Re: Ulogd2 Mysql KO

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Feb 27, 2024 at 10:26:16AM +0100, Yves Metivier wrote:
> Hello,
> 
> first I apologize for ma bad English (I am French, and old...:-)

No problem.

Attached output is garbled by MUA, I suspected, hard to read.

> I can't get ulogd2 and MYSQL to work, altough it works well with LOGEMU.
> After initialization, there are no more messages in the ulogd.log Below are
> ulogd.log, ulogd.conf and an extract of iptables rules : Ulogd.log =========
> Mon Feb 26 23:41:31 2024 <5> ulogd.c:408 registering plugin `NFLOG' Mon Feb
> 26 23:41:31 2024 <5> ulogd.c:408 registering plugin `IFINDEX' Mon Feb 26
> 23:41:31 2024 <5> ulogd.c:408 registering plugin `IP2BIN' Mon Feb 26
> 23:41:31 2024 <5> ulogd.c:408 registering plugin `IP2STR' Mon Feb 26
> 23:41:31 2024 <5> ulogd.c:408 registering plugin `HWHDR' Mon Feb 26 23:41:31
> 2024 <5> ulogd.c:408 registering plugin `MYSQL' Mon Feb 26 23:41:31 2024 <5>
> ulogd.c:408 registering plugin `BASE' Mon Feb 26 23:41:31 2024 <5>
> ulogd.c:408 registering plugin `PRINTPKT' Mon Feb 26 23:41:31 2024 <5>
> ulogd.c:408 registering plugin `LOGEMU' Mon Feb 26 23:41:31 2024 <5>
> ulogd.c:978 building new pluginstance stack: 'log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU'
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:988 tok=`log1:NFLOG' Mon Feb 26
> 23:41:31 2024 <1> ulogd.c:1025 pushing `NFLOG' on stack Mon Feb 26 23:41:31
> 2024 <1> ulogd.c:988 tok=`base1:BASE' Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:1025 pushing `BASE' on stack Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:988 tok=`ifi1:IFINDEX' Mon Feb 26 23:41:31 2024 <1> ulogd.c:1025
> pushing `IFINDEX' on stack Mon Feb 26 23:41:31 2024 <1> ulogd.c:988
> tok=`ip2str1:IP2STR' Mon Feb 26 23:41:31 2024 <1> ulogd.c:1025 pushing
> `IP2STR' on stack Mon Feb 26 23:41:31 2024 <1> ulogd.c:988
> tok=`print1:PRINTPKT' Mon Feb 26 23:41:31 2024 <1> ulogd.c:1025 pushing
> `PRINTPKT' on stack Mon Feb 26 23:41:31 2024 <1> ulogd.c:988
> tok=`emu1:LOGEMU' Mon Feb 26 23:41:31 2024 <1> ulogd.c:1025 pushing `LOGEMU'
> on stack Mon Feb 26 23:41:31 2024 <1> ulogd.c:802 traversing plugin `LOGEMU'
> Mon Feb 26 23:41:31 2024 <1> ulogd_output_LOGEMU.c:180 parsing config file
> section emu1 Mon Feb 26 23:41:31 2024 <1> ulogd.c:802 traversing plugin
> `PRINTPKT' Mon Feb 26 23:41:31 2024 <1> ulogd.c:802 traversing plugin
> `IP2STR' Mon Feb 26 23:41:31 2024 <1> ulogd.c:802 traversing plugin
> `IFINDEX' Mon Feb 26 23:41:31 2024 <1> ulogd.c:802 traversing plugin `BASE'
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:802 traversing plugin `NFLOG' Mon Feb
> 26 23:41:31 2024 <1> ulogd_inppkt_NFLOG.c:557 parsing config file section
> `log1', plugin `NFLOG' Mon Feb 26 23:41:31 2024 <1> ulogd.c:819 connecting
> input/output keys of stack: Mon Feb 26 23:41:31 2024 <1> ulogd.c:826
> traversing plugin `LOGEMU' Mon Feb 26 23:41:31 2024 <1> ulogd.c:783
> print1(PRINTPKT) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `print(?)' as source for LOGEMU(print) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 log1(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `oob.time.sec(?)' as source for LOGEMU(oob.time.sec) Mon Feb 26 23:41:31
> 2024 <1> ulogd.c:826 traversing plugin `PRINTPKT' Mon Feb 26 23:41:31 2024
> <1> ulogd.c:783 log1(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888
> assigning `oob.family(?)' as source for PRINTPKT(oob.family) Mon Feb 26
> 23:41:31 2024 <1> ulogd.c:783 log1(NFLOG) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `oob.prefix(?)' as source for PRINTPKT(oob.prefix) Mon
> Feb 26 23:41:31 2024 <1> ulogd.c:783 ifi1(IFINDEX) Mon Feb 26 23:41:31 2024
> <1> ulogd.c:888 assigning `oob.in(?)' as source for PRINTPKT(oob.in) Mon Feb
> 26 23:41:31 2024 <1> ulogd.c:783 ifi1(IFINDEX) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `oob.out(?)' as source for PRINTPKT(oob.out) Mon Feb
> 26 23:41:31 2024 <1> ulogd.c:783 log1(NFLOG) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `oob.uid(?)' as source for PRINTPKT(oob.uid) Mon Feb
> 26 23:41:31 2024 <1> ulogd.c:783 log1(NFLOG) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `oob.gid(?)' as source for PRINTPKT(oob.gid) Mon Feb
> 26 23:41:31 2024 <1> ulogd.c:783 log1(NFLOG) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `oob.mark(?)' as source for PRINTPKT(oob.mark) Mon Feb
> 26 23:41:31 2024 <1> ulogd.c:783 log1(NFLOG) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `raw.mac(?)' as source for PRINTPKT(raw.mac) Mon Feb
> 26 23:41:31 2024 <1> ulogd.c:783 log1(NFLOG) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `raw.mac_len(?)' as source for PRINTPKT(raw.mac_len)
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 ip2str1(IP2STR) Mon Feb 26 23:41:31
> 2024 <1> ulogd.c:888 assigning `ip.saddr.str(?)' as source for
> PRINTPKT(ip.saddr.str) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783
> ip2str1(IP2STR) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `ip.daddr.str(?)' as source for PRINTPKT(ip.daddr.str) Mon Feb 26 23:41:31
> 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888
> assigning `ip.totlen(?)' as source for PRINTPKT(ip.totlen) Mon Feb 26
> 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `ip.tos(?)' as source for PRINTPKT(ip.tos) Mon Feb 26
> 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `ip.ttl(?)' as source for PRINTPKT(ip.ttl) Mon Feb 26
> 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `ip.id(?)' as source for PRINTPKT(ip.id) Mon Feb 26
> 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `ip.fragoff(?)' as source for PRINTPKT(ip.fragoff) Mon
> Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024
> <1> ulogd.c:888 assigning `ip.protocol(?)' as source for
> PRINTPKT(ip.protocol) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE)
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip6.payloadlen(?)' as
> source for PRINTPKT(ip6.payloadlen) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783
> base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `ip6.priority(?)' as source for PRINTPKT(ip6.priority) Mon Feb 26 23:41:31
> 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888
> assigning `ip6.hoplimit(?)' as source for PRINTPKT(ip6.hoplimit) Mon Feb 26
> 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `ip6.flowlabel(?)' as source for
> PRINTPKT(ip6.flowlabel) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE)
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip6.nexthdr(?)' as
> source for PRINTPKT(ip6.nexthdr) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783
> base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `ip6.fragoff(?)' as source for PRINTPKT(ip6.fragoff) Mon Feb 26 23:41:31
> 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888
> assigning `ip6.fragid(?)' as source for PRINTPKT(ip6.fragid) Mon Feb 26
> 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `tcp.sport(?)' as source for PRINTPKT(tcp.sport) Mon
> Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024
> <1> ulogd.c:888 assigning `tcp.dport(?)' as source for PRINTPKT(tcp.dport)
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31
> 2024 <1> ulogd.c:888 assigning `tcp.seq(?)' as source for PRINTPKT(tcp.seq)
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31
> 2024 <1> ulogd.c:888 assigning `tcp.ackseq(?)' as source for
> PRINTPKT(tcp.ackseq) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE)
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.window(?)' as source
> for PRINTPKT(tcp.window) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783
> base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.syn(?)'
> as source for PRINTPKT(tcp.syn) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783
> base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.ack(?)'
> as source for PRINTPKT(tcp.ack) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783
> base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.psh(?)'
> as source for PRINTPKT(tcp.psh) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783
> base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.rst(?)'
> as source for PRINTPKT(tcp.rst) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783
> base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.fin(?)'
> as source for PRINTPKT(tcp.fin) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783
> base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.urg(?)'
> as source for PRINTPKT(tcp.urg) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783
> base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `tcp.urgp(?)'
> as source for PRINTPKT(tcp.urgp) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783
> base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `udp.sport(?)' as source for PRINTPKT(udp.sport) Mon Feb 26 23:41:31 2024
> <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888
> assigning `udp.dport(?)' as source for PRINTPKT(udp.dport) Mon Feb 26
> 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `udp.len(?)' as source for PRINTPKT(udp.len) Mon Feb
> 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `icmp.type(?)' as source for PRINTPKT(icmp.type) Mon
> Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024
> <1> ulogd.c:888 assigning `icmp.code(?)' as source for PRINTPKT(icmp.code)
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31
> 2024 <1> ulogd.c:888 assigning `icmp.echoid(?)' as source for
> PRINTPKT(icmp.echoid) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE)
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `icmp.echoseq(?)' as
> source for PRINTPKT(icmp.echoseq) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783
> base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `icmp.gateway(?)' as source for PRINTPKT(icmp.gateway) Mon Feb 26 23:41:31
> 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888
> assigning `icmp.fragmtu(?)' as source for PRINTPKT(icmp.fragmtu) Mon Feb 26
> 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `icmpv6.type(?)' as source for PRINTPKT(icmpv6.type)
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31
> 2024 <1> ulogd.c:888 assigning `icmpv6.code(?)' as source for
> PRINTPKT(icmpv6.code) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE)
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `icmpv6.echoid(?)' as
> source for PRINTPKT(icmpv6.echoid) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783
> base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `icmpv6.echoseq(?)' as source for PRINTPKT(icmpv6.echoseq) Mon Feb 26
> 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `ahesp.spi(?)' as source for PRINTPKT(ahesp.spi) Mon
> Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024
> <1> ulogd.c:888 assigning `oob.protocol(?)' as source for
> PRINTPKT(oob.protocol) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE)
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `arp.hwtype(?)' as source
> for PRINTPKT(arp.hwtype) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783
> base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `arp.protocoltype(?)' as source for PRINTPKT(arp.protocoltype) Mon Feb 26
> 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `arp.operation(?)' as source for
> PRINTPKT(arp.operation) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE)
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `arp.shwaddr(?)' as
> source for PRINTPKT(arp.shwaddr) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783
> ip2str1(IP2STR) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `arp.saddr.str(?)' as source for PRINTPKT(arp.saddr.str) Mon Feb 26 23:41:31
> 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888
> assigning `arp.dhwaddr(?)' as source for PRINTPKT(arp.dhwaddr) Mon Feb 26
> 23:41:31 2024 <1> ulogd.c:783 ip2str1(IP2STR) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `arp.daddr.str(?)' as source for
> PRINTPKT(arp.daddr.str) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE)
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `sctp.sport(?)' as source
> for PRINTPKT(sctp.sport) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783
> base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `sctp.dport(?)' as source for PRINTPKT(sctp.dport) Mon Feb 26 23:41:31 2024
> <1> ulogd.c:826 traversing plugin `IP2STR' Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 log1(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `oob.family(?)' as source for IP2STR(oob.family) Mon Feb 26 23:41:31 2024
> <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888
> assigning `oob.protocol(?)' as source for IP2STR(oob.protocol) Mon Feb 26
> 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `ip.saddr(?)' as source for IP2STR(ip.saddr) Mon Feb
> 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `ip.daddr(?)' as source for IP2STR(ip.daddr) Mon Feb
> 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `arp.saddr(?)' as source for IP2STR(arp.saddr) Mon Feb
> 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `arp.daddr(?)' as source for IP2STR(arp.daddr) Mon Feb
> 26 23:41:31 2024 <1> ulogd.c:826 traversing plugin `IFINDEX' Mon Feb 26
> 23:41:31 2024 <1> ulogd.c:783 log1(NFLOG) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `oob.ifindex_in(?)' as source for
> IFINDEX(oob.ifindex_in) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log1(NFLOG)
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.ifindex_out(?)' as
> source for IFINDEX(oob.ifindex_out) Mon Feb 26 23:41:31 2024 <1> ulogd.c:826
> traversing plugin `BASE' Mon Feb 26 23:41:31 2024 <1> ulogd.c:783
> log1(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `raw.pkt(?)'
