Re: iptables not logging via syslog-ng

To: "Justin Piszcz" <jpiszcz@lucidpixels.com>
Cc: debian-user@lists.debian.org
Subject: Re: iptables not logging via syslog-ng
From: "Justin F. Knotzke" <jknotzke@shampoo.ca>
Date: Mon, 11 Sep 2006 18:21:13 -0400
Message-id: <[🔎] afd99b930609111521m74f2c12dwa9c47a7069507d2f@mail.gmail.com>
In-reply-to: <[🔎] Pine.LNX.4.64.0609111230060.32325@p34.internal.lan>
References: <[🔎] afd99b930609110754m320ef15egd9b4a4cf64c162eb@mail.gmail.com> <[🔎] Pine.LNX.4.64.0609111151240.32325@p34.internal.lan> <[🔎] afd99b930609110920h49b51060o6330355111f27d27@mail.gmail.com> <[🔎] Pine.LNX.4.64.0609111230060.32325@p34.internal.lan>

  Thanks Justin again for the reply..

  Here is what I have:

justin:/var/log/ulog# cat /etc/ulogd.conf
nlgroup 6
logfile /var/log/ulog/ulogd.log
loglevel 1
rmem 131071
bufsize 150000
syslogfile /var/log/ulog/syslogemu.log
syslogsync 1
plugin /usr/lib/ulogd/ulogd_LOGEMU.so

  Here are my firewall rules for logging:

      ${IPTABLES} -t filter -A ULDROP -p tcp -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LDROP_TCP
       ${IPTABLES} -t filter -A ULDROP -p udp -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LDROP_UDP
       ${IPTABLES} -t filter -A ULDROP -p icmp -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LDROP_ICMP
       ${IPTABLES} -t filter -A ULDROP -f -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LDROP_FRAG
       ${IPTABLES} -t filter -A ULDROP -j DROP
       echo -n "ULDROP "

       ${IPTABLES} -t filter -A ULREJECT -p tcp -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LREJECT_TCP
       ${IPTABLES} -t filter -A ULREJECT -p udp -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LREJECT_UDP
       ${IPTABLES} -t filter -A ULREJECT -p icmp -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LREJECT_UDP
       ${IPTABLES} -t filter -A ULREJECT -f -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LREJECT_FRAG
       ${IPTABLES} -t filter -A ULREJECT -j REJECT
       echo -n "ULREJECT "

       ${IPTABLES} -t filter -A ULTREJECT -p tcp -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LTREJECT_TCP
       ${IPTABLES} -t filter -A ULTREJECT -p udp -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LTREJECT_UDP
       ${IPTABLES} -t filter -A ULTREJECT -p icmp -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LTREJECT_ICMP
       ${IPTABLES} -t filter -A ULTREJECT -f -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LTREJECT_FRAG
       ${IPTABLES} -t filter -A ULTREJECT -p tcp -j REJECT
--reject-with tcp-reset
       ${IPTABLES} -t filter -A ULTREJECT -p udp -j REJECT
--reject-with icmp-port-unreachable
       ${IPTABLES} -t filter -A ULTREJECT -p icmp -j DROP
       ${IPTABLES} -t filter -A ULTREJECT -j REJECT


  Nothing ever gets logged to /var/log/ulog/syslogemu.log

  Thanks

  J



--
Justin F. Knotzke
jknotzke@shampoo.ca
http://www.shampoo.ca

Reply to:

Follow-Ups:
- Re: iptables not logging via syslog-ng
  - From: Justin Piszcz <jpiszcz@lucidpixels.com>
- Re: iptables not logging via syslog-ng
  - From: Justin Piszcz <jpiszcz@lucidpixels.com>

References:
- iptables not logging via syslog-ng
  - From: "Justin F. Knotzke" <jknotzke@shampoo.ca>
- Re: iptables not logging via syslog-ng
  - From: Justin Piszcz <jpiszcz@lucidpixels.com>
- Re: iptables not logging via syslog-ng
  - From: "Justin F. Knotzke" <jknotzke@shampoo.ca>
- Re: iptables not logging via syslog-ng
  - From: Justin Piszcz <jpiszcz@lucidpixels.com>

Prev by Date: eth config for pppoe interface
Next by Date: Re: iptables not logging via syslog-ng
Previous by thread: Re: iptables not logging via syslog-ng
Next by thread: Re: iptables not logging via syslog-ng
Index(es):
- Date
- Thread