Thanks Muhammad The ulogd2 modules are all loading without error. What is confusing to me is that I am seeing flow entries in conntrack but nothing out of ulogd2. I am running on a host with bridged mode and trying to track VM to VM flows, so I am not sure if that has something to do with it. However since the output of conntrack -L makes sense, I just don't understand why ulogd2 doesn't print the same information. On Mon, Mar 13, 2017 at 11:39 AM, Muhammad Faisal <faisalusuf@xxxxxxxxx> wrote: > When starting ulogd2, all the modules are loading without error? If you have > flow entries as shown in conntrack -L output ulogd2 should print the flows. > > > On Mar 13, 2017 23:09, "V Kurien" <kurien.varugis@xxxxxxxxx> wrote: >> >> Hi guys, >> I've been trying to get conntrack logging working with ulogd2 on a >> Ubuntu 4.4.0-59 generic kernel with no avail by following instructions >> gleaned from google searches. I'm hoping that someone here can set me >> on the right path: >> >> Here is what I have done: >> >> a) modprobe'd: nf_conntrack_ipv4, nf_conntrack_ipv6, modprobe >> nf_conntrack_netlink,xt_connmark, xt_NFLOG,xt_conntrack >> b) Iptables rules: -A INPUT -p tcp -j CONNMARK --set-xmark 0x10/0x10, >> -A OUTPUT -p tcp -j CONNMARK --set-xmark 0x10/0x10 >> c) The stack section of ulogd.conf looks like: >> stack=log:NFCT,mark:MARK,ip2str:IP2STR,print:PRINTFLOW,out:GPRINT >> >> Where the sections here look like: >> [log] >> accept_proto_filter=tcp >> [mark] >> mark=0x10 >> mask=0x10 >> [out] >> file="/var/log/ulog/ulogd_tcp.log" >> sync=1 >> >> >> However I get nothing at all in the log even though there are flows >> transitioning this host: >> >> conntrack -L|grep tcp >> conntrack v1.4.3 (conntrack-tools): 47 flow entries have been shown. >> tcp 6 431999 ESTABLISHED src=10.0.100.248 dst=10.0.33.244 >> sport=51890 dport=6666 src=10.0.33.244 dst=10.0.100.248 sport=6666 >> dport=51890 [ASSURED] mark=16 use=1 >> tcp 6 431999 ESTABLISHED src=10.0.100.248 dst=10.0.138.44 >> sport=22 dport=56405 src=10.0.138.44 dst=10.0.100.248 sport=56405 >> dport=22 [ASSURED] mark=16 use=1 >> tcp 6 431985 ESTABLISHED src=10.0.100.248 dst=173.225.26.234 >> sport=52066 dport=443 src=173.225.26.234 dst=10.0.100.248 sport=443 >> dport=52066 [ASSURED] mark=16 use=1 >> >> What could I be doing wrong? Are there better ways to do this? Note >> that ULOG has been removed in recent kernels. >> -- >> To unsubscribe from this list: send the line "unsubscribe netfilter" in >> the body of a message to majordomo@xxxxxxxxxxxxxxx >> More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
