[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Re[2]: Anyone using ulogd?

"Alan Poulton" <apoulton@telus.net> writes:
> Wednesday, May 01, 2002, 2:42:15 PM, Gary Hennigan wrote:
> 
> > Okay. I lied a bit here. I compiled from source but I used
> > dpkg-buildpackage, so it applied the Debian patches. This time I
> > compiled just the straight source, without dpkg-buildpackage and using
> > the usual ./configure and now ulogd is working, pumping out iptables
> > output to /var/log/ulogd.syslogemu like a champ. Apparently there's
> > some problem with the Debian patches to ulogd. So I installed the
> > Debian package and just overwrote /usr/sbin/ulogd with the version I
> > compiled and it's working and *finally* iptables is putting it's crud
> > into my ring buffer.
> 
> So, does this mean that you got it running?  I'm wanting to install
> Ulogd for the same reason, to get the firewall messages out of dmesg and
> (hopefully) syslog. So that way, I can review the firewall messages by
> themselves without sorting through other messages.  I am currently
> running kernel 2.4.17, but I downloaded the sources for IPTables and
> Kernel 2.4.18, then followed the instructions for patching IPTables, and
> have now just completed the compile of the kernel..
> 
> What command do you use in your firewall script to enable ULog?

Yep, it's running exactly as it should and I'm getting iptables
logging in exactly *one* place, /var/log/ulogd.syslogemu. No ring
buffer (dmesg), no console, no syslog. Finally!!

In my iptables script, which was pretty much generated via fwbuilder
BTW, there are two rules that I log. Here's an example chain named
RULE_0:

iptables -N RULE_0
iptables -A INPUT  -j RULE_0 -f
iptables -A RULE_0  -j ULOG
iptables -A RULE_0  -j DROP 

I also did something I wasn't sure was/is necessary. I recompiled my
2.4.18 kernel with CONFIG_NETLINK_DEV=y it's in the networking options
if you're using xconfig or menuconfig. After booting that kernel I
did:

        cd /dev
        MAKDEV netlink 

Again, not sure if that was necessary. I read some mention of ulog
using netlink and when I couldn't get it to work before I tried the
stuff above. Now I know at least one problem is the ulogd distributed
in the Debian package. The stuff above may also have been necessary.

I don't think you need to patch 2.4.18. I didn't. My understanding is
that any version less than 2.4.18 requires the patch. There's a Debian
package for that patch, BTW. I didn't install it, but I saw dselect
was trying to install it when I installed ulogd via dselect. It's a
"Recommend" so I don't think apt will try to install it.

One last "again". I installed the Debian package then got the source,
via apt-get source ulogd, unpacked the ulogd_0.97.orig.tar.gz ran
        ./configure --sysconfdir=/etc
        make
and wrote over /usr/sbin/ulogd with the resulting binary from the
above make.

Gary


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: