diff --git a/ulogd2/patches/ulogd2-2.0.5-better-sqlite-debugging.patch b/ulogd2/patches/ulogd2-2.0.5-better-sqlite-debugging.patch
new file mode 100644
index 000000000..f9c5f7d79
--- /dev/null
+++ b/ulogd2/patches/ulogd2-2.0.5-better-sqlite-debugging.patch
@@ -0,0 +1,26 @@
+diff --git a/output/sqlite3/ulogd_output_SQLITE3.c b/output/sqlite3/ulogd_output_SQLITE3.c
+index 5c49055..e3eff6f 100644
+--- a/output/sqlite3/ulogd_output_SQLITE3.c
++++ b/output/sqlite3/ulogd_output_SQLITE3.c
+@@ -212,7 +212,8 @@ sqlite3_interp(struct ulogd_pluginstance *pi)
+ 	return ULOGD_IRET_OK;
+ 
+  err_bind:
+-	ulogd_log(ULOGD_ERROR, "SQLITE: bind: %s\n", sqlite3_errmsg(priv->dbh));
++	ulogd_log(ULOGD_ERROR, "SQLITE: bind: %s (field: %s)\n", sqlite3_errmsg(priv->dbh),
++		f->key->name);
+ 	
+ 	return ULOGD_IRET_ERR;
+ }
+@@ -353,8 +354,10 @@ sqlite3_init_db(struct ulogd_pluginstance *pi)
+ 		}
+ 		strncpy(f->name, buf, ULOGD_MAX_KEYLEN);
+ 
+-		if ((f->key = ulogd_find_key(pi, buf)) == NULL)
++		if ((f->key = ulogd_find_key(pi, buf)) == NULL) {
++			ulogd_log(ULOGD_ERROR, "SQLITE3: Could not find field %s\n", buf);
+ 			return -1;
++		}
+ 
+ 		TAILQ_INSERT_TAIL(&priv->fields, f, link);
+ 	}
diff --git a/ulogd2/sqlite3.table b/ulogd2/sqlite3.table
index 200a4c415..c38474dd1 100644
--- a/ulogd2/sqlite3.table
+++ b/ulogd2/sqlite3.table
@@ -1,21 +1,126 @@
-CREATE TABLE ulog (
-			raw_mac		VARCHAR(80),
-			oob_time_sec	INT UNSIGNED,
-			oob_time_usec	INT UNSIGNED,
-			ip_saddr	INT UNSIGNED,
-			ip_daddr	INT UNSIGNED,
-			ip_protocol	TINYINT UNSIGNED,
-			ip_totlen       SMALLINT UNSIGNED,
-			tcp_sport	SMALLINT UNSIGNED,
-			tcp_dport	SMALLINT UNSIGNED,
-			udp_sport	SMALLINT UNSIGNED,
-			udp_dport	SMALLINT UNSIGNED,
-			udp_len		SMALLINT UNSIGNED,
-			icmp_type	TINYINT UNSIGNED,
-			icmp_code	TINYINT UNSIGNED,
-			icmp_echoid	SMALLINT UNSIGNED,
-			icmp_echoseq	SMALLINT UNSIGNED,
-			icmp_gateway	INT UNSIGNED,
-			icmp_fragmtu	SMALLINT UNSIGNED
-		);
+CREATE TABLE hits (
+	oob_time_sec		INTEGER NOT NULL,
+	oob_time_usec		INTEGER NOT NULL,
+	oob_hook		INTEGER,
+	oob_prefix		TEXT,
+	mac_saddr_str		TEXT,
+	mac_daddr_str		TEXT,
+	oob_in			TEXT,
+	oob_out			TEXT,
+	oob_family		INTEGER,
+	oob_protocol		INTEGER,
+	oob_uid			INTEGER,
+	oob_gid			INTEGER,
+	oob_mark		INTEGER,
+	ip_saddr		BLOB,
+	ip_saddr_str		TEXT,
+	ip_daddr		BLOB,
+	ip_daddr_str		TEXT,
+	ip_protocol		INTEGER,
+	ip_tos			INTEGER,
+	ip_ttl			INTEGER,
+	ip_totlen		INTEGER,
+	ip_id			INTEGER,
+	ip_fragoff		INTEGER,
+	ip6_payloadlen		INTEGER,
+	ip6_priority		INTEGER,
+	ip6_hoplimit		INTEGER,
+	ip6_flowlabel		INTEGER,
+	ip6_nexthdr		INTEGER,
+	ip6_fragoff		INTEGER,
+	ip6_fragid		INTEGER,
+	tcp_sport		INTEGER,
+	tcp_dport		INTEGER,
+	tcp_seq			INTEGER,
+	tcp_ackseq		INTEGER,
+	tcp_window		INTEGER,
+	tcp_syn			INTEGER,
+	tcp_ack			INTEGER,
+	tcp_rst			INTEGER,
+	tcp_fin			INTEGER,
+	tcp_urg			INTEGER,
+	tcp_urgp		INTEGER,
+	udp_sport		INTEGER,
+	udp_dport		INTEGER,
+	udp_len			INTEGER,
+	icmp_type		INTEGER,
+	icmp_code		INTEGER,
+	icmp_echoid		INTEGER,
+	icmp_echoseq		INTEGER,
+	icmp_gateway		INTEGER,
+	icmp_fragmtu		INTEGER,
+	icmpv6_type		INTEGER,
+	icmpv6_code		INTEGER,
+	icmpv6_echoid		INTEGER,
+	icmpv6_echoseq		INTEGER,
+	icmpv6_csum		INTEGER,
+	ahesp_spi		INTEGER,
+	arp_hwtype		INTEGER,
+	arp_protocoltype	INTEGER,
+	arp_operation		INTEGER,
+	arp_shwaddr		BLOB,
+	arp_saddr_str		TEXT,
+	arp_dhwaddr		BLOB,
+	arp_daddr_str		TEXT,
+	sctp_sport		INTEGER,
+	sctp_dport		INTEGER,
+	sctp_csum		INTEGER
+);
 
+CREATE INDEX hits_time ON hits(oob_time_sec);
+CREATE INDEX hits_prefix ON hits(oob_prefix);
+CREATE INDEX hits_oob_family ON hits(oob_family);
+
+/* Layer 2 - MAC addresses */
+CREATE INDEX hits_mac_saddr ON hits(mac_saddr_str);
+CREATE INDEX hits_mac_daddr ON hits(mac_daddr_str);
+
+/* Layer 3 - IP */
+CREATE INDEX hits_ip_saddr ON hits(ip_saddr);
+CREATE INDEX hits_ip_daddr ON hits(ip_daddr);
+CREATE INDEX hits_ip_protocol ON hits(ip_protocol);
+
+/* Layer 4 protocols */
+CREATE INDEX hits_tcp_sport ON hits(tcp_sport);
+CREATE INDEX hits_tcp_dport ON hits(tcp_dport);
+CREATE INDEX hits_udp_sport ON hits(udp_sport);
+CREATE INDEX hits_udp_dport ON hits(udp_dport);
+CREATE INDEX hits_sctp_sport ON hits(sctp_sport);
+CREATE INDEX hits_sctp_dport ON hits(sctp_dport);
+
+CREATE INDEX hits_icmpv6_type ON hits(icmpv6_type);
+CREATE INDEX hits_icmp_type ON hits(icmp_type);
+
+CREATE TABLE flows (
+	flow_start_sec		INTEGER,
+	flow_start_usec		INTEGER,
+	flow_end_sec		INTEGER,
+	flow_end_usec		INTEGER,
+	orig_ip_saddr		BLOB NOT NULL,
+	orig_ip_saddr_str	TEXT NOT NULL,
+	orig_ip_daddr		BLOB NOT NULL,
+	orig_ip_daddr_str	TEXT NOT NULL,
+	orig_ip_protocol	INTEGER NOT NULL,
+	orig_l4_sport		INTEGER,
+	orig_l4_dport		INTEGER,
+	orig_raw_pktcount	INTEGER NOT NULL,
+	orig_raw_pktlen		INTEGER NOT NULL,
+	reply_ip_saddr		BLOB NOT NULL,
+	reply_ip_saddr_str	BLOB NOT NULL,
+	reply_ip_daddr		BLOB NOT NULL,
+	reply_ip_daddr_str	BLOB NOT NULL,
+	reply_ip_protocol	INTEGER NOT NULL,
+	reply_l4_sport		INTEGER,
+	reply_l4_dport		INTEGER,
+	reply_raw_pktcount	INTEGER NOT NULL,
+	reply_raw_pktlen	INTEGER NOT NULL,
+	icmp_code		INTEGER,
+	icmp_type		INTEGER,
+	ct_id			INTEGER NOT NULL,
+	ct_event		INTEGER NOT NULL,
+	ct_mark			INTEGER
+);
+
+CREATE INDEX flows_ip_saddr ON flows(orig_ip_saddr);
+CREATE INDEX flows_ip_daddr ON flows(orig_ip_daddr);
+CREATE INDEX flows_ip_protocol ON flows(orig_ip_protocol);
diff --git a/ulogd2/ulogd.conf b/ulogd2/ulogd.conf
index c2b8e6dfb..565579f35 100644
--- a/ulogd2/ulogd.conf
+++ b/ulogd2/ulogd.conf
@@ -5,9 +5,6 @@
 # GLOBAL OPTIONS
 ######################################################################
 
-# logfile for status messages
-logfile="/var/log/ulogd/ulogd.log"
-
 # loglevel: debug(1), info(3), notice(5), error(7) or fatal(8)
 loglevel=7
 
@@ -22,7 +19,7 @@ loglevel=7
 # 2. options for each plugin in seperate section below
 
 plugin="/usr/lib/ulogd/ulogd_inppkt_NFLOG.so"
-plugin="/usr/lib/ulogd/ulogd_inppkt_ULOG.so"
+#plugin="/usr/lib/ulogd/ulogd_inppkt_ULOG.so"
 plugin="/usr/lib/ulogd/ulogd_inpflow_NFCT.so"
 plugin="/usr/lib/ulogd/ulogd_filter_IFINDEX.so"
 plugin="/usr/lib/ulogd/ulogd_filter_IP2STR.so"
@@ -31,7 +28,7 @@ plugin="/usr/lib/ulogd/ulogd_filter_PRINTPKT.so"
 plugin="/usr/lib/ulogd/ulogd_filter_HWHDR.so"
 plugin="/usr/lib/ulogd/ulogd_filter_PRINTFLOW.so"
 #plugin="/usr/lib/ulogd/ulogd_filter_MARK.so"
-plugin="/usr/lib/ulogd/ulogd_output_LOGEMU.so"
+#plugin="/usr/lib/ulogd/ulogd_output_LOGEMU.so"
 plugin="/usr/lib/ulogd/ulogd_output_SYSLOG.so"
 #plugin="/usr/lib/ulogd/ulogd_output_OPRINT.so"
 #plugin="/usr/lib/ulogd/ulogd_output_NACCT.so"
@@ -42,38 +39,26 @@ plugin="/usr/lib/ulogd/ulogd_output_SYSLOG.so"
 plugin="/usr/lib/ulogd/ulogd_output_SQLITE3.so"
 plugin="/usr/lib/ulogd/ulogd_raw2packet_BASE.so"
 
-# this is a stack for logging packet send by system via LOGEMU
-stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
+# Log packets
+stack=src-pkt:NFLOG,base:BASE,ifindex:IFINDEX,ip2str:IP2STR,hw:HWHDR,db-packets:SQLITE3
+stack=src-pkt:NFLOG,base:BASE,ifindex:IFINDEX,ip2str:IP2STR,print:PRINTPKT,syslog:SYSLOG
 