> as source for BASE(raw.pkt) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783
> log1(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `raw.pktlen(?)' as source for BASE(raw.pktlen) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 log1(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `oob.family(?)' as source for BASE(oob.family) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 log1(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `oob.protocol(?)' as source for BASE(oob.protocol) Mon Feb 26 23:41:31 2024
> <1> ulogd.c:826 traversing plugin `NFLOG' Mon Feb 26 23:41:31 2024 <1>
> ulogd_inppkt_NFLOG.c:598 opening nfnetlink socket Mon Feb 26 23:41:31 2024
> <5> ulogd_inppkt_NFLOG.c:569 forcing unbind of existing log handler for
> protocol 2 Mon Feb 26 23:41:31 2024 <1> ulogd_inppkt_NFLOG.c:580 binding to
> protocol family 2 Mon Feb 26 23:41:31 2024 <5> ulogd_inppkt_NFLOG.c:569
> forcing unbind of existing log handler for protocol 10 Mon Feb 26 23:41:31
> 2024 <1> ulogd_inppkt_NFLOG.c:580 binding to protocol family 10 Mon Feb 26
> 23:41:31 2024 <5> ulogd_inppkt_NFLOG.c:569 forcing unbind of existing log
> handler for protocol 7 Mon Feb 26 23:41:31 2024 <1> ulogd_inppkt_NFLOG.c:580
> binding to protocol family 7 Mon Feb 26 23:41:31 2024 <1>
> ulogd_inppkt_NFLOG.c:614 binding to log group 0 Mon Feb 26 23:41:31 2024 <1>
> ulogd_output_LOGEMU.c:140 starting logemu Mon Feb 26 23:41:31 2024 <1>
> ulogd_output_LOGEMU.c:145 opening file: /var/log/ulogd/ulogd_syslogemu.log
> Mon Feb 26 23:41:31 2024 <5> ulogd.c:978 building new pluginstance stack: 'log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL'
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:988 tok=`log2:NFLOG' Mon Feb 26
> 23:41:31 2024 <1> ulogd.c:1025 pushing `NFLOG' on stack Mon Feb 26 23:41:31
> 2024 <1> ulogd.c:988 tok=`base1:BASE' Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:1025 pushing `BASE' on stack Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:988 tok=`ifi1:IFINDEX' Mon Feb 26 23:41:31 2024 <1> ulogd.c:1025
> pushing `IFINDEX' on stack Mon Feb 26 23:41:31 2024 <1> ulogd.c:988
> tok=`ip2bin1:IP2BIN' Mon Feb 26 23:41:31 2024 <1> ulogd.c:1025 pushing
> `IP2BIN' on stack Mon Feb 26 23:41:31 2024 <1> ulogd.c:988
> tok=`mac2str1:HWHDR' Mon Feb 26 23:41:31 2024 <1> ulogd.c:1025 pushing
> `HWHDR' on stack Mon Feb 26 23:41:31 2024 <1> ulogd.c:988 tok=`mysql1:MYSQL'
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:1025 pushing `MYSQL' on stack Mon Feb
> 26 23:41:31 2024 <1> ulogd.c:802 traversing plugin `MYSQL' Mon Feb 26
> 23:41:31 2024 <5> ../../util/db.c:153 (re)configuring Mon Feb 26 23:41:31
> 2024 <1> ulogd_output_MYSQL.c:129 57 fields in table Mon Feb 26 23:41:31
> 2024 <1> ulogd.c:802 traversing plugin `HWHDR' Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:802 traversing plugin `IP2BIN' Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:802 traversing plugin `IFINDEX' Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:802 traversing plugin `BASE' Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:802 traversing plugin `NFLOG' Mon Feb 26 23:41:31 2024 <1>
> ulogd_inppkt_NFLOG.c:557 parsing config file section `log2', plugin `NFLOG'
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:819 connecting input/output keys of
> stack: Mon Feb 26 23:41:31 2024 <1> ulogd.c:826 traversing plugin `MYSQL'
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log2(NFLOG) Mon Feb 26 23:41:31
> 2024 <1> ulogd.c:888 assigning `oob.time.sec(?)' as source for
> MYSQL(oob.time.sec) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log2(NFLOG) Mon
> Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.time.usec(?)' as source
> for MYSQL(oob.time.usec) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783
> log2(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `oob.prefix(?)' as source for MYSQL(oob.prefix) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 log2(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `oob.mark(?)' as source for MYSQL(oob.mark) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 ifi1(IFINDEX) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `oob.in(?)' as source for MYSQL(oob.in) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 ifi1(IFINDEX) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `oob.out(?)' as source for MYSQL(oob.out) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 log2(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `oob.family(?)' as source for MYSQL(oob.family) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `ip.saddr(?)' as source for MYSQL(ip.saddr) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `ip.daddr(?)' as source for MYSQL(ip.daddr) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `ip.protocol(?)' as source for MYSQL(ip.protocol) Mon Feb 26 23:41:31 2024
> <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888
> assigning `ip.tos(?)' as source for MYSQL(ip.tos) Mon Feb 26 23:41:31 2024
> <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888
> assigning `ip.ttl(?)' as source for MYSQL(ip.ttl) Mon Feb 26 23:41:31 2024
> <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888
> assigning `ip.totlen(?)' as source for MYSQL(ip.totlen) Mon Feb 26 23:41:31
> 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888
> assigning `ip.ihl(?)' as source for MYSQL(ip.ihl) Mon Feb 26 23:41:31 2024
> <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888
> assigning `ip.id(?)' as source for MYSQL(ip.id) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `ip.fragoff(?)' as source for MYSQL(ip.fragoff) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `ip.csum(?)' as source for MYSQL(ip.csum) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `ip6.payloadlen(?)' as source for MYSQL(ip6.payloadlen) Mon Feb 26 23:41:31
> 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888
> assigning `ip6.priority(?)' as source for MYSQL(ip6.priority) Mon Feb 26
> 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `ip6.hoplimit(?)' as source for MYSQL(ip6.hoplimit)
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31
> 2024 <1> ulogd.c:888 assigning `ip6.flowlabel(?)' as source for
> MYSQL(ip6.flowlabel) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE)
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `ip6.fragoff(?)' as
> source for MYSQL(ip6.fragoff) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783
> base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `ip6.fragid(?)' as source for MYSQL(ip6.fragid) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `tcp.sport(?)' as source for MYSQL(tcp.sport) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `tcp.dport(?)' as source for MYSQL(tcp.dport) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `tcp.seq(?)' as source for MYSQL(tcp.seq) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `tcp.ackseq(?)' as source for MYSQL(tcp.ackseq) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `tcp.window(?)' as source for MYSQL(tcp.window) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `tcp.syn(?)' as source for MYSQL(tcp.syn) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `tcp.ack(?)' as source for MYSQL(tcp.ack) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `tcp.fin(?)' as source for MYSQL(tcp.fin) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `tcp.rst(?)' as source for MYSQL(tcp.rst) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `tcp.psh(?)' as source for MYSQL(tcp.psh) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `tcp.urg(?)' as source for MYSQL(tcp.urg) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `tcp.urgp(?)' as source for MYSQL(tcp.urgp) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `tcp.csum(?)' as source for MYSQL(tcp.csum) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `udp.sport(?)' as source for MYSQL(udp.sport) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `udp.dport(?)' as source for MYSQL(udp.dport) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `udp.len(?)' as source for MYSQL(udp.len) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `udp.csum(?)' as source for MYSQL(udp.csum) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `icmp.type(?)' as source for MYSQL(icmp.type) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `icmp.code(?)' as source for MYSQL(icmp.code) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `icmp.echoid(?)' as source for MYSQL(icmp.echoid) Mon Feb 26 23:41:31 2024
> <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888
> assigning `icmp.echoseq(?)' as source for MYSQL(icmp.echoseq) Mon Feb 26
> 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `icmp.gateway(?)' as source for MYSQL(icmp.gateway)
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31
> 2024 <1> ulogd.c:888 assigning `icmp.fragmtu(?)' as source for
> MYSQL(icmp.fragmtu) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon
> Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `icmp.csum(?)' as source for
> MYSQL(icmp.csum) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon
> Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `icmpv6.type(?)' as source
> for MYSQL(icmpv6.type) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE)
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `icmpv6.code(?)' as
> source for MYSQL(icmpv6.code) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783
> base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `icmpv6.echoid(?)' as source for MYSQL(icmpv6.echoid) Mon Feb 26 23:41:31
> 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888
> assigning `icmpv6.echoseq(?)' as source for MYSQL(icmpv6.echoseq) Mon Feb 26
> 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `icmpv6.csum(?)' as source for MYSQL(icmpv6.csum) Mon
> Feb 26 23:41:31 2024 <1> ulogd.c:783 mac2str1(HWHDR) Mon Feb 26 23:41:31
> 2024 <1> ulogd.c:888 assigning `mac.saddr.str(?)' as source for
> MYSQL(mac.saddr.str) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783
> mac2str1(HWHDR) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `mac.daddr.str(?)' as source for MYSQL(mac.daddr.str) Mon Feb 26 23:41:31
> 2024 <1> ulogd.c:783 mac2str1(HWHDR) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `mac.str(?)' as source for MYSQL(mac.str) Mon Feb 26
> 23:41:31 2024 <1> ulogd.c:783 mac2str1(HWHDR) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `oob.protocol(?)' as source for MYSQL(oob.protocol)
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:826 traversing plugin `HWHDR' Mon Feb
> 26 23:41:31 2024 <1> ulogd.c:783 log2(NFLOG) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `raw.type(?)' as source for HWHDR(raw.type) Mon Feb 26
> 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `oob.protocol(?)' as source for HWHDR(oob.protocol)
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log2(NFLOG) Mon Feb 26 23:41:31
> 2024 <1> ulogd.c:888 assigning `raw.mac(?)' as source for HWHDR(raw.mac) Mon
> Feb 26 23:41:31 2024 <1> ulogd.c:783 log2(NFLOG) Mon Feb 26 23:41:31 2024
> <1> ulogd.c:888 assigning `raw.mac_len(?)' as source for HWHDR(raw.mac_len)
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log2(NFLOG) Mon Feb 26 23:41:31
> 2024 <1> ulogd.c:888 assigning `raw.mac.saddr(?)' as source for
> HWHDR(raw.mac.saddr) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log2(NFLOG)
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `raw.mac.addrlen(?)' as
> source for HWHDR(raw.mac.addrlen) Mon Feb 26 23:41:31 2024 <1> ulogd.c:826
> traversing plugin `IP2BIN' Mon Feb 26 23:41:31 2024 <1> ulogd.c:783
> log2(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `oob.family(?)' as source for IP2BIN(oob.family) Mon Feb 26 23:41:31 2024
> <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888
> assigning `oob.protocol(?)' as source for IP2BIN(oob.protocol) Mon Feb 26
> 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `ip.saddr(?)' as source for IP2BIN(ip.saddr) Mon Feb
> 26 23:41:31 2024 <1> ulogd.c:783 base1(BASE) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `ip.daddr(?)' as source for IP2BIN(ip.daddr) Mon Feb
> 26 23:41:31 2024 <1> ulogd.c:826 traversing plugin `IFINDEX' Mon Feb 26
> 23:41:31 2024 <1> ulogd.c:783 log2(NFLOG) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:888 assigning `oob.ifindex_in(?)' as source for
> IFINDEX(oob.ifindex_in) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783 log2(NFLOG)
> Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `oob.ifindex_out(?)' as
> source for IFINDEX(oob.ifindex_out) Mon Feb 26 23:41:31 2024 <1> ulogd.c:826
> traversing plugin `BASE' Mon Feb 26 23:41:31 2024 <1> ulogd.c:783
> log2(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning `raw.pkt(?)'
