Thank you for your mail. Its difficult to upgrade the kernel. My question is whether ulogd will work with ip_conntrack_netlink. If you can answer the following questions, that would be very helpful. 1) Is there any way that I can make ulogd to talk to > > ip_conntrack_netlink, and whether ip_conntrack_netlink is equivalent > > of nf_conntrack_netlink? > > > > 2) If (1) is not possible, can I able to include just the > > nf_conntrack_netlink in RHEL5 without changing any existing > > functionality? nf_conntrack_netlink and ip_conntrack_netlink can work > > well simultaneously? > > > > 3) If (2) is not possible, what would be your advice on this? RHEL5 + > > ip_conntrack_netlink is used in many servers(may be more than 1000 > > servers) in my organization. Considering this, any change would cause > > potential testing. So a simple solution would be easily accepted in my > > organization. Thanks & Regards, On Sat, Jul 28, 2012 at 10:44 AM, Eric Leblond <eric@xxxxxxxxx> wrote: > Hello, > > Le vendredi 27 juillet 2012 à 20:43 -0700, Gomathivinayagam > Muthuvinayagam a écrit : >> For the flow based logging (NFCT plugin), without iptable rules ulogd >> works perfectly. Basically ulogd NFCT plugin directly communicates >> with conntrack system through nf_conntrack_netlink. This thing I have >> tested in my ubuntu system and works fine. Only problem is with RHEL5 >> system, because there is nf_conntrack_netlink module. > > Then all you can do is to upgrade your kernel... RHEL5 is almost from > previous century... > > BR, > >> >> -----Original Message----- >> From: netfilter-owner@xxxxxxxxxxxxxxx >> [mailto:netfilter-owner@xxxxxxxxxxxxxxx] On Behalf Of kay >> Sent: Friday, July 27, 2012 8:39 PM >> To: netfilter@xxxxxxxxxxxxxxx >> Subject: Re: ulogd - ip_conntrack_netlink - how to get it working one >> >> Could you please provide your iptables rules with ULOG action? >> >> 2012/7/28 Gomathivinayagam Muthuvinayagam <sankarmail@xxxxxxxxx>: >> > Thank you for your reply. >> > >> > Let me print the ulogd configurations here, so that I can describe my >> > problem better. >> > >> > # this is a stack for flow-based logging via LOGEMU >> > stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU >> > >> > [ct1] >> > netlink_socket_buffer_size=217088 >> > netlink_socket_buffer_maxsize=1085440 >> > #netlink_resync_timeout=60 # seconds to wait to perform >> > resynchronization >> > pollinterval=5 # use poll-based logging instead of event-driven >> > hash_enable=1 >> > >> > ulogd is running without any error messages. But, ulogd_syslogemu.log >> > has no contents. conntrack -E displays the flow perfectly. >> > >> > I tried to find out the cause of no content in the ulogd_syslogemu.log >> > in the log file. ulogd requires nf_conntrack_netlink subsystem/module. >> > In my linux version (RHEL 5), I dont have that. Instead of that I have >> > ip_conntrack_netlink module. >> > >> > 1) Is there any way that I can make ulogd to talk to >> > ip_conntrack_netlink, and whether ip_conntrack_netlink is equivalent >> > of nf_conntrack_netlink? >> > >> > 2) If (1) is not possible, can I able to include just the >> > nf_conntrack_netlink in RHEL5 without changing any existing >> > functionality? nf_conntrack_netlink and ip_conntrack_netlink can work >> > well simultaneously? >> > >> > 3) If (2) is not possible, what would be your advice on this? RHEL5 + >> > ip_conntrack_netlink is used in many servers(may be more than 1000 >> > servers) in my organization. Considering this, any change would cause >> > potential testing. So a simple solution would be easily accepted in my >> > organization. >> > >> > >> > -----Original Message----- >> > From: netfilter-owner@xxxxxxxxxxxxxxx >> > [mailto:netfilter-owner@xxxxxxxxxxxxxxx] On Behalf Of kay >> > Sent: Friday, July 27, 2012 8:12 PM >> > To: netfilter@xxxxxxxxxxxxxxx >> > Subject: Re: ulogd - ip_conntrack_netlink - how to get it working one >> > >> > Dear Gomathivinayagam, >> > >> > What exactly you would like to achieve and what you already achieved? >> > >> > What did you mean saying "capture flow based logging"? >> > >> > For example here is my ulog data: >> > >> > Jul 28 01:03:15 esagila DROP packet: IN=eth0 OUT= MAC=*** SRC=*** >> > DST=*** LEN=52 TOS=00 PREC=0x00 TTL=55 ID=37188 CE DF PROTO=TCP >> > SPT=51183 DPT=22 SEQ=2563245107 ACK=138246617 WINDOW=61 ACK URGP=0 >> > >> > Do you need something more with the packet data or what? >> > >> > 2012/7/28 Gomathivinayagam Muthuvinayagam <sankarmail@xxxxxxxxx>: >> >> I don’t know whether I’m asking stupid questions, but if someone >> >> could respond for this post, that will be great. >> >> >> >> Thanks & Regards, >> >> >> >> >> >> >> >> >> >> On Fri, Jul 27, 2012 at 7:26 PM, Gomathivinayagam Muthuvinayagam >> >> <sankarmail@xxxxxxxxx> wrote: >> >>> Hi, >> >>> >> >>> I have a RHEL 5 os in my system. I have setup ulogd in my local >> >>> system. I’m able to do packet capturing. >> >>> I’m not able to capture flow based logging. What I have found was, >> >>> in my system I don’t have nf_conntrack_netlink. >> >>> Instead I have ip_conntrack_netlink. Is that possible I can >> >>> incorporate nf_conntrack_netlink into RHEL5? And make ulogd to be >> >>> working one. >> >>> >> >>> Your help would be much appreciated. >> >>> >> >>> Thanks, >> >>> >> >>> >> >>> Thanks & Regards, >> >> -- >> >> To unsubscribe from this list: send the line "unsubscribe netfilter" >> >> in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo >> >> info at http://vger.kernel.org/majordomo-info.html >> > -- >> > To unsubscribe from this list: send the line "unsubscribe netfilter" >> > in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo >> > info at http://vger.kernel.org/majordomo-info.html >> > -- >> > To unsubscribe from this list: send the line "unsubscribe netfilter" >> > in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo >> > info at http://vger.kernel.org/majordomo-info.html >> -- >> To unsubscribe from this list: send the line "unsubscribe netfilter" >> in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo >> info at http://vger.kernel.org/majordomo-info.html >> -- >> To unsubscribe from this list: send the line "unsubscribe netfilter" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- > Eric Leblond > Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/ -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