-# this is a stack for NFLOG packet-based logging to PCAP
-#stack=log1:NFLOG,base1:BASE,pcap1:PCAP
+# Log connection tracking events
+stack=src-ct:NFCT,ip2bin:IP2BIN,ip2str:IP2STR,print-flow:PRINTFLOW,db-flows:SQLITE3
 
-# this is a stack for logging packet to sqlite
-#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,sqlite1:SQLITE3
-
-# this is a stack for logging packets to syslog after a collect via NFLOG
-#stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG
-
-# Logging of system packet through NFLOG
-[log1]
-# netlink multicast group (the same as the iptables --nflog-group param)
-# Group O is used by the kernel to log connection tracking invalid message
+[src-pkt]
 group=0
-#netlink_socket_buffer_size=217088
-#netlink_socket_buffer_maxsize=1085440
-# set number of packet to queue inside kernel
-#netlink_qthreshold=1
-# set the delay before flushing packet in the queue inside kernel (in ms)
-#netlink_qtimeout=1000
 bind=1
 
-[emu1]
-file="/var/log/ulogd/syslogemu.log"
-sync=1
+[src-ct]
+# Only receive DESTROY events
+event_mask=0x00000004
+hash_enable=1
 
-[pcap1]
-sync=1
+[db-packets]
+db=/var/lib/ulogd/ulogd.db
+table=hits
 
-[sqlite1]
-db=/var/log/ulogd/ulogd.db
-table=ulog
+[db-flows]
+db=/var/lib/ulogd/ulogd.db
+table=flows
diff --git a/ulogd2/ulogd.logrotate b/ulogd2/ulogd.logrotate
deleted file mode 100644
index b3fb6d12d..000000000
--- a/ulogd2/ulogd.logrotate
+++ /dev/null
@@ -1,7 +0,0 @@
-/var/log/ulogd.log /var/log/ulogd.syslogemu /var/log/ulogd.pktlog /var/log/ulogd.pcap {
-    missingok
-    sharedscripts
-    postrotate
-	/bin/killall -HUP ulogd 2> /dev/null || true
-    endscript
-}
diff --git a/ulogd2/ulogd2.nm b/ulogd2/ulogd2.nm
index 5a153a202..4d639a872 100644
--- a/ulogd2/ulogd2.nm
+++ b/ulogd2/ulogd2.nm
@@ -4,7 +4,7 @@
 ###############################################################################
 
 name       = ulogd2
-version    = 2.0.4
+version    = 2.0.5
 release    = 1
 epoch      = 1
 
@@ -40,15 +40,15 @@ build
 	# Set libdir to "/usr/lib" for every architecture to install the ulogd2 plugins
 	# to this folder.
 	configure_options+= \
-		--sysconfdir=/etc \
 		--libdir=%{prefix}/lib
 
 	install_cmds
-		mkdir -pv %{BUILDROOT}/etc
-		cp -vf %{DIR_SOURCE}/ulogd.conf %{BUILDROOT}/etc/ulogd.conf
+		mkdir -pv %{BUILDROOT}%{sysconfdir}
+		cp -vf %{DIR_SOURCE}/ulogd.conf %{BUILDROOT}%{sysconfdir}/ulogd.conf
 
-		mkdir -pv %{BUILDROOT}/var/log/ulogd
-		sqlite3 -echo %{BUILDROOT}/var/log/ulogd/ulogd.db < %{DIR_SOURCE}/sqlite3.table
+		mkdir -pv %{BUILDROOT}%{sharedstatedir}/ulogd
+		sqlite3 -echo %{BUILDROOT}%{sharedstatedir}/ulogd/ulogd.db \
+			< %{DIR_SOURCE}/sqlite3.table
 	end
 end
 
@@ -61,7 +61,11 @@ packages
 		end
 
 		configfiles
-			/etc/ulogd.conf
+			%{sysconfdir}/ulogd.conf
+		end
+
+		datafiles
+			%{sharedstatedir}/ulogd/ulogd.db
 		end
 
 		script postin