Thank you so much for your quick reply. I will try to debug this. If you have any suggestions in debugging, please let me know. Thanks & Regards, On Sat, Jul 28, 2012 at 12:41 PM, Eric Leblond <eric@xxxxxxxxx> wrote: > Hello > > This is an alias: ip_conntrack_net link and nf* are the same. > However there could be an issue if kernel is too old. Some specific params could not work. > > BR > > Gomathivinayagam Muthuvinayagam <sankarmail@xxxxxxxxx> a écrit : > >>Thank you for your mail. Its difficult to upgrade the kernel. My >>question is whether ulogd will work with ip_conntrack_netlink. >>If you can answer the following questions, that would be very helpful. >> >> 1) Is there any way that I can make ulogd to talk to >>> > ip_conntrack_netlink, and whether ip_conntrack_netlink is equivalent >>> > of nf_conntrack_netlink? >>> > >>> > 2) If (1) is not possible, can I able to include just the >>> > nf_conntrack_netlink in RHEL5 without changing any existing >>> > functionality? nf_conntrack_netlink and ip_conntrack_netlink can work >>> > well simultaneously? >>> > >>> > 3) If (2) is not possible, what would be your advice on this? RHEL5 + >>> > ip_conntrack_netlink is used in many servers(may be more than 1000 >>> > servers) in my organization. Considering this, any change would cause >>> > potential testing. So a simple solution would be easily accepted in my >>> > organization. >> >> >>Thanks & Regards, >> >> >> >> >>On Sat, Jul 28, 2012 at 10:44 AM, Eric Leblond <eric@xxxxxxxxx> wrote: >>> Hello, >>> >>> Le vendredi 27 juillet 2012 à 20:43 -0700, Gomathivinayagam >>> Muthuvinayagam a écrit : >>>> For the flow based logging (NFCT plugin), without iptable rules ulogd >>>> works perfectly. Basically ulogd NFCT plugin directly communicates >>>> with conntrack system through nf_conntrack_netlink. This thing I have >>>> tested in my ubuntu system and works fine. Only problem is with RHEL5 >>>> system, because there is nf_conntrack_netlink module. >>> >>> Then all you can do is to upgrade your kernel... RHEL5 is almost from >>> previous century... >>> >>> BR, >>> >>>> >>>> -----Original Message----- >>>> From: netfilter-owner@xxxxxxxxxxxxxxx >>>> [mailto:netfilter-owner@xxxxxxxxxxxxxxx] On Behalf Of kay >>>> Sent: Friday, July 27, 2012 8:39 PM >>>> To: netfilter@xxxxxxxxxxxxxxx >>>> Subject: Re: ulogd - ip_conntrack_netlink - how to get it working one >>>> >>>> Could you please provide your iptables rules with ULOG action? >>>> >>>> 2012/7/28 Gomathivinayagam Muthuvinayagam <sankarmail@xxxxxxxxx>: >>>> > Thank you for your reply. >>>> > >>>> > Let me print the ulogd configurations here, so that I can describe my >>>> > problem better. >>>> > >>>> > # this is a stack for flow-based logging via LOGEMU >>>> > stack=ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU >>>> > >>>> > [ct1] >>>> > netlink_socket_buffer_size=217088 >>>> > netlink_socket_buffer_maxsize=1085440 >>>> > #netlink_resync_timeout=60 # seconds to wait to perform >>>> > resynchronization >>>> > pollinterval=5 # use poll-based logging instead of event-driven >>>> > hash_enable=1 >>>> > >>>> > ulogd is running without any error messages. But, ulogd_syslogemu.log >>>> > has no contents. conntrack -E displays the flow perfectly. >>>> > >>>> > I tried to find out the cause of no content in the ulogd_syslogemu.log >>>> > in the log file. ulogd requires nf_conntrack_netlink subsystem/module. >>>> > In my linux version (RHEL 5), I dont have that. Instead of that I have >>>> > ip_conntrack_netlink module. >>>> > >>>> > 1) Is there any way that I can make ulogd to talk to >>>> > ip_conntrack_netlink, and whether ip_conntrack_netlink is equivalent >>>> > of nf_conntrack_netlink? >>>> > >>>> > 2) If (1) is not possible, can I able to include just the >>>> > nf_conntrack_netlink in RHEL5 without changing any existing >>>> > functionality? nf_conntrack_netlink and ip_conntrack_netlink can work >>>> > well simultaneously? >>>> > >>>> > 3) If (2) is not possible, what would be your advice on this? RHEL5 + >>>> > ip_conntrack_netlink is used in many servers(may be more than 1000 >>>> > servers) in my organization. Considering this, any change would cause >>>> > potential testing. So a simple solution would be easily accepted in my >>>> > organization. >>>> > >>>> > >>>> > -----Original Message----- >>>> > From: netfilter-owner@xxxxxxxxxxxxxxx >>>> > [mailto:netfilter-owner@xxxxxxxxxxxxxxx] On Behalf Of kay >>>> > Sent: Friday, July 27, 2012 8:12 PM >>>> > To: netfilter@xxxxxxxxxxxxxxx >>>> > Subject: Re: ulogd - ip_conntrack_netlink - how to get it working one >>>> > >>>> > Dear Gomathivinayagam, >>>> > >>>> > What exactly you would like to achieve and what you already achieved? >>>> > >>>> > What did you mean saying "capture flow based logging"? >>>> > >>>> > For example here is my ulog data: >>>> > >>>> > Jul 28 01:03:15 esagila DROP packet: IN=eth0 OUT= MAC=*** SRC=*** >>>> > DST=*** LEN=52 TOS=00 PREC=0x00 TTL=55 ID=37188 CE DF PROTO=TCP >>>> > SPT=51183 DPT=22 SEQ=2563245107 ACK=138246617 WINDOW=61 ACK URGP=0 >>>> > >>>> > Do you need something more with the packet data or what? >>>> > >>>> > 2012/7/28 Gomathivinayagam Muthuvinayagam <sankarmail@xxxxxxxxx>: >>>> >> I don’t know whether I’m asking stupid questions, but if someone >>>> >> could respond for this post, that will be great. >>>> >> >>>> >> Thanks & Regards, >>>> >> >>>> >> >>>> >> >>>> >> >>>> >> On Fri, Jul 27, 2012 at 7:26 PM, Gomathivinayagam Muthuvinayagam >>>> >> <sankarmail@xxxxxxxxx> wrote: >>>> >>> Hi, >>>> >>> >>>> >>> I have a RHEL 5 os in my system. I have setup ulogd in my local >>>> >>> system. I’m able to do packet capturing. >>>> >>> I’m not able to capture flow based logging. What I have found was, >>>> >>> in my system I don’t have nf_conntrack_netlink. >>>> >>> Instead I have ip_conntrack_netlink. Is that possible I can >>>> >>> incorporate nf_conntrack_netlink into RHEL5? And make ulogd to be >>>> >>> working one. >>>> >>> >>>> >>> Your help would be much appreciated. >>>> >>> >>>> >>> Thanks, >>>> >>> >>>> >>> >>>> >>> Thanks & Regards, >>>> >> -- >>>> >> To unsubscribe from this list: send the line "unsubscribe netfilter" >>>> >> in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo >>>> >> info at http://vger.kernel.org/majordomo-info.html >>>> > -- >>>> > To unsubscribe from this list: send the line "unsubscribe netfilter" >>>> > in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo >>>> > info at http://vger.kernel.org/majordomo-info.html >>>> > -- >>>> > To unsubscribe from this list: send the line "unsubscribe netfilter" >>>> > in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo >>>> > info at http://vger.kernel.org/majordomo-info.html >>>> -- >>>> To unsubscribe from this list: send the line "unsubscribe netfilter" >>>> in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo >>>> info at http://vger.kernel.org/majordomo-info.html >>>> -- >>>> To unsubscribe from this list: send the line "unsubscribe netfilter" in >>>> the body of a message to majordomo@xxxxxxxxxxxxxxx >>>> More majordomo info at http://vger.kernel.org/majordomo-info.html >>> >>> -- >>> Eric Leblond >>> Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/ -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
