From: Dan Purcell <dpurcell@nitrosecurity.com>
To: netfilter-devel@lists.netfilter.org
Subject: NFLOG and ulogd-2: not talking to each other
Date: Tue, 20 Mar 2007 09:57:49 -0600 [thread overview]
Message-ID: <4600047D.6030106@nitrosecurity.com> (raw)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Has anyone here had any experience with NFLOG and ulogd-2? Anyone been
successful in putting this together? I have tried posting to the
gnumonks.org's ulogd mailing list, but it seams to be lifeless.
I successfully built the xt_NFLOG target from the 2.6.20 kernel, and am
using iptables 1.3.7 (which includes the NFLOG target). I replaced the
libipt_NFLOG.c and libip6t_NFLOG.c files with those that are in
netfilter's SVN, as I understand there is a problem (bug) with the
userspace side regarding nflog-groups.
I set up my ulogd configuration file, added a stack that included the
NFLOG input plugin. in the parameter section, I set the NFLOG group to
16 (I verified that ulogd says it is attaching to group number 16 by
viewing /var/log/ulogd.log). I add the following iptables rule:
ip6tables -A FORWARD -j NFLOG --nflog-group 16. My system is set up
with a bridge, and I can tcpdump the ipv6 traffic going by.
The counters on the ip6tables -nvL FORWARD increases, but I don't think
I am not getting anything to ulogd. My /var/log/messages fills up with
logs like the following:
Mar 19 22:55:04 localhost kernel: [3003211.629163] nf_log_packet: can't
log since no backend logging module loaded in! Please either load one,
or disable logging explicitly
I have also ran ulogd in gdb, and have put a break point in
ulogd_inppkt_NFLOG.c's interp_packet(..) function, but the break point
is never reached.
How can I verify that ulogd from the user-side is "connected" to the
kernel side? What am I missing?
In case it helps, I will paste my ulogd.conf here:
- ---------------------------------
[global]
logfile="/var/log/ulogd.log"
loglevel=1
rmem=131071
bufsize=150000
plugin="/root/work/lib/ulogd/ulogd_inppkt_NFLOG.so"
plugin="/root/work/lib/ulogd/ulogd_output_OPRINT.so"
stack=log1:NFLOG,op1:OPRINT
[log1]
# netlink multicast group (the same as the iptables --ulog-nlgroup param)
group=16
[op1]
file="/var/log/ulogd_oprint.log"
sync=1
- --
- --------------------------------------------------------------
Dan Purcell, Software Engineer dpurcell@nitrosecurity.com
NitroSecurity, Inc. (208) 552-5332
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGAAR9Tqu8TzII/vURAq2YAJkBxSckPsCKHlee0tA5TNJJ5hnOOgCeJpMY
ZgP3QkmLWYYro9M468b81+k=
=Afu2
-----END PGP SIGNATURE-----
next reply other threads:[~2007-03-20 15:57 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-20 15:57 Dan Purcell [this message]
2007-03-20 16:02 ` NFLOG and ulogd-2: not talking to each other Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4600047D.6030106@nitrosecurity.com \
--to=dpurcell@nitrosecurity.com \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.