Re: Anyone using ulogd?

To: Gary Hennigan <glhenni@sandia.gov>
Cc: debian-user@lists.debian.org
Subject: Re: Anyone using ulogd?
From: Jonathan Matthews <jaycee@jaycee.uklinux.net>
Date: Thu, 2 May 2002 06:26:52 +0000
Message-id: <[🔎] 20020502062652.GA3150@bigdaddy.jaycee.home>
Mail-followup-to: Gary Hennigan <glhenni@sandia.gov>, debian-user@lists.debian.org
In-reply-to: <[🔎] nhxadrjv6v3.fsf@sadl12238.sandia.gov>
References: <[🔎] 518949585.20020501150512@telus.net> <[🔎] nhxadrjv6v3.fsf@sadl12238.sandia.gov>

On Wed, May 01, 2002 at 04:30:24PM -0600, Gary Hennigan wrote:
> "Alan Poulton" <apoulton@telus.net> writes:
> > Wednesday, May 01, 2002, 2:42:15 PM, Gary Hennigan wrote:
> > 
> > > Okay. I lied a bit here. I compiled from source but I used
> > > dpkg-buildpackage, so it applied the Debian patches. This time I
> > > compiled just the straight source, without dpkg-buildpackage and using
> > > the usual ./configure and now ulogd is working, pumping out iptables
> > > output to /var/log/ulogd.syslogemu like a champ. Apparently there's
> > > some problem with the Debian patches to ulogd. So I installed the
> > > Debian package and just overwrote /usr/sbin/ulogd with the version I
> > > compiled and it's working and *finally* iptables is putting it's crud
> > > into my ring buffer.
> > 
> > So, does this mean that you got it running?  I'm wanting to install
> > Ulogd for the same reason, to get the firewall messages out of dmesg and
> > (hopefully) syslog. So that way, I can review the firewall messages by
> > themselves without sorting through other messages.  I am currently
> > running kernel 2.4.17, but I downloaded the sources for IPTables and
> > Kernel 2.4.18, then followed the instructions for patching IPTables, and
> > have now just completed the compile of the kernel..
> > 
> > What command do you use in your firewall script to enable ULog?
> 
> Yep, it's running exactly as it should and I'm getting iptables
> logging in exactly *one* place, /var/log/ulogd.syslogemu. No ring
> buffer (dmesg), no console, no syslog. Finally!!
> 
> In my iptables script, which was pretty much generated via fwbuilder
> BTW, there are two rules that I log. Here's an example chain named
> RULE_0:
> 
> iptables -N RULE_0
> iptables -A INPUT  -j RULE_0 -f
> iptables -A RULE_0  -j ULOG
> iptables -A RULE_0  -j DROP 
> 
> I also did something I wasn't sure was/is necessary. I recompiled my
> 2.4.18 kernel with CONFIG_NETLINK_DEV=y it's in the networking options
> if you're using xconfig or menuconfig. After booting that kernel I
[snip]

Silly question maybe - did you compile ULOG target support into
the kernel?
Do you modprobe/insmod it if it's a module?

Just a thought ...

jc
-- 
It may stop, it may not.  And stop calling me "dj".


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Anyone using ulogd?
  - From: "Gary Hennigan" <glhenni@sandia.gov>

References:
- Re[2]: Anyone using ulogd?
  - From: Alan Poulton <apoulton@telus.net>
- Re: Re[2]: Anyone using ulogd?
  - From: "Gary Hennigan" <glhenni@sandia.gov>

Prev by Date: Re: Abiword font problem. SOLVED!
Next by Date: Logrotate and mail
Previous by thread: Re: Re[2]: Anyone using ulogd?
Next by thread: Re: Anyone using ulogd?
Index(es):
- Date
- Thread