> as source for BASE(raw.pkt) Mon Feb 26 23:41:31 2024 <1> ulogd.c:783
> log2(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `raw.pktlen(?)' as source for BASE(raw.pktlen) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 log2(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `oob.family(?)' as source for BASE(oob.family) Mon Feb 26 23:41:31 2024 <1>
> ulogd.c:783 log2(NFLOG) Mon Feb 26 23:41:31 2024 <1> ulogd.c:888 assigning
> `oob.protocol(?)' as source for BASE(oob.protocol) Mon Feb 26 23:41:31 2024
> <1> ulogd.c:826 traversing plugin `NFLOG' Mon Feb 26 23:41:31 2024 <1>
> ulogd_inppkt_NFLOG.c:598 opening nfnetlink socket Mon Feb 26 23:41:31 2024
> <1> ulogd_inppkt_NFLOG.c:614 binding to log group 1 Mon Feb 26 23:41:31 2024
> <5> ../../util/db.c:208 starting Mon Feb 26 23:41:31 2024 <1>
> ../../util/db.c:86 allocating 6223 bytes for statement Mon Feb 26 23:41:31
> 2024 <1> ../../util/db.c:138 stmt='SELECT INSERT_PACKET_FULL(' Mon Feb 26
> 23:41:31 2024 <3> ulogd.c:1645 initialization finished, entering main loop
> ulogd.conf ========== [global] user="ulogd" group="ulogd"
> logfile="/var/log/ulogd/ulogd.log" # loglevel: debug(1), info(3), notice(5),
> error(7) or fatal(8) (default 5) loglevel=1
> plugin="/usr/local/lib/ulogd/ulogd_inppkt_NFLOG.so"
> plugin="/usr/local/lib/ulogd/ulogd_filter_IFINDEX.so"
> plugin="/usr/local/lib/ulogd/ulogd_filter_IP2BIN.so"
> plugin="/usr/local/lib/ulogd/ulogd_filter_IP2STR.so"
> plugin="/usr/local/lib/ulogd/ulogd_filter_HWHDR.so"
> plugin="/usr/local/lib/ulogd/ulogd_output_MYSQL.so"
> plugin="/usr/local/lib/ulogd/ulogd_raw2packet_BASE.so"
> plugin="/usr/local/lib/ulogd/ulogd_filter_PRINTPKT.so"
> plugin="/usr/local/lib/ulogd/ulogd_output_LOGEMU.so" # this is a stack for
> logging packet send by system via LOGEMU stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
> # this is a stack for logging packet to MySQL stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL
> [log1] group=0 [log2] group=1 # Group has to be different from the one use
> in log1 #[log3] #group=2 [emu1] file="/var/log/ulogd/ulogd_syslogemu.log"
> sync=1 [mysql1] db="ulogd" host="localhost" user="ulogd" table="ulog2"
> pass="XXXXXXXX" procedure="INSERT_PACKET_FULL" iptables rules ==============
> Chain LOG_DROP (4 references) pkts bytes target prot opt in out source
> destination 6464 294K DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:135:139
> 18631 917K DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 2379 169K DROP
> udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:135:139 10881 1023K NFLOG all -- * *
> 0.0.0.0/0 0.0.0.0/0 nflog-group 1 nflog-threshold 1 10597 991K NFLOG all --
> * * 0.0.0.0/0 0.0.0.0/0 nflog-threshold 1 115K 11M DROP all -- * * 0.0.0.0/0
> 0.0.0.0/0
> 
>
[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux