On Sat, Oct 31, 2009 at 12:11:05AM +0100, Fred Leeflang wrote: > Yes I was looking at those although I looked at the ulogd 1 source and > only very briefly at ulogd 2, looking at those actually gave somebody > else in #vuurmuur the idea to check into this way. It's far easier for Hi Fred, I'd suggest to look only for ulogd2 if possible. The architecture is very different, and I think adding a plugin will be far easier. > us to make such an extension and require ulogd to run and parse > packets for us than it is to parse a syslog text file. So if I were to > write an extension that would do what we want it to do, could that > extension be part of the builltin extensions of ulogd[1|2] ? I'm more > than happy to hack something together and let the list have a look at > it. If the plugin is generic, it should not be a problem. Ulogd2 has 3 types of plugins: input, filter, and output. So, from what you are telling, I suppose it would be an input plugin ? BTW, I don't know if it can help you, but I have written an input plugin (UNIXSOCK) which allows to send data to ulogd2 through a unix socket, with a script to read pcap files. I was about to send the patches. Regards, Pierre -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
