Re: ulogd & iptables
bonjour,
si tu utilise le pacquage ulogd de la distrib Woodi c'est normal, il est
buggé car compilé par un mauvais attribu de netlink pour plus d'info reporte
toi au liste des bug des pacquage du site de debian.org. Il est senser avoir
des solution on recompilant les sources ou en utilisant le pacquage de sid
....
----- Original Message -----
From: "Nicolas C." <ncharretier@altern.org>
To: <debian-user-french@lists.debian.org>
Sent: Saturday, April 05, 2003 5:40 PM
Subject: ulogd & iptables
> Je souhaite utiliser ulogd pour les logs de mon firewall netfilter
> (iptables). Cependant, si ulogd semble fonctionner, je n'obtiens aucun
> log (le fichier /var/log/ulogd.syslogemu reste désespérement vide, de
> même pour la BD mysql).
>
> Pour le log des paquets j'utilise des chaines de ce genre via iptables :
> iptables -N NEW_DROP
> iptables -A NEW_DROP -j LOG --log-prefix "[IPTABLES NEW_DROP] : "
> iptables -A NEW_DROP -j ULOG --ulog-nlgroup 1
> iptables -A NEW_DROP -j DROP
>
> Les paquets sont bien loggués via syslog (target LOG) mais pas via ULOG...
>
>
> Bref, je sèche et ne comprends pas pourquoi ça ne marche pas... Si
> quelqu'un a une idée ce serait top :)
>
>
> Voici quelques éléments de ma configuration :
>
> > uname -a
> Linux linux 2.4.20 #10 Sat Apr 5 15:35:46 CEST 2003 i686 AMD-K7(tm)
> Processor AuthenticAMD GNU/Linux
>
> > cat /usr/src/linux/.config | grep CONFIG_IP_NF_TARGET_LOG
> CONFIG_IP_NF_TARGET_LOG=y
>
> > dpkg -l | grep ulog
> ii ulogd 0.97-1 The Userspace Logging Daemon
> ii ulogd-mysql 0.97-1 mySQL extension to ulogd
>
> > tail -n 6 /var/log/ulogd.log
> Sat Apr 5 12:47:27 2003 <5> ulogd.c:522 sigterm received, exiting
> Sat Apr 5 12:48:28 2003 <5> ulogd.c:590 initialization finished,
> entering main loop
> Sat Apr 5 16:49:11 2003 <5> ulogd.c:522 sigterm received, exiting
> Sat Apr 5 16:49:15 2003 <5> ulogd.c:590 initialization finished,
> entering main loop
> Sat Apr 5 17:05:03 2003 <5> ulogd.c:522 sigterm received, exiting
> Sat Apr 5 17:06:06 2003 <5> ulogd.c:590 initialization finished,
> entering main loop
>
> > cat /etc/ulogd.conf
> # Example configuration for ulogd
> # ulogd.conf,v 1.5 2001/05/20 14:44:37 laforge Exp
> # Modified for Debian by Daniel Stone <daniel@sfarc.net>.
>
> ######################################################################
> # GLOBAL OPTIONS
> ######################################################################
>
> # netlink multicast group (the same as the iptables --ulog-nlgroup param)
> nlgroup 1
>
> # logfile for status messages
> logfile /var/log/ulogd.log
>
> # loglevel: notice, warnings, error and fatal
> #loglevel 5
> loglevel 1
>
> ######################################################################
> # PLUGIN OPTIONS
> ######################################################################
>
> # We have to configure and load all the plugins we want to use
>
> # general rules:
> # 1. specify the options FIRST, then load the plugin
> # 2. interpreter plugins have to precede output plugins
>
>
> #
> # ulogd_BASE.so - interpreter plugin for basic IPv4 header fields
> # you will always need this
> plugin /usr/lib/ulogd/ulogd_BASE.so
>
>
> #
> # ulogd_LOGEMU.so - simple syslog emulation target
> #
> # where to write to
> syslogfile /var/log/ulogd.syslogemu
> # do we want to fflush() the file after each write?
> syslogsync 1
> # load the plugin
> plugin /usr/lib/ulogd/ulogd_LOGEMU.so
>
>
> #
> # ulogd_OPRINT.so: file for packet dumping
> #
> # NOTE: This may or may not be broken. -DS
> #
> # where to write the log
> dumpfile /var/log/ulogd.pktlog
> # load the plugin (remove the '#'if you want to enable it
> #plugin /usr/lib/ulogd/ulogd_OPRINT.so
>
>
> #
> # ulogd_MYSQL.so: optional logging into a MySQL database
> #
> # database information
> mysqltable ulog
> mysqlpass <password removed>
> mysqluser ulog_a
> mysqldb ulog
> mysqlhost localhost
>
> # load the plugin (remove the '#' if you want to enable it)
> plugin /usr/lib/ulogd/ulogd_MYSQL.so
>
>
> --
> To UNSUBSCRIBE, email to debian-user-french-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>
Reply to: