Hello all,
I'm trying to get prefix logged into pcap file, the same way as it is
done in syslog. Everything works out of the box with syslog, but it
doesn't with pcap format. I have enabled stack in ulogd.conf:
# this is a stack for NFLOG packet-based logging to PCAP
stack=log2:NFLOG,base1:BASE,pcap1:PCAP
[log2]
group=1
[pcap1]file="/var/log/ulogd.pcap"
sync=1
Loggin rule in nftables looks simple:
tcp dport {ssh} counter log prefix "IN" group 1 log prefix "_INPUT_"
group 2 accept
So, packets are logged: both in syslog and pcap. I can see prefix in
syslog with 'logread', but there is no prefix in pcap file when I
analyze it in Wireshark. Logging itself works ok. Any ideas what I'm
doing wrong?
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
