Good day Florian -
RE: you wrote:
> Run "xtables-monitor --trace".
Thanks for the info about xtables-monitor - yes, that does give alot
of extra information about rule chain processing.
But I'd just like to understand :
Why does this work under kernel v6.2.16 and not under v4.18.0-477 ?
:
# iptables -t raw -A PREROUTING -p icmp -j TRACE
# iptables -t raw -A OUTPUT -p icmp -j TRACE
# modprobe nf_log_ipv4
# echo nf_log_ipv4 > /proc/sys/net/netfilter/nf_log/2
How can I enable the 'nf_log_syslog' module, so that it does
in fact emit TRACE kernel messages to syslog, as it purports
to be able to do, under v4.18.0-477 ?
xtables-monitor is great, it provides ALOT of information, but
really I'd like to just trace packet ingress / egress to from
interfaces, with messages written to syslog . Has this functionality
been disabled somehow from the 'nf_log_syslog' module in v4.18.0-477 ?
If so, how can I enable it ?
There is very little documentation about nf_log_syslog, besides that
it is meant to take over everything done by ipt_LOG .
ipt_LOG WAS meant to log packets that meet the rules on the TRACE
chain to syslog, no ? So how can I enable that functionality only
with nf_log_syslog under v4.18.0-477 ?
I am reading its source code, it SEEMS like it should be getting
triggered when 'sysctl netfilter.nf_log.2' is not NONE, no ?
But the v4.18.0-477 version of it it is not doing so. Why ?
Best Regards,
Jason
