Thank you for your reply. Let me print the ulogd configurations here, so that I can describe my problem better. # this is a stack for flow-based logging via LOGEMU stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU [ct1] netlink_socket_buffer_size=217088 netlink_socket_buffer_maxsize=1085440 #netlink_resync_timeout=60 # seconds to wait to perform resynchronization pollinterval=5 # use poll-based logging instead of event-driven hash_enable=1 ulogd is running without any error messages. But, ulogd_syslogemu.log has no contents. conntrack -E displays the flow perfectly. I tried to find out the cause of no content in the ulogd_syslogemu.log in the log file. ulogd requires nf_conntrack_netlink subsystem/module. In my linux version (RHEL 5), I dont have that. Instead of that I have ip_conntrack_netlink module. 1) Is there any way that I can make ulogd to talk to ip_conntrack_netlink, and whether ip_conntrack_netlink is equivalent of nf_conntrack_netlink? 2) If (1) is not possible, can I able to include just the nf_conntrack_netlink in RHEL5 without changing any existing functionality? nf_conntrack_netlink and ip_conntrack_netlink can work well simultaneously? 3) If (2) is not possible, what would be your advice on this? RHEL5 + ip_conntrack_netlink is used in many servers(may be more than 1000 servers) in my organization. Considering this, any change would cause potential testing. So a simple solution would be easily accepted in my organization. -----Original Message----- From: netfilter-owner@xxxxxxxxxxxxxxx [mailto:netfilter-owner@xxxxxxxxxxxxxxx] On Behalf Of kay Sent: Friday, July 27, 2012 8:12 PM To: netfilter@xxxxxxxxxxxxxxx Subject: Re: ulogd - ip_conntrack_netlink - how to get it working one Dear Gomathivinayagam, What exactly you would like to achieve and what you already achieved? What did you mean saying "capture flow based logging"? For example here is my ulog data: Jul 28 01:03:15 esagila DROP packet: IN=eth0 OUT= MAC=*** SRC=*** DST=*** LEN=52 TOS=00 PREC=0x00 TTL=55 ID=37188 CE DF PROTO=TCP SPT=51183 DPT=22 SEQ=2563245107 ACK=138246617 WINDOW=61 ACK URGP=0 Do you need something more with the packet data or what? 2012/7/28 Gomathivinayagam Muthuvinayagam <sankarmail@xxxxxxxxx>: > I don’t know whether I’m asking stupid questions, but if someone could > respond for this post, that will be great. > > Thanks & Regards, > > > > > On Fri, Jul 27, 2012 at 7:26 PM, Gomathivinayagam Muthuvinayagam > <sankarmail@xxxxxxxxx> wrote: >> Hi, >> >> I have a RHEL 5 os in my system. I have setup ulogd in my local >> system. I’m able to do packet capturing. >> I’m not able to capture flow based logging. What I have found was, in >> my system I don’t have nf_conntrack_netlink. >> Instead I have ip_conntrack_netlink. Is that possible I can >> incorporate nf_conntrack_netlink into RHEL5? And make ulogd to be >> working one. >> >> Your help would be much appreciated. >> >> Thanks, >> >> >> Thanks & Regards, > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" > in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo > info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
