Re: iptables not logging via syslog-ng

To: "Justin F. Knotzke" <jknotzke@shampoo.ca>
Cc: debian-user@lists.debian.org
Subject: Re: iptables not logging via syslog-ng
From: Justin Piszcz <jpiszcz@lucidpixels.com>
Date: Tue, 12 Sep 2006 06:01:36 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.4.64.0609120601240.19418@p34.internal.lan>
In-reply-to: <[🔎] afd99b930609111521m74f2c12dwa9c47a7069507d2f@mail.gmail.com>
References: <[🔎] afd99b930609110754m320ef15egd9b4a4cf64c162eb@mail.gmail.com> <[🔎] Pine.LNX.4.64.0609111151240.32325@p34.internal.lan> <[🔎] afd99b930609110920h49b51060o6330355111f27d27@mail.gmail.com> <[🔎] Pine.LNX.4.64.0609111230060.32325@p34.internal.lan> <[🔎] afd99b930609111521m74f2c12dwa9c47a7069507d2f@mail.gmail.com>

Yeah, my guess is you don't have the ulogd support in the kernel.

On Mon, 11 Sep 2006, Justin F. Knotzke wrote:

 Thanks Justin again for the reply..

 Here is what I have:

justin:/var/log/ulog# cat /etc/ulogd.conf
nlgroup 6
logfile /var/log/ulog/ulogd.log
loglevel 1
rmem 131071
bufsize 150000
syslogfile /var/log/ulog/syslogemu.log
syslogsync 1
plugin /usr/lib/ulogd/ulogd_LOGEMU.so

 Here are my firewall rules for logging:

     ${IPTABLES} -t filter -A ULDROP -p tcp -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LDROP_TCP
      ${IPTABLES} -t filter -A ULDROP -p udp -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LDROP_UDP
      ${IPTABLES} -t filter -A ULDROP -p icmp -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LDROP_ICMP
      ${IPTABLES} -t filter -A ULDROP -f -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LDROP_FRAG
      ${IPTABLES} -t filter -A ULDROP -j DROP
      echo -n "ULDROP "

      ${IPTABLES} -t filter -A ULREJECT -p tcp -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LREJECT_TCP
      ${IPTABLES} -t filter -A ULREJECT -p udp -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LREJECT_UDP
      ${IPTABLES} -t filter -A ULREJECT -p icmp -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LREJECT_UDP
      ${IPTABLES} -t filter -A ULREJECT -f -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LREJECT_FRAG
      ${IPTABLES} -t filter -A ULREJECT -j REJECT
      echo -n "ULREJECT "

      ${IPTABLES} -t filter -A ULTREJECT -p tcp -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LTREJECT_TCP
      ${IPTABLES} -t filter -A ULTREJECT -p udp -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LTREJECT_UDP
      ${IPTABLES} -t filter -A ULTREJECT -p icmp -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LTREJECT_ICMP
      ${IPTABLES} -t filter -A ULTREJECT -f -m limit --limit
${LOG_FLOOD} -j ULOG --ulog-nlgroup 6 --ulog-prefix LTREJECT_FRAG
      ${IPTABLES} -t filter -A ULTREJECT -p tcp -j REJECT
--reject-with tcp-reset
      ${IPTABLES} -t filter -A ULTREJECT -p udp -j REJECT
--reject-with icmp-port-unreachable
      ${IPTABLES} -t filter -A ULTREJECT -p icmp -j DROP
      ${IPTABLES} -t filter -A ULTREJECT -j REJECT


 Nothing ever gets logged to /var/log/ulog/syslogemu.log

 Thanks

 J



--
Justin F. Knotzke
jknotzke@shampoo.ca
http://www.shampoo.ca


--

To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subjectof "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- iptables not logging via syslog-ng
  - From: "Justin F. Knotzke" <jknotzke@shampoo.ca>
- Re: iptables not logging via syslog-ng
  - From: Justin Piszcz <jpiszcz@lucidpixels.com>
- Re: iptables not logging via syslog-ng
  - From: "Justin F. Knotzke" <jknotzke@shampoo.ca>
- Re: iptables not logging via syslog-ng
  - From: Justin Piszcz <jpiszcz@lucidpixels.com>
- Re: iptables not logging via syslog-ng
  - From: "Justin F. Knotzke" <jknotzke@shampoo.ca>

Prev by Date: Re: invoke thunderbird and firefox when gnome starts
Next by Date: Re: USB rescue/boot disk
Previous by thread: Re: iptables not logging via syslog-ng
Next by thread: How to list all the non-free packages installed
Index(es):
- Date
- Thread