From: Patrick McHardy <kaber@trash.net>
To: Dan Purcell <dpurcell@nitrosecurity.com>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: NFLOG and ulogd-2: not talking to each other
Date: Tue, 20 Mar 2007 17:02:59 +0100 [thread overview]
Message-ID: <460005B3.9070703@trash.net> (raw)
In-Reply-To: <4600047D.6030106@nitrosecurity.com>
Dan Purcell wrote:
> Has anyone here had any experience with NFLOG and ulogd-2? Anyone been
> successful in putting this together? I have tried posting to the
> gnumonks.org's ulogd mailing list, but it seams to be lifeless.
>
> I successfully built the xt_NFLOG target from the 2.6.20 kernel, and am
> using iptables 1.3.7 (which includes the NFLOG target). I replaced the
> libipt_NFLOG.c and libip6t_NFLOG.c files with those that are in
> netfilter's SVN, as I understand there is a problem (bug) with the
> userspace side regarding nflog-groups.
>
> I set up my ulogd configuration file, added a stack that included the
> NFLOG input plugin. in the parameter section, I set the NFLOG group to
> 16 (I verified that ulogd says it is attaching to group number 16 by
> viewing /var/log/ulogd.log). I add the following iptables rule:
> ip6tables -A FORWARD -j NFLOG --nflog-group 16. My system is set up
> with a bridge, and I can tcpdump the ipv6 traffic going by.
>
> The counters on the ip6tables -nvL FORWARD increases, but I don't think
> I am not getting anything to ulogd. My /var/log/messages fills up with
> logs like the following:
>
> Mar 19 22:55:04 localhost kernel: [3003211.629163] nf_log_packet: can't
> log since no backend logging module loaded in! Please either load one,
> or disable logging explicitly
>
> I have also ran ulogd in gdb, and have put a break point in
> ulogd_inppkt_NFLOG.c's interp_packet(..) function, but the break point
> is never reached.
I'm using it with this configuration:
iptables -A LOG_ACCEPT -j NFLOG --nflog-range 80 --nflog-prefix "accept"
--nflog-group 0
ip6tables -A LOG_ACCEPT -j NFLOG --nflog-prefix "accept" --nflog-range
80 --nflog-group 1
ulogd.conf:
# this is a stack for packet-based logging via LOGEMU
stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,print1:PRINTPKT,emu1:LOGEMU
stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,print1:PRINTPKT,emu1:LOGEMU
# this is a stack for flow-based logging via LOGEMU
#stack=ct1:NFCT,print1:PRINTFLOW,emu1:LOGEMU
# this is a stack for flow-based logging via OPRINT
#stack=ct1:NFCT,op1:OPRINT
[log1]
# netlink multicast group (the same as the iptables --ulog-nlgroup param)
group=0
[log2]
group=1
addressfamily=10
[emu1]
file="/var/log/ulogd_syslogemu.log"
sync=1
prev parent reply other threads:[~2007-03-20 16:02 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-20 15:57 NFLOG and ulogd-2: not talking to each other Dan Purcell
2007-03-20 16:02 ` Patrick McHardy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=460005B3.9070703@trash.net \
--to=kaber@trash.net \
--cc=dpurcell@nitrosecurity.com \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.