I am trying to get Ulogd (2.05 compiled from git) working with MySQL
(mariadb-5.5.44-1).
I created a DB (ulogd). Populated the database using the
mysql-ulogd2.sql schema file. I created a user (ulogd_user) with full
access to that database.
/etc/ulogd.conf
<SNIP>
.
.
plugin="/usr/lib64/ulogd/ulogd_output_MYSQL.so"
stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL
[log2]
group=1
[mysql1]
db="ulogd"
host="localhost"
user="ulogd_user"
table="ulog"
pass="secret"
procedure="INSERT_PACKET_FULL"
.
.
</SNIP>
ls -ld /usr/lib64/ulogd/ulogd_output_MYSQL.so
-rwxr-xr-x. 1 root root 63972 Aug 25 16:38
/usr/lib64/ulogd/ulogd_output_MYSQL.so
I also enabled LOGEMU:
stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
[log1]
group=0
[emu1]
file="/var/log/ulogd/ulogd_syslogemu.log"
sync=1
Below is the output from ulogd.log when starting ulogd.
/var/log/ulogd/ulogd.log
<SNIP>
Tue Aug 25 16:39:53 2015 <5> ulogd.c:843 building new pluginstance
stack:
'log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU'
Tue Aug 25 16:39:53 2015 <5> ulogd_inppkt_NFLOG.c:503 forcing unbind of
existing log handler for protocol 2
Tue Aug 25 16:39:53 2015 <5> ulogd_inppkt_NFLOG.c:503 forcing unbind of
existing log handler for protocol 10
Tue Aug 25 16:39:53 2015 <5> ulogd_inppkt_NFLOG.c:503 forcing unbind of
existing log handler for protocol 7
Tue Aug 25 16:39:53 2015 <5> ulogd.c:843 building new pluginstance
stack:
'log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2bin1:IP2BIN,mac2str1:HWHDR,mysql1:MYSQL'
Tue Aug 25 16:39:53 2015 <5> ../../util/db.c:151 (re)configuring
Tue Aug 25 16:39:53 2015 <5> ../../util/db.c:206 starting
</SNIP>
The LOGEMU is working as expected and data is being written to
/var/log/ulogd/ulogd_syslogemu.log.
I have logged into MySQL successfully with the user credentials
specified in the [mysql1] stanza. I was not certain which "table" to
use, but I read on-line that the ulog "view" was the correct table to
use.
As logging to file is working, I am assuming NFLOG is working, iptables
configured correctly, Ulogd is up and running, and at least one output
plugin is working correctly. Unfortunately, nothing is getting logged
to MySQL database.
Can you find the error in this configuration?
Thank You
Scott
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
