Ulogd2 Mysql KO

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

first I apologize for ma bad English (I am French, and old...:-)
I can't get ulogd2 and MYSQL to work, altough it works well with LOGEMU. After initialization, there are no more messages in the ulogd.log Below are ulogd.log, ulogd.conf and an extract of iptables rules : Ulogd.log ========= Mon Feb 26 23:41:31 2024 <5> ulogd.c:408 registering plugin `NFLOG' Mon Feb 26 23:41:31 2024 <5> ulogd.c:408 registering plugin `IFINDEX' Mon Feb 26 23:41:31 2024 <5> ulogd.c:408 registering plugin `IP2BIN' Mon Feb 26 23:41:31 2024 <5> ulogd.c:408 registering plugin `IP2STR' Mon Feb 26 23:41:31 2024 <5> ulogd.c:408 registering plugin `HWHDR' Mon Feb 26 23:41:31 2024 <5> ulogd.c:408 registering plugin `MYSQL' Mon Feb 26 23:41:31 2024 <5> ulogd.c:408 registering plugin `BASE' Mon Feb 26 23:41:31 2024 <5> ulogd.c:408 registering plugin `PRINTPKT' Mon Feb 26 23:41:31 2024 <5> ulogd.c:408 registering plugin `LOGEMU' Mon Feb 26 23:41:31 2024 <5> ulogd.c:978 building new pluginstance stack: 'log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU' Mon Feb 26 23:41:31 2024 <1> ulogd.c:988 tok=`log1:NFLOG' Mon Feb 26 23:41:31 2024 <1> ulogd.c:1025 pushing `NFLOG' on stack Mon Feb 26 23:41:31 2024 <1> ulogd.c:988 tok=`base1:BASE' Mon Feb 26 23:41:31 2024 <1> ulogd.c:1025 pushing `BASE' on stack Mon Feb 26 23:41:31 2024 <1> ulogd.c:988 tok=`ifi1:IFINDEX' Mon Feb 26 23:41:31 2024 <1> ulogd.c:1025 pushing `IFINDEX' on stack Mon Feb 26 23:41:31 2024 <1> ulogd.c:988 tok=`ip2str1:IP2STR' Mon Feb 26 23:41:31 2024 <1> ulogd.c:1025 pushing `IP2STR' on stack Mon Feb 26 23:41:31 2024 <1> ulogd.c:988 tok=`print1:PRINTPKT' Mon Feb 26 23:41:31 2024 <1> ulogd.c:1025 pushing `PRINTPKT' on stack Mon Feb 26 23:41:31 2024 <1> ulogd.c:988 tok=`emu1:LOGEMU' Mon Feb 26 23:41:31 2024 <1> ulogd.c:1025 pushing `LOGEMU' on stack Mon Feb 26 23:41:31 2024 <1> ulogd.c:802 traversing plugin `LOGEMU' Mon Feb 26 23:41:31 2024 <1> ulogd_output_LOGEMU.c:180 parsing config file section emu1 Mon Feb 26 23:41:31 2024 <1> ulogd.c:802 traversing plugin `PRINTPKT' Mon Feb 26 23:41:31 2024 <1> ulogd.c:802 traversing plugin `IP2STR' Mon Feb 26 23:41:31 2024 <1> ulogd.c:802 traversing plugin `IFINDEX' Mon Feb 26 23:41:31 2024 <1> ulogd.c:802 traversing plugin `BASE' Mon Feb 26 23:41:31 2024 <1> ulogd.c:802 traversing plugin `NFLOG' Mon Feb 26 23:41:31 2024 <1> ulogd_inppkt_NFLOG.c:557 parsing config file section `log1', plugin `NFLOG' Mon Feb 26 23:41:31 2024 <1> ulogd.c:819 connecting input/output keys of stack: Mon Feb 26 23:41:31 2024 <1> ulogd.c:826 traversing plugin `LOGEMU' Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 print1(PRINTPKT) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `print(?)' as source for LOGEMU(print) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log1(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.time.sec(?)' as source for LOGEMU(oob.time.sec) Mon Feb 26 23:41:31 2024 <1> ulogd.c:826 traversing plugin `PRINTPKT' Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log1(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.family(?)' as source for PRINTPKT(oob.family) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log1(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.prefix(?)' as source for PRINTPKT(oob.prefix) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 ifi1(IFINDEX) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.in(?)' as source for PRINTPKT(oob.in) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 ifi1(IFINDEX) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.out(?)' as source for PRINTPKT(oob.out) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log1(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.uid(?)' as source for PRINTPKT(oob.uid) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log1(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.gid(?)' as source for PRINTPKT(oob.gid) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log1(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.mark(?)' as source for PRINTPKT(oob.mark) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log1(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `raw.mac(?)' as source for PRINTPKT(raw.mac) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log1(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `raw.mac_len(?)' as source for PRINTPKT(raw.mac_len) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 ip2str1(IP2STR) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip.saddr.str(?)' as source for PRINTPKT(ip.saddr.str) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 ip2str1(IP2STR) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip.daddr.str(?)' as source for PRINTPKT(ip.daddr.str) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip.totlen(?)' as source for PRINTPKT(ip.totlen) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip.tos(?)' as source for PRINTPKT(ip.tos) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip.ttl(?)' as source for PRINTPKT(ip.ttl) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip.id(?)' as source for PRINTPKT(ip.id) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip.fragoff(?)' as source for PRINTPKT(ip.fragoff) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip.protocol(?)' as source for PRINTPKT(ip.protocol) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip6.payloadlen(?)' as source for PRINTPKT(ip6.payloadlen) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip6.priority(?)' as source for PRINTPKT(ip6.priority) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip6.hoplimit(?)' as source for PRINTPKT(ip6.hoplimit) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip6.flowlabel(?)' as source for PRINTPKT(ip6.flowlabel) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip6.nexthdr(?)' as source for PRINTPKT(ip6.nexthdr) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip6.fragoff(?)' as source for PRINTPKT(ip6.fragoff) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip6.fragid(?)' as source for PRINTPKT(ip6.fragid) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.sport(?)' as source for PRINTPKT(tcp.sport) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.dport(?)' as source for PRINTPKT(tcp.dport) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.seq(?)' as source for PRINTPKT(tcp.seq) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.ackseq(?)' as source for PRINTPKT(tcp.ackseq) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.window(?)' as source for PRINTPKT(tcp.window) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.syn(?)' as source for PRINTPKT(tcp.syn) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.ack(?)' as source for PRINTPKT(tcp.ack) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.psh(?)' as source for PRINTPKT(tcp.psh) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.rst(?)' as source for PRINTPKT(tcp.rst) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.fin(?)' as source for PRINTPKT(tcp.fin) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.urg(?)' as source for PRINTPKT(tcp.urg) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.urgp(?)' as source for PRINTPKT(tcp.urgp) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `udp.sport(?)' as source for PRINTPKT(udp.sport) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `udp.dport(?)' as source for PRINTPKT(udp.dport) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `udp.len(?)' as source for PRINTPKT(udp.len) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `icmp.type(?)' as source for PRINTPKT(icmp.type) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `icmp.code(?)' as source for PRINTPKT(icmp.code) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `icmp.echoid(?)' as source for PRINTPKT(icmp.echoid) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `icmp.echoseq(?)' as source for PRINTPKT(icmp.echoseq) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `icmp.gateway(?)' as source for PRINTPKT(icmp.gateway) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `icmp.fragmtu(?)' as source for PRINTPKT(icmp.fragmtu) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `icmpv6.type(?)' as source for PRINTPKT(icmpv6.type) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `icmpv6.code(?)' as source for PRINTPKT(icmpv6.code) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `icmpv6.echoid(?)' as source for PRINTPKT(icmpv6.echoid) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `icmpv6.echoseq(?)' as source for PRINTPKT(icmpv6.echoseq) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ahesp.spi(?)' as source for PRINTPKT(ahesp.spi) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.protocol(?)' as source for PRINTPKT(oob.protocol) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `arp.hwtype(?)' as source for PRINTPKT(arp.hwtype) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `arp.protocoltype(?)' as source for PRINTPKT(arp.protocoltype) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `arp.operation(?)' as source for PRINTPKT(arp.operation) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `arp.shwaddr(?)' as source for PRINTPKT(arp.shwaddr) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 ip2str1(IP2STR) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `arp.saddr.str(?)' as source for PRINTPKT(arp.saddr.str) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `arp.dhwaddr(?)' as source for PRINTPKT(arp.dhwaddr) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 ip2str1(IP2STR) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `arp.daddr.str(?)' as source for PRINTPKT(arp.daddr.str) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `sctp.sport(?)' as source for PRINTPKT(sctp.sport) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `sctp.dport(?)' as source for PRINTPKT(sctp.dport) Mon Feb 26 23:41:31 2024 <1> ulogd.c:826 traversing plugin `IP2STR' Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log1(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.family(?)' as source for IP2STR(oob.family) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.protocol(?)' as source for IP2STR(oob.protocol) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip.saddr(?)' as source for IP2STR(ip.saddr) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip.daddr(?)' as source for IP2STR(ip.daddr) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `arp.saddr(?)' as source for IP2STR(arp.saddr) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `arp.daddr(?)' as source for IP2STR(arp.daddr) Mon Feb 26 23:41:31 2024 <1> ulogd.c:826 traversing plugin `IFINDEX' Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log1(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.ifindex_in(?)' as source for IFINDEX(oob.ifindex_in) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log1(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.ifindex_out(?)' as source for IFINDEX(oob.ifindex_out) Mon Feb 26 23:41:31 2024 <1> ulogd.c:826 traversing plugin `BASE' Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log1(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `raw.pkt(?)' as source for BASE(raw.pkt) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log1(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `raw.pktlen(?)' as source for BASE(raw.pktlen) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log1(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.family(?)' as source for BASE(oob.family) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log1(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.protocol(?)' as source for BASE(oob.protocol) Mon Feb 26 23:41:31 2024 <1> ulogd.c:826 traversing plugin `NFLOG' Mon Feb 26 23:41:31 2024 <1> ulogd_inppkt_NFLOG.c:598 opening nfnetlink socket Mon Feb 26 23:41:31 2024 <5> ulogd_inppkt_NFLOG.c:569 forcing unbind of existing log handler for protocol 2 Mon Feb 26 23:41:31 2024 <1> ulogd_inppkt_NFLOG.c:580 binding to protocol family 2 Mon Feb 26 23:41:31 2024 <5> ulogd_inppkt_NFLOG.c:569 forcing unbind of existing log handler for protocol 10 Mon Feb 26 23:41:31 2024 <1> ulogd_inppkt_NFLOG.c:580 binding to protocol family 10 Mon Feb 26 23:41:31 2024 <5> ulogd_inppkt_NFLOG.c:569 forcing unbind of existing log handler for protocol 7 Mon Feb 26 23:41:31 2024 <1> ulogd_inppkt_NFLOG.c:580 binding to protocol family 7 Mon Feb 26 23:41:31 2024 <1> ulogd_inppkt_NFLOG.c:614 binding to log group 0 Mon Feb 26 23:41:31 2024 <1> ulogd_output_LOGEMU.c:140 starting logemu Mon Feb 26 23:41:31 2024 <1> ulogd_output_LOGEMU.c:145 opening file: /var/log/ulogd/ulogd_syslogemu.log Mon Feb 26 23:41:31 2024 <5> ulogd.c:978 building new pluginstance stack: 'log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL' Mon Feb 26 23:41:31 2024 <1> ulogd.c:988 tok=`log2:NFLOG' Mon Feb 26 23:41:31 2024 <1> ulogd.c:1025 pushing `NFLOG' on stack Mon Feb 26 23:41:31 2024 <1> ulogd.c:988 tok=`base1:BASE' Mon Feb 26 23:41:31 2024 <1> ulogd.c:1025 pushing `BASE' on stack Mon Feb 26 23:41:31 2024 <1> ulogd.c:988 tok=`ifi1:IFINDEX' Mon Feb 26 23:41:31 2024 <1> ulogd.c:1025 pushing `IFINDEX' on stack Mon Feb 26 23:41:31 2024 <1> ulogd.c:988 tok=`ip2bin1:IP2BIN' Mon Feb 26 23:41:31 2024 <1> ulogd.c:1025 pushing `IP2BIN' on stack Mon Feb 26 23:41:31 2024 <1> ulogd.c:988 tok=`mac2str1:HWHDR' Mon Feb 26 23:41:31 2024 <1> ulogd.c:1025 pushing `HWHDR' on stack Mon Feb 26 23:41:31 2024 <1> ulogd.c:988 tok=`mysql1:MYSQL' Mon Feb 26 23:41:31 2024 <1> ulogd.c:1025 pushing `MYSQL' on stack Mon Feb 26 23:41:31 2024 <1> ulogd.c:802 traversing plugin `MYSQL' Mon Feb 26 23:41:31 2024 <5> ../../util/db.c:153 (re)configuring Mon Feb 26 23:41:31 2024 <1> ulogd_output_MYSQL.c:129 57 fields in table Mon Feb 26 23:41:31 2024 <1> ulogd.c:802 traversing plugin `HWHDR' Mon Feb 26 23:41:31 2024 <1> ulogd.c:802 traversing plugin `IP2BIN' Mon Feb 26 23:41:31 2024 <1> ulogd.c:802 traversing plugin `IFINDEX' Mon Feb 26 23:41:31 2024 <1> ulogd.c:802 traversing plugin `BASE' Mon Feb 26 23:41:31 2024 <1> ulogd.c:802 traversing plugin `NFLOG' Mon Feb 26 23:41:31 2024 <1> ulogd_inppkt_NFLOG.c:557 parsing config file section `log2', plugin `NFLOG' Mon Feb 26 23:41:31 2024 <1> ulogd.c:819 connecting input/output keys of stack: Mon Feb 26 23:41:31 2024 <1> ulogd.c:826 traversing plugin `MYSQL' Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log2(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.time.sec(?)' as source for MYSQL(oob.time.sec) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log2(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.time.usec(?)' as source for MYSQL(oob.time.usec) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log2(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.prefix(?)' as source for MYSQL(oob.prefix) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log2(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.mark(?)' as source for MYSQL(oob.mark) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 ifi1(IFINDEX) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.in(?)' as source for MYSQL(oob.in) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 ifi1(IFINDEX) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.out(?)' as source for MYSQL(oob.out) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log2(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.family(?)' as source for MYSQL(oob.family) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip.saddr(?)' as source for MYSQL(ip.saddr) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip.daddr(?)' as source for MYSQL(ip.daddr) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip.protocol(?)' as source for MYSQL(ip.protocol) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip.tos(?)' as source for MYSQL(ip.tos) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip.ttl(?)' as source for MYSQL(ip.ttl) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip.totlen(?)' as source for MYSQL(ip.totlen) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip.ihl(?)' as source for MYSQL(ip.ihl) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip.id(?)' as source for MYSQL(ip.id) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip.fragoff(?)' as source for MYSQL(ip.fragoff) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip.csum(?)' as source for MYSQL(ip.csum) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip6.payloadlen(?)' as source for MYSQL(ip6.payloadlen) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip6.priority(?)' as source for MYSQL(ip6.priority) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip6.hoplimit(?)' as source for MYSQL(ip6.hoplimit) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip6.flowlabel(?)' as source for MYSQL(ip6.flowlabel) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip6.fragoff(?)' as source for MYSQL(ip6.fragoff) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip6.fragid(?)' as source for MYSQL(ip6.fragid) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.sport(?)' as source for MYSQL(tcp.sport) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.dport(?)' as source for MYSQL(tcp.dport) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.seq(?)' as source for MYSQL(tcp.seq) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.ackseq(?)' as source for MYSQL(tcp.ackseq) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.window(?)' as source for MYSQL(tcp.window) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.syn(?)' as source for MYSQL(tcp.syn) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.ack(?)' as source for MYSQL(tcp.ack) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.fin(?)' as source for MYSQL(tcp.fin) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.rst(?)' as source for MYSQL(tcp.rst) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.psh(?)' as source for MYSQL(tcp.psh) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.urg(?)' as source for MYSQL(tcp.urg) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.urgp(?)' as source for MYSQL(tcp.urgp) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.csum(?)' as source for MYSQL(tcp.csum) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `udp.sport(?)' as source for MYSQL(udp.sport) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `udp.dport(?)' as source for MYSQL(udp.dport) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `udp.len(?)' as source for MYSQL(udp.len) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `udp.csum(?)' as source for MYSQL(udp.csum) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `icmp.type(?)' as source for MYSQL(icmp.type) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `icmp.code(?)' as source for MYSQL(icmp.code) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `icmp.echoid(?)' as source for MYSQL(icmp.echoid) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `icmp.echoseq(?)' as source for MYSQL(icmp.echoseq) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `icmp.gateway(?)' as source for MYSQL(icmp.gateway) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `icmp.fragmtu(?)' as source for MYSQL(icmp.fragmtu) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `icmp.csum(?)' as source for MYSQL(icmp.csum) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `icmpv6.type(?)' as source for MYSQL(icmpv6.type) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `icmpv6.code(?)' as source for MYSQL(icmpv6.code) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `icmpv6.echoid(?)' as source for MYSQL(icmpv6.echoid) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `icmpv6.echoseq(?)' as source for MYSQL(icmpv6.echoseq) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `icmpv6.csum(?)' as source for MYSQL(icmpv6.csum) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 mac2str1(HWHDR) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `mac.saddr.str(?)' as source for MYSQL(mac.saddr.str) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 mac2str1(HWHDR) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `mac.daddr.str(?)' as source for MYSQL(mac.daddr.str) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 mac2str1(HWHDR) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `mac.str(?)' as source for MYSQL(mac.str) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 mac2str1(HWHDR) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.protocol(?)' as source for MYSQL(oob.protocol) Mon Feb 26 23:41:31 2024 <1> ulogd.c:826 traversing plugin `HWHDR' Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log2(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `raw.type(?)' as source for HWHDR(raw.type) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.protocol(?)' as source for HWHDR(oob.protocol) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log2(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `raw.mac(?)' as source for HWHDR(raw.mac) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log2(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `raw.mac_len(?)' as source for HWHDR(raw.mac_len) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log2(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `raw.mac.saddr(?)' as source for HWHDR(raw.mac.saddr) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log2(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `raw.mac.addrlen(?)' as source for HWHDR(raw.mac.addrlen) Mon Feb 26 23:41:31 2024 <1> ulogd.c:826 traversing plugin `IP2BIN' Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log2(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.family(?)' as source for IP2BIN(oob.family) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.protocol(?)' as source for IP2BIN(oob.protocol) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip.saddr(?)' as source for IP2BIN(ip.saddr) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip.daddr(?)' as source for IP2BIN(ip.daddr) Mon Feb 26 23:41:31 2024 <1> ulogd.c:826 traversing plugin `IFINDEX' Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log2(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.ifindex_in(?)' as source for IFINDEX(oob.ifindex_in) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log2(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.ifindex_out(?)' as source for IFINDEX(oob.ifindex_out) Mon Feb 26 23:41:31 2024 <1> ulogd.c:826 traversing plugin `BASE' Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log2(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `raw.pkt(?)' as source for BASE(raw.pkt) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log2(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `raw.pktlen(?)' as source for BASE(raw.pktlen) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log2(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.family(?)' as source for BASE(oob.family) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log2(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.protocol(?)' as source for BASE(oob.protocol) Mon Feb 26 23:41:31 2024 <1> ulogd.c:826 traversing plugin `NFLOG' Mon Feb 26 23:41:31 2024 <1> ulogd_inppkt_NFLOG.c:598 opening nfnetlink socket Mon Feb 26 23:41:31 2024 <1> ulogd_inppkt_NFLOG.c:614 binding to log group 1 Mon Feb 26 23:41:31 2024 <5> ../../util/db.c:208 starting Mon Feb 26 23:41:31 2024 <1> ../../util/db.c:86 allocating 6223 bytes for statement Mon Feb 26 23:41:31 2024 <1> ../../util/db.c:138 stmt='SELECT INSERT_PACKET_FULL(' Mon Feb 26 23:41:31 2024 <3> ulogd.c:1645 initialization finished, entering main loop ulogd.conf ========== [global] user="ulogd" group="ulogd" logfile="/var/log/ulogd/ulogd.log" # loglevel: debug(1), info(3), notice(5), error(7) or fatal(8) (default 5) loglevel=1 plugin="/usr/local/lib/ulogd/ulogd_inppkt_NFLOG.so" plugin="/usr/local/lib/ulogd/ulogd_filter_IFINDEX.so" plugin="/usr/local/lib/ulogd/ulogd_filter_IP2BIN.so" plugin="/usr/local/lib/ulogd/ulogd_filter_IP2STR.so" plugin="/usr/local/lib/ulogd/ulogd_filter_HWHDR.so" plugin="/usr/local/lib/ulogd/ulogd_output_MYSQL.so" plugin="/usr/local/lib/ulogd/ulogd_raw2packet_BASE.so" plugin="/usr/local/lib/ulogd/ulogd_filter_PRINTPKT.so" plugin="/usr/local/lib/ulogd/ulogd_output_LOGEMU.so" # this is a stack for logging packet send by system via LOGEMU stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU # this is a stack for logging packet to MySQL stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL [log1] group=0 [log2] group=1 # Group has to be different from the one use in log1 #[log3] #group=2 [emu1] file="/var/log/ulogd/ulogd_syslogemu.log" sync=1 [mysql1] db="ulogd" host="localhost" user="ulogd" table="ulog2" pass="XXXXXXXX" procedure="INSERT_PACKET_FULL" iptables rules ============== Chain LOG_DROP (4 references) pkts bytes target prot opt in out source destination 6464 294K DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:135:139 18631 917K DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 2379 169K DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:135:139 10881 1023K NFLOG all -- * * 0.0.0.0/0 0.0.0.0/0 nflog-group 1 nflog-threshold 1 10597 991K NFLOG all -- * * 0.0.0.0/0 0.0.0.0/0 nflog-threshold 1 115K 11M DROP all -- * * 0.0.0.0/0 0.0.0.0/0
[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux