Re: Anyone using ulogd?
On Wed, May 01, 2002 at 04:30:24PM -0600, Gary Hennigan wrote:
> "Alan Poulton" <apoulton@telus.net> writes:
> > Wednesday, May 01, 2002, 2:42:15 PM, Gary Hennigan wrote:
> >
> > > Okay. I lied a bit here. I compiled from source but I used
> > > dpkg-buildpackage, so it applied the Debian patches. This time I
> > > compiled just the straight source, without dpkg-buildpackage and using
> > > the usual ./configure and now ulogd is working, pumping out iptables
> > > output to /var/log/ulogd.syslogemu like a champ. Apparently there's
> > > some problem with the Debian patches to ulogd. So I installed the
> > > Debian package and just overwrote /usr/sbin/ulogd with the version I
> > > compiled and it's working and *finally* iptables is putting it's crud
> > > into my ring buffer.
> >
> > So, does this mean that you got it running? I'm wanting to install
> > Ulogd for the same reason, to get the firewall messages out of dmesg and
> > (hopefully) syslog. So that way, I can review the firewall messages by
> > themselves without sorting through other messages. I am currently
> > running kernel 2.4.17, but I downloaded the sources for IPTables and
> > Kernel 2.4.18, then followed the instructions for patching IPTables, and
> > have now just completed the compile of the kernel..
> >
> > What command do you use in your firewall script to enable ULog?
>
> Yep, it's running exactly as it should and I'm getting iptables
> logging in exactly *one* place, /var/log/ulogd.syslogemu. No ring
> buffer (dmesg), no console, no syslog. Finally!!
>
> In my iptables script, which was pretty much generated via fwbuilder
> BTW, there are two rules that I log. Here's an example chain named
> RULE_0:
>
> iptables -N RULE_0
> iptables -A INPUT -j RULE_0 -f
> iptables -A RULE_0 -j ULOG
> iptables -A RULE_0 -j DROP
>
> I also did something I wasn't sure was/is necessary. I recompiled my
> 2.4.18 kernel with CONFIG_NETLINK_DEV=y it's in the networking options
> if you're using xconfig or menuconfig. After booting that kernel I
[snip]
Silly question maybe - did you compile ULOG target support into
the kernel?
Do you modprobe/insmod it if it's a module?
Just a thought ...
jc
--
It may stop, it may not. And stop calling me "dj".
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: