9 100644 --- a/roles/firewall/templates/ulogd.conf.j2 +++ b/roles/firewall/templates/ulogd.conf.j2 @@ -1,10 +1,10 @@ [global] # logfile for status messages -#logfile="syslog" +logfile="syslog" # loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) (default 5) -#loglevel=3 +loglevel={{ firewall_ulogd_loglevel | default(3) }} plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_inppkt_NFLOG.so" plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_inpflow_NFCT.so" @@ -15,12 +15,31 @@ plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_filter_PRINTFLOW.so" plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_output_SYSLOG.so" plugin="/usr/lib/x86_64-linux-gnu/ulogd/ulogd_raw2packet_BASE.so" -# this is a stack for logging packets to syslog after a collect via NFLOG -stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG +{% if firewall_ulogd_packet_mode_enabled %} +stack=packet:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,syslog-packet:SYSLOG +{% endif %} +{% if firewall_ulogd_flow_mode_enabled %} +stack=flow:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,syslog-flow:SYSLOG +{% endif %} -[log1] -group={{ firewall_ulogd_nflog_group | default(0) }} +{% if firewall_ulogd_packet_mode_enabled %} +[packet] +group={{ firewall_ulogd_nflog_group | default(1) }} +{% endif %} -[sys1] -facility={{ firewall_ulogd_syslog_facility | default("LOG_LOCAL0") }} -level={{ firewall_ulogd_syslog_level | default("LOG_INFO") }} +{% if firewall_ulogd_flow_mode_enabled %} +[flow] +#group={{ firewall_ulogd_nflog_group | default(1) }} +{% endif %} + +{% if firewall_ulogd_packet_mode_enabled %} +[syslog-packet] +facility={{ firewall_ulogd_packet_mode_syslog_facility | default("LOG_LOCAL0") }} +level={{ firewall_ulogd_packet_mode_syslog_level | default("LOG_INFO") }} +{% endif %} + +{% if firewall_ulogd_flow_mode_enabled %} +[syslog-flow] +facility={{ firewall_ulogd_flow_mode_syslog_facility | default("LOG_LOCAL1") }} +level={{ firewall_ulogd_flow_mode_syslog_level | default("LOG_INFO") }} +{% endif %}