Can someone respond to this? Your help would be much appreciated. Thanks & Regards, On Fri, Jul 27, 2012 at 8:43 PM, Gomathivinayagam Muthuvinayagam <sankarmail@xxxxxxxxx> wrote: > For the flow based logging (NFCT plugin), without iptable rules ulogd > works perfectly. Basically ulogd NFCT plugin directly communicates > with conntrack system through nf_conntrack_netlink. This thing I have > tested in my ubuntu system and works fine. Only problem is with RHEL5 > system, because there is nf_conntrack_netlink module. > > -----Original Message----- > From: netfilter-owner@xxxxxxxxxxxxxxx > [mailto:netfilter-owner@xxxxxxxxxxxxxxx] On Behalf Of kay > Sent: Friday, July 27, 2012 8:39 PM > To: netfilter@xxxxxxxxxxxxxxx > Subject: Re: ulogd - ip_conntrack_netlink - how to get it working one > > Could you please provide your iptables rules with ULOG action? > > 2012/7/28 Gomathivinayagam Muthuvinayagam <sankarmail@xxxxxxxxx>: >> Thank you for your reply. >> >> Let me print the ulogd configurations here, so that I can describe my >> problem better. >> >> # this is a stack for flow-based logging via LOGEMU >> stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU >> >> [ct1] >> netlink_socket_buffer_size=217088 >> netlink_socket_buffer_maxsize=1085440 >> #netlink_resync_timeout=60 # seconds to wait to perform >> resynchronization >> pollinterval=5 # use poll-based logging instead of event-driven >> hash_enable=1 >> >> ulogd is running without any error messages. But, ulogd_syslogemu.log >> has no contents. conntrack -E displays the flow perfectly. >> >> I tried to find out the cause of no content in the ulogd_syslogemu.log >> in the log file. ulogd requires nf_conntrack_netlink subsystem/module. >> In my linux version (RHEL 5), I dont have that. Instead of that I have >> ip_conntrack_netlink module. >> >> 1) Is there any way that I can make ulogd to talk to >> ip_conntrack_netlink, and whether ip_conntrack_netlink is equivalent >> of nf_conntrack_netlink? >> >> 2) If (1) is not possible, can I able to include just the >> nf_conntrack_netlink in RHEL5 without changing any existing >> functionality? nf_conntrack_netlink and ip_conntrack_netlink can work >> well simultaneously? >> >> 3) If (2) is not possible, what would be your advice on this? RHEL5 + >> ip_conntrack_netlink is used in many servers(may be more than 1000 >> servers) in my organization. Considering this, any change would cause >> potential testing. So a simple solution would be easily accepted in my >> organization. >> >> >> -----Original Message----- >> From: netfilter-owner@xxxxxxxxxxxxxxx >> [mailto:netfilter-owner@xxxxxxxxxxxxxxx] On Behalf Of kay >> Sent: Friday, July 27, 2012 8:12 PM >> To: netfilter@xxxxxxxxxxxxxxx >> Subject: Re: ulogd - ip_conntrack_netlink - how to get it working one >> >> Dear Gomathivinayagam, >> >> What exactly you would like to achieve and what you already achieved? >> >> What did you mean saying "capture flow based logging"? >> >> For example here is my ulog data: >> >> Jul 28 01:03:15 esagila DROP packet: IN=eth0 OUT= MAC=*** SRC=*** >> DST=*** LEN=52 TOS=00 PREC=0x00 TTL=55 ID=37188 CE DF PROTO=TCP >> SPT=51183 DPT=22 SEQ=2563245107 ACK=138246617 WINDOW=61 ACK URGP=0 >> >> Do you need something more with the packet data or what? >> >> 2012/7/28 Gomathivinayagam Muthuvinayagam <sankarmail@xxxxxxxxx>: >>> I don’t know whether I’m asking stupid questions, but if someone >>> could respond for this post, that will be great. >>> >>> Thanks & Regards, >>> >>> >>> >>> >>> On Fri, Jul 27, 2012 at 7:26 PM, Gomathivinayagam Muthuvinayagam >>> <sankarmail@xxxxxxxxx> wrote: >>>> Hi, >>>> >>>> I have a RHEL 5 os in my system. I have setup ulogd in my local >>>> system. I’m able to do packet capturing. >>>> I’m not able to capture flow based logging. What I have found was, >>>> in my system I don’t have nf_conntrack_netlink. >>>> Instead I have ip_conntrack_netlink. Is that possible I can >>>> incorporate nf_conntrack_netlink into RHEL5? And make ulogd to be >>>> working one. >>>> >>>> Your help would be much appreciated. >>>> >>>> Thanks, >>>> >>>> >>>> Thanks & Regards, >>> -- >>> To unsubscribe from this list: send the line "unsubscribe netfilter" >>> in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo >>> info at http://vger.kernel.org/majordomo-info.html >> -- >> To unsubscribe from this list: send the line "unsubscribe netfilter" >> in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo >> info at http://vger.kernel.org/majordomo-info.html >> -- >> To unsubscribe from this list: send the line "unsubscribe netfilter" >> in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo >> info at http://vger.kernel.org/majordomo-info.html > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" > in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo > info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
