* Centos 7; Ulogd 2.05; MySQL; NFLOG
@ 2015-08-26 15:02 Scott Ruckh
2016-02-10 18:01 ` Angel
0 siblings, 1 reply; 2+ messages in thread
From: Scott Ruckh @ 2015-08-26 15:02 UTC (permalink / raw)
To: netfilter
I am trying to get Ulogd (2.05 compiled from git) working with MySQL
(mariadb-5.5.44-1).
I created a DB (ulogd). Populated the database using the
mysql-ulogd2.sql schema file. I created a user (ulogd_user) with full
access to that database.
/etc/ulogd.conf
<SNIP>
.
.
plugin="/usr/lib64/ulogd/ulogd_output_MYSQL.so"
stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL
[log2]
group=1
[mysql1]
db="ulogd"
host="localhost"
user="ulogd_user"
table="ulog"
pass="secret"
procedure="INSERT_PACKET_FULL"
.
.
</SNIP>
ls -ld /usr/lib64/ulogd/ulogd_output_MYSQL.so
-rwxr-xr-x. 1 root root 63972 Aug 25 16:38
/usr/lib64/ulogd/ulogd_output_MYSQL.so
I also enabled LOGEMU:
stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
[log1]
group=0
[emu1]
file="/var/log/ulogd/ulogd_syslogemu.log"
sync=1
Below is the output from ulogd.log when starting ulogd.
/var/log/ulogd/ulogd.log
<SNIP>
Tue Aug 25 16:39:53 2015 <5> ulogd.c:843 building new pluginstance
stack:
'log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU'
Tue Aug 25 16:39:53 2015 <5> ulogd_inppkt_NFLOG.c:503 forcing unbind of
existing log handler for protocol 2
Tue Aug 25 16:39:53 2015 <5> ulogd_inppkt_NFLOG.c:503 forcing unbind of
existing log handler for protocol 10
Tue Aug 25 16:39:53 2015 <5> ulogd_inppkt_NFLOG.c:503 forcing unbind of
existing log handler for protocol 7
Tue Aug 25 16:39:53 2015 <5> ulogd.c:843 building new pluginstance
stack:
'log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL'
Tue Aug 25 16:39:53 2015 <5> ../../util/db.c:151 (re)configuring
Tue Aug 25 16:39:53 2015 <5> ../../util/db.c:206 starting
</SNIP>
The LOGEMU is working as expected and data is being written to
/var/log/ulogd/ulogd_syslogemu.log.
I have logged into MySQL successfully with the user credentials
specified in the [mysql1] stanza. I was not certain which "table" to
use, but I read on-line that the ulog "view" was the correct table to
use.
As logging to file is working, I am assuming NFLOG is working, iptables
configured correctly, Ulogd is up and running, and at least one output
plugin is working correctly. Unfortunately, nothing is getting logged
to MySQL database.
Can you find the error in this configuration?
Thank You
Scott
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Centos 7; Ulogd 2.05; MySQL; NFLOG
2015-08-26 15:02 Centos 7; Ulogd 2.05; MySQL; NFLOG Scott Ruckh
@ 2016-02-10 18:01 ` Angel
0 siblings, 0 replies; 2+ messages in thread
From: Angel @ 2016-02-10 18:01 UTC (permalink / raw)
To: netfilter
Hi Scott,
I would like to know how you solved this issue, if you did. I am struggling
with this problem too, and despite having tried with PosgreSQL and MySQL
databases I can't get it working. Any advice is appreciated, thanks,
Angel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-02-10 18:01 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-08-26 15:02 Centos 7; Ulogd 2.05; MySQL; NFLOG Scott Ruckh
2016-02-10 18:01 ` Angel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).