Hi Steetharaman, On Fri, Jul 12, 2024 at 12:02:02PM +0530, Seetharaman wrote: > I am trying to use ulogd in the openwrt system to send the logs captured > using NFLOG to a remote syslog server. I don't think this is something that is implemented. You'd have to run a local syslogd which then forwards it to a remote machine. Or, alternatively, you would need to implement an output plugin that implements the remote syslog prtoocol (https://datatracker.ietf.org/doc/html/rfc5424). Should be rather easy: Simply open a UDP socket and then format the packets into strings and send it over said UDP socket. > I am using below ulogd configuration: > > [global] > loglevel="5" > logfile="/var/log/ulogd.log" > plugin="/usr/lib/ulogd/ulogd_inppkt_NFLOG.so" > plugin="/usr/lib/ulogd/ulogd_filter_IFINDEX.so" > plugin="/usr/lib/ulogd/ulogd_filter_IP2STR.so" > plugin="/usr/lib/ulogd/ulogd_filter_PRINTPKT.so" > plugin="/usr/lib/ulogd/ulogd_output_SYSLOG.so" > plugin="/usr/lib/ulogd/ulogd_raw2packet_BASE.so" > stack="log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG" > network="lan" > [log1] > group="1" > *[sys1]* > *host="10.0.0.1"* > *port="514"* where did you find the instructions that those config options are valid? Did you see any such example anywhere? http://git.netfilter.org/ulogd2/tree/output/ulogd_output_SYSLOG.c#n48 clearly only registers the "facility" and "level" options, and nothing else. > But the logs are being sent to the local syslog daemon instead of remote > syslog daemon. no surprise, as you're doing something the code clearly was not designed for, and which I don't believe we ever claimed should work. > Does ulogd_output_SYSLOG.so really supports remote logging? No. Why do you think it would? where did you find such information? -- - Harald Welte <laforge@xxxxxxxxxxxx> https://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)
