ulogd & iptables

To: debian-user-french@lists.debian.org
Subject: ulogd & iptables
From: "Nicolas C." <ncharretier@altern.org>
Date: Sat, 05 Apr 2003 17:40:00 +0200
Message-id: <[🔎] 3E8EF8D0.6070404@altern.org>

Je souhaite utiliser ulogd pour les logs de mon firewall netfilter
(iptables). Cependant, si ulogd semble fonctionner, je n'obtiens aucun
log (le fichier /var/log/ulogd.syslogemu reste désespérement vide, de
même pour la BD mysql).

Pour le log des paquets j'utilise des chaines de ce genre via iptables :
iptables -N NEW_DROP
iptables -A NEW_DROP -j LOG --log-prefix "[IPTABLES NEW_DROP] : "
iptables -A NEW_DROP -j ULOG --ulog-nlgroup 1
iptables -A NEW_DROP -j DROP

Les paquets sont bien loggués via syslog (target LOG) mais pas via ULOG...


Bref, je sèche et ne comprends pas pourquoi ça ne marche pas... Si
quelqu'un a une idée ce serait top :)


Voici quelques éléments de ma configuration :

> uname -a
Linux linux 2.4.20 #10 Sat Apr 5 15:35:46 CEST 2003 i686 AMD-K7(tm)
Processor AuthenticAMD GNU/Linux

> cat /usr/src/linux/.config | grep CONFIG_IP_NF_TARGET_LOG
CONFIG_IP_NF_TARGET_LOG=y

> dpkg -l | grep ulog
ii  ulogd          0.97-1         The Userspace Logging Daemon
ii  ulogd-mysql    0.97-1         mySQL extension to ulogd

> tail -n 6 /var/log/ulogd.log
Sat Apr  5 12:47:27 2003 <5> ulogd.c:522 sigterm received, exiting
Sat Apr  5 12:48:28 2003 <5> ulogd.c:590 initialization finished,
entering main loop
Sat Apr  5 16:49:11 2003 <5> ulogd.c:522 sigterm received, exiting
Sat Apr  5 16:49:15 2003 <5> ulogd.c:590 initialization finished,
entering main loop
Sat Apr  5 17:05:03 2003 <5> ulogd.c:522 sigterm received, exiting
Sat Apr  5 17:06:06 2003 <5> ulogd.c:590 initialization finished,
entering main loop

> cat /etc/ulogd.conf
# Example configuration for ulogd
# ulogd.conf,v 1.5 2001/05/20 14:44:37 laforge Exp
# Modified for Debian by Daniel Stone <daniel@sfarc.net>.

######################################################################
# GLOBAL OPTIONS
######################################################################

# netlink multicast group (the same as the iptables --ulog-nlgroup param)
nlgroup 1

# logfile for status messages
logfile /var/log/ulogd.log

# loglevel: notice, warnings, error and fatal
#loglevel 5
loglevel 1

######################################################################
# PLUGIN OPTIONS
######################################################################

# We have to configure and load all the plugins we want to use

# general rules:
# 1. specify the options FIRST, then load the plugin
# 2. interpreter plugins have to precede output plugins


#
# ulogd_BASE.so - interpreter plugin for basic IPv4 header fields
#                 you will always need this
plugin /usr/lib/ulogd/ulogd_BASE.so


#
# ulogd_LOGEMU.so - simple syslog emulation target
#
# where to write to
syslogfile /var/log/ulogd.syslogemu
# do we want to fflush() the file after each write?
syslogsync 1
# load the plugin
plugin /usr/lib/ulogd/ulogd_LOGEMU.so


#
# ulogd_OPRINT.so: file for packet dumping
#
# NOTE: This may or may not be broken. -DS
#
# where to write the log
dumpfile /var/log/ulogd.pktlog
# load the plugin (remove the '#'if you want to enable it
#plugin /usr/lib/ulogd/ulogd_OPRINT.so


#
# ulogd_MYSQL.so: optional logging into a MySQL database
#
# database information
mysqltable ulog
mysqlpass <password removed>
mysqluser ulog_a
mysqldb ulog
mysqlhost localhost

# load the plugin (remove the '#' if you want to enable it)
plugin /usr/lib/ulogd/ulogd_MYSQL.so

Reply to:

Follow-Ups:
- Re: ulogd & iptables
  - From: "Florent BRETON" <fl.breton@wanadoo.fr>

Prev by Date: Re: etat incoherent
Next by Date: Re: etat incoherent
Previous by thread: Re: Cyrus21 et Postfix
Next by thread: Re: ulogd & iptables
Index(es):
- Date
- Thread