Re: Regarding ulogd_output_SYSLOG.so

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Steetharaman,

On Fri, Jul 12, 2024 at 12:02:02PM +0530, Seetharaman wrote:
>    I am trying to use ulogd in the openwrt system to send the logs captured
> using NFLOG to a remote syslog server.

I don't think this is something that is implemented. You'd have to run a local syslogd
which then forwards it to a remote machine.

Or, alternatively, you would need to implement an output plugin that implements the remote syslog
prtoocol (https://datatracker.ietf.org/doc/html/rfc5424).  Should be rather easy: Simply open a UDP
socket and then format the packets into strings and send it over said UDP socket.

> I am using below ulogd configuration:
> 
> [global]
> loglevel="5"
> logfile="/var/log/ulogd.log"
> plugin="/usr/lib/ulogd/ulogd_inppkt_NFLOG.so"
> plugin="/usr/lib/ulogd/ulogd_filter_IFINDEX.so"
> plugin="/usr/lib/ulogd/ulogd_filter_IP2STR.so"
> plugin="/usr/lib/ulogd/ulogd_filter_PRINTPKT.so"
> plugin="/usr/lib/ulogd/ulogd_output_SYSLOG.so"
> plugin="/usr/lib/ulogd/ulogd_raw2packet_BASE.so"
> stack="log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,sys1:SYSLOG"
> network="lan"
> [log1]
> group="1"


> *[sys1]*
> *host="10.0.0.1"*
> *port="514"*

where did you find the instructions that those config options are valid?  Did you see
any such example anywhere?

http://git.netfilter.org/ulogd2/tree/output/ulogd_output_SYSLOG.c#n48
clearly only registers the "facility" and "level" options, and nothing else.

> But the logs are being sent to the local syslog daemon instead of remote
> syslog daemon.

no surprise, as you're doing something the code clearly was not designed for, and which I don't believe
we ever claimed should work.

> Does ulogd_output_SYSLOG.so  really supports remote logging?

No. Why do you think it would? where did you find such information?

-- 
- Harald Welte <laforge@xxxxxxxxxxxx>          https://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
                                                  (ETSI EN 300 175-7 Ch. A6)




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux