Hello, Le samedi 28 juillet 2012 à 01:17 -0700, Gomathivinayagam Muthuvinayagam a écrit : > Can someone respond to this? Your help would be much appreciated. Only 5 hours between the question and this mail. If you want a support with SLR I can recommend you some companies that will be really happy to sell it to you. BR, > Thanks & Regards, > > > > > On Fri, Jul 27, 2012 at 8:43 PM, Gomathivinayagam Muthuvinayagam > <sankarmail@xxxxxxxxx> wrote: > > For the flow based logging (NFCT plugin), without iptable rules ulogd > > works perfectly. Basically ulogd NFCT plugin directly communicates > > with conntrack system through nf_conntrack_netlink. This thing I have > > tested in my ubuntu system and works fine. Only problem is with RHEL5 > > system, because there is nf_conntrack_netlink module. > > > > -----Original Message----- > > From: netfilter-owner@xxxxxxxxxxxxxxx > > [mailto:netfilter-owner@xxxxxxxxxxxxxxx] On Behalf Of kay > > Sent: Friday, July 27, 2012 8:39 PM > > To: netfilter@xxxxxxxxxxxxxxx > > Subject: Re: ulogd - ip_conntrack_netlink - how to get it working one > > > > Could you please provide your iptables rules with ULOG action? > > > > 2012/7/28 Gomathivinayagam Muthuvinayagam <sankarmail@xxxxxxxxx>: > >> Thank you for your reply. > >> > >> Let me print the ulogd configurations here, so that I can describe my > >> problem better. > >> > >> # this is a stack for flow-based logging via LOGEMU > >> stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU > >> > >> [ct1] > >> netlink_socket_buffer_size=217088 > >> netlink_socket_buffer_maxsize=1085440 > >> #netlink_resync_timeout=60 # seconds to wait to perform > >> resynchronization > >> pollinterval=5 # use poll-based logging instead of event-driven > >> hash_enable=1 > >> > >> ulogd is running without any error messages. But, ulogd_syslogemu.log > >> has no contents. conntrack -E displays the flow perfectly. > >> > >> I tried to find out the cause of no content in the ulogd_syslogemu.log > >> in the log file. ulogd requires nf_conntrack_netlink subsystem/module. > >> In my linux version (RHEL 5), I dont have that. Instead of that I have > >> ip_conntrack_netlink module. > >> > >> 1) Is there any way that I can make ulogd to talk to > >> ip_conntrack_netlink, and whether ip_conntrack_netlink is equivalent > >> of nf_conntrack_netlink? > >> > >> 2) If (1) is not possible, can I able to include just the > >> nf_conntrack_netlink in RHEL5 without changing any existing > >> functionality? nf_conntrack_netlink and ip_conntrack_netlink can work > >> well simultaneously? > >> > >> 3) If (2) is not possible, what would be your advice on this? RHEL5 + > >> ip_conntrack_netlink is used in many servers(may be more than 1000 > >> servers) in my organization. Considering this, any change would cause > >> potential testing. So a simple solution would be easily accepted in my > >> organization. > >> > >> > >> -----Original Message----- > >> From: netfilter-owner@xxxxxxxxxxxxxxx > >> [mailto:netfilter-owner@xxxxxxxxxxxxxxx] On Behalf Of kay > >> Sent: Friday, July 27, 2012 8:12 PM > >> To: netfilter@xxxxxxxxxxxxxxx > >> Subject: Re: ulogd - ip_conntrack_netlink - how to get it working one > >> > >> Dear Gomathivinayagam, > >> > >> What exactly you would like to achieve and what you already achieved? > >> > >> What did you mean saying "capture flow based logging"? > >> > >> For example here is my ulog data: > >> > >> Jul 28 01:03:15 esagila DROP packet: IN=eth0 OUT= MAC=*** SRC=*** > >> DST=*** LEN=52 TOS=00 PREC=0x00 TTL=55 ID=37188 CE DF PROTO=TCP > >> SPT=51183 DPT=22 SEQ=2563245107 ACK=138246617 WINDOW=61 ACK URGP=0 > >> > >> Do you need something more with the packet data or what? > >> > >> 2012/7/28 Gomathivinayagam Muthuvinayagam <sankarmail@xxxxxxxxx>: > >>> I don’t know whether I’m asking stupid questions, but if someone > >>> could respond for this post, that will be great. > >>> > >>> Thanks & Regards, > >>> > >>> > >>> > >>> > >>> On Fri, Jul 27, 2012 at 7:26 PM, Gomathivinayagam Muthuvinayagam > >>> <sankarmail@xxxxxxxxx> wrote: > >>>> Hi, > >>>> > >>>> I have a RHEL 5 os in my system. I have setup ulogd in my local > >>>> system. I’m able to do packet capturing. > >>>> I’m not able to capture flow based logging. What I have found was, > >>>> in my system I don’t have nf_conntrack_netlink. > >>>> Instead I have ip_conntrack_netlink. Is that possible I can > >>>> incorporate nf_conntrack_netlink into RHEL5? And make ulogd to be > >>>> working one. > >>>> > >>>> Your help would be much appreciated. > >>>> > >>>> Thanks, > >>>> > >>>> > >>>> Thanks & Regards, > >>> -- > >>> To unsubscribe from this list: send the line "unsubscribe netfilter" > >>> in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo > >>> info at http://vger.kernel.org/majordomo-info.html > >> -- > >> To unsubscribe from this list: send the line "unsubscribe netfilter" > >> in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo > >> info at http://vger.kernel.org/majordomo-info.html > >> -- > >> To unsubscribe from this list: send the line "unsubscribe netfilter" > >> in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo > >> info at http://vger.kernel.org/majordomo-info.html > > -- > > To unsubscribe from this list: send the line "unsubscribe netfilter" > > in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo > > info at http://vger.kernel.org/majordomo-info.html > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Eric Leblond Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/
Attachment:
signature.asc
Description: This is a digitally signed message part
