2009/11/1 Pierre Chifflier <pchifflier@xxxxxxxxxxxx>: > On Sat, Oct 31, 2009 at 12:11:05AM +0100, Fred Leeflang wrote: >> Yes I was looking at those although I looked at the ulogd 1 source and >> only very briefly at ulogd 2, looking at those actually gave somebody >> else in #vuurmuur the idea to check into this way. It's far easier for > > Hi Fred, > > I'd suggest to look only for ulogd2 if possible. The architecture is > very different, and I think adding a plugin will be far easier. > I had already decided to do so and checked out git://git.netfilter.org/ulogd2.git (couldn't get to your personal git repo at the time) so I have a pretty decent idea what I'm looking at already. >> us to make such an extension and require ulogd to run and parse >> packets for us than it is to parse a syslog text file. So if I were to >> write an extension that would do what we want it to do, could that >> extension be part of the builltin extensions of ulogd[1|2] ? I'm more >> than happy to hack something together and let the list have a look at >> it. > > If the plugin is generic, it should not be a problem. Ulogd2 has 3 types > of plugins: input, filter, and output. So, from what you are telling, > I suppose it would be an input plugin ? > I suppose it would be an output plugin :) It should essentially do similar stuff from what I could see, kinda like the ulogd_output_SYSLOG.c. It would not do syslogging however but instead write out a logfile for vuurmuur UI displaying. I just discussed that this morning with the other developers and the project leader feels that we might be better off using libnetfilter_log directly from libvuurmuur as there's apparently a bigger chunk of library code in libvuurmuur that would have to be either ported to the plugin or we'd create a dependency on libvuurmuur in ulogd2, which he was pretty sure you wouldn't like :) So for now we'll stick to the approach of using libnetfilter_log from within our own library. Thanks, -Fred Leeflang -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
