Re: iptables et ulog

To: DEBIAN Users French <debian-user-french@lists.debian.org>
Subject: Re: iptables et ulog
From: Marc PERRUDIN <debianNOSPAM@mp342.org>
Date: Thu, 12 Jan 2006 16:35:40 +0100
Message-id: <[🔎] 43C6774C.5080706@mp342.org>
Reply-to: debian-user-french@lists.debian.org
In-reply-to: <[🔎] 43C6636A.2020403@free.fr>
References: <[🔎] 20060112135551.79210.qmail@web25412.mail.ukl.yahoo.com> <[🔎] 43C6636A.2020403@free.fr>

Seb a écrit :

> pingouin osmolateur a écrit :
>
>> As tu démarré le démon ulogd
>> /etc/init.d/ulogd start
>
>
> Oui, je l'ai démarré, redémarré, etc.
> j'ai essayé dans tous les sens, passé de LOG à ULOG, de ULOG à LOG,
> changé le niveau de log dans mes règles iptables, changé le niveau de
> log dans le fichier de config de ulog...
>
> bref, j'ai essayé pas mal de choses mais à chaque fois sans succès.

J'utilise ulogd et ca marche très bien chez moi, je te donne le fichier
de conf que j'utilise ainsi que les regles:

------- /etc/ulogd.conf
# Example configuration for ulogd
# $Id: ulogd.conf.in 714 2005-02-19 21:33:43Z laforge $
# Adapted to Debian by Achilleas Kotsis <achille@debian.gr>

[global]
######################################################################
# GLOBAL OPTIONS
######################################################################

# netlink multicast group (the same as the iptables --ulog-nlgroup param)
nlgroup=1

# logfile for status messages
logfile="/var/log/ulog/ulogd.log"

# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8)
loglevel=5

# socket receive buffer size (should be at least the size of the
# in-kernel buffer (ipt_ULOG.o 'nlbufsiz' parameter)
rmem=131071

# libipulog/ulogd receive buffer size, should be > rmem
bufsize=150000

######################################################################
# PLUGIN OPTIONS
######################################################################

# We have to configure and load all the plugins we want to use

# general rules:
# 1. load the plugins _first_ from the global section
# 2. options for each plugin in seperate section below


#
# ulogd_BASE.so - interpreter plugin for basic IPv4 header fields
#                 you will always need this
plugin="/usr/lib/ulogd/ulogd_BASE.so"


# output plugins.
plugin="/usr/lib/ulogd/ulogd_LOGEMU.so"
#plugin="/usr/lib/ulogd/ulogd_OPRINT.so"
#plugin="/usr/lib/ulogd/ulogd_MYSQL.so"
#plugin="/usr/lib/ulogd/ulogd_PGSQL.so"
#plugin="/usr/lib/ulogd/ulogd_SQLITE3.so"
#plugin="/usr/lib/ulogd/ulogd_PCAP.so"


[LOGEMU]
file="/var/log/ulog/syslogemu.log"
sync=1

[OPRINT]
file="/var/log/ulog/pktlog.log"

[MYSQL]
table="ulog"
pass="changeme"
user="laforge"
db="ulogd"
host="localhost"

[PGSQL]
table="ulog"
schema="public"
pass="changeme"
user="postgres"
db="ulogd"
host="localhost"

[SQLITE3]
table="ulog"
db="/path/to/sqlite/db"
buffer=200

[PCAP]
file="/var/log/ulog/pcap.log"
sync=1
----------------------------------------------------

Mes regles iptables :

iptables -A INPUT -j ULOG --ulog-prefix "INPUT"
iptables -A FORWARD -j ULOG --ulog-prefix "FORWARD"
iptables -A OUTPUT -j ULOG --ulog-prefix "OUTPUT"


Pour info, je suis en debian sid avec ulogd en version 1.23-4.

Si ca ne fonctionne toujours pas, peut etre pourrais tu nous fournir ton
fichier de conf.

A+

>
> Seb
>
>

Reply to:

Follow-Ups:
- [RESOLU] Re: iptables et ulog
  - From: Seb <sebnewsletter@free.fr>

References:
- Re: iptables et ulog
  - From: pingouin osmolateur <pingouin_osmolateur@yahoo.fr>
- Re: iptables et ulog
  - From: Seb <sebnewsletter@free.fr>

Prev by Date: Re: CD bootable.
Next by Date: Re: Contrôle checksum fichiers
Previous by thread: Re: iptables et ulog
Next by thread: [RESOLU] Re: iptables et ulog
Index(es):
- Date
- Thread