Hi guys, I've been trying to get conntrack logging working with ulogd2 on a Ubuntu 4.4.0-59 generic kernel with no avail by following instructions gleaned from google searches. I'm hoping that someone here can set me on the right path: Here is what I have done: a) modprobe'd: nf_conntrack_ipv4, nf_conntrack_ipv6, modprobe nf_conntrack_netlink,xt_connmark, xt_NFLOG,xt_conntrack b) Iptables rules: -A INPUT -p tcp -j CONNMARK --set-xmark 0x10/0x10, -A OUTPUT -p tcp -j CONNMARK --set-xmark 0x10/0x10 c) The stack section of ulogd.conf looks like: stack=log:NFCT,mark:MARK,ip2str:IP2STR,print:PRINTFLOW,out:GPRINT Where the sections here look like: [log] accept_proto_filter=tcp [mark] mark=0x10 mask=0x10 [out] file="/var/log/ulog/ulogd_tcp.log" sync=1 However I get nothing at all in the log even though there are flows transitioning this host: conntrack -L|grep tcp conntrack v1.4.3 (conntrack-tools): 47 flow entries have been shown. tcp 6 431999 ESTABLISHED src=10.0.100.248 dst=10.0.33.244 sport=51890 dport=6666 src=10.0.33.244 dst=10.0.100.248 sport=6666 dport=51890 [ASSURED] mark=16 use=1 tcp 6 431999 ESTABLISHED src=10.0.100.248 dst=10.0.138.44 sport=22 dport=56405 src=10.0.138.44 dst=10.0.100.248 sport=56405 dport=22 [ASSURED] mark=16 use=1 tcp 6 431985 ESTABLISHED src=10.0.100.248 dst=173.225.26.234 sport=52066 dport=443 src=173.225.26.234 dst=10.0.100.248 sport=443 dport=52066 [ASSURED] mark=16 use=1 What could I be doing wrong? Are there better ways to do this? Note that ULOG has been removed in recent kernels. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
