* NFLOG and ulogd-2: not talking to each other
@ 2007-03-20 15:57 Dan Purcell
2007-03-20 16:02 ` Patrick McHardy
0 siblings, 1 reply; 2+ messages in thread
From: Dan Purcell @ 2007-03-20 15:57 UTC (permalink / raw)
To: netfilter-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Has anyone here had any experience with NFLOG and ulogd-2? Anyone been
successful in putting this together? I have tried posting to the
gnumonks.org's ulogd mailing list, but it seams to be lifeless.
I successfully built the xt_NFLOG target from the 2.6.20 kernel, and am
using iptables 1.3.7 (which includes the NFLOG target). I replaced the
libipt_NFLOG.c and libip6t_NFLOG.c files with those that are in
netfilter's SVN, as I understand there is a problem (bug) with the
userspace side regarding nflog-groups.
I set up my ulogd configuration file, added a stack that included the
NFLOG input plugin. in the parameter section, I set the NFLOG group to
16 (I verified that ulogd says it is attaching to group number 16 by
viewing /var/log/ulogd.log). I add the following iptables rule:
ip6tables -A FORWARD -j NFLOG --nflog-group 16. My system is set up
with a bridge, and I can tcpdump the ipv6 traffic going by.
The counters on the ip6tables -nvL FORWARD increases, but I don't think
I am not getting anything to ulogd. My /var/log/messages fills up with
logs like the following:
Mar 19 22:55:04 localhost kernel: [3003211.629163] nf_log_packet: can't
log since no backend logging module loaded in! Please either load one,
or disable logging explicitly
I have also ran ulogd in gdb, and have put a break point in
ulogd_inppkt_NFLOG.c's interp_packet(..) function, but the break point
is never reached.
How can I verify that ulogd from the user-side is "connected" to the
kernel side? What am I missing?
In case it helps, I will paste my ulogd.conf here:
- ---------------------------------
[global]
logfile="/var/log/ulogd.log"
loglevel=1
rmem=131071
bufsize=150000
plugin="/root/work/lib/ulogd/ulogd_inppkt_NFLOG.so"
plugin="/root/work/lib/ulogd/ulogd_output_OPRINT.so"
stack=log1:NFLOG,op1:OPRINT
[log1]
# netlink multicast group (the same as the iptables --ulog-nlgroup param)
group=16
[op1]
file="/var/log/ulogd_oprint.log"
sync=1
- --
- --------------------------------------------------------------
Dan Purcell, Software Engineer dpurcell@nitrosecurity.com
NitroSecurity, Inc. (208) 552-5332
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGAAR9Tqu8TzII/vURAq2YAJkBxSckPsCKHlee0tA5TNJJ5hnOOgCeJpMY
ZgP3QkmLWYYro9M468b81+k=
=Afu2
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: NFLOG and ulogd-2: not talking to each other
2007-03-20 15:57 NFLOG and ulogd-2: not talking to each other Dan Purcell
@ 2007-03-20 16:02 ` Patrick McHardy
0 siblings, 0 replies; 2+ messages in thread
From: Patrick McHardy @ 2007-03-20 16:02 UTC (permalink / raw)
To: Dan Purcell; +Cc: netfilter-devel
Dan Purcell wrote:
> Has anyone here had any experience with NFLOG and ulogd-2? Anyone been
> successful in putting this together? I have tried posting to the
> gnumonks.org's ulogd mailing list, but it seams to be lifeless.
>
> I successfully built the xt_NFLOG target from the 2.6.20 kernel, and am
> using iptables 1.3.7 (which includes the NFLOG target). I replaced the
> libipt_NFLOG.c and libip6t_NFLOG.c files with those that are in
> netfilter's SVN, as I understand there is a problem (bug) with the
> userspace side regarding nflog-groups.
>
> I set up my ulogd configuration file, added a stack that included the
> NFLOG input plugin. in the parameter section, I set the NFLOG group to
> 16 (I verified that ulogd says it is attaching to group number 16 by
> viewing /var/log/ulogd.log). I add the following iptables rule:
> ip6tables -A FORWARD -j NFLOG --nflog-group 16. My system is set up
> with a bridge, and I can tcpdump the ipv6 traffic going by.
>
> The counters on the ip6tables -nvL FORWARD increases, but I don't think
> I am not getting anything to ulogd. My /var/log/messages fills up with
> logs like the following:
>
> Mar 19 22:55:04 localhost kernel: [3003211.629163] nf_log_packet: can't
> log since no backend logging module loaded in! Please either load one,
> or disable logging explicitly
>
> I have also ran ulogd in gdb, and have put a break point in
> ulogd_inppkt_NFLOG.c's interp_packet(..) function, but the break point
> is never reached.
I'm using it with this configuration:
iptables -A LOG_ACCEPT -j NFLOG --nflog-range 80 --nflog-prefix "accept"
--nflog-group 0
ip6tables -A LOG_ACCEPT -j NFLOG --nflog-prefix "accept" --nflog-range
80 --nflog-group 1
ulogd.conf:
# this is a stack for packet-based logging via LOGEMU
stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,print1:PRINTPKT,emu1:LOGEMU
stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,print1:PRINTPKT,emu1:LOGEMU
# this is a stack for flow-based logging via LOGEMU
#stack=ct1:NFCT,print1:PRINTFLOW,emu1:LOGEMU
# this is a stack for flow-based logging via OPRINT
#stack=ct1:NFCT,op1:OPRINT
[log1]
# netlink multicast group (the same as the iptables --ulog-nlgroup param)
group=0
[log2]
group=1
addressfamily=10
[emu1]
file="/var/log/ulogd_syslogemu.log"
sync=1
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2007-03-20 16:02 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-03-20 15:57 NFLOG and ulogd-2: not talking to each other Dan Purcell
2007-03-20 16:02 ` Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.