http://www.linuxfromscratch.org/hints/downloads/files/ulogd.txt
AUTHOR: Thomas Trepl <[EMAIL PROTECTED]>
DATE: 2003-11-01
LICENSE: GNU Free Documentation License Version 1.2
SYNOPSIS: Setup ULOG daemon
DESCRIPTION: How to setup the ULOG daemon
PREREQUISITES: Kernel >= 2.4.18-pre8 recommended
otherwise a patch required
HINT:
Introduction to ULOG daemon
The ULOG the user space log facility for iptables. With this package, you can store
the log entries normally stored in the kernel.log file in another file which
Download location for the ULOG daemon package:
ftp://ftp.netfilter.org/pub/ulogd/ulogd-1.02.tar.bz2
If you have a kernel older than 2.4.18-pre8 than the ulog-patch is required. For
this, see the netfilter page (http://www.netfilter.org).
Unpacking the tarball
---------------------
Extract the source package by executing this command
tar -xjf <your-pkg-dir>/ulogd-1.02.tar.bz2
Than, you should have the directory 'ulogd-1.02' in the current directory.
Configuring
-----------
CD into the directory newly created by the above tar command and do a
./configure --prefix=/usr --sysconfdir=/etc
As all of the LFS/BLFS packages we will go to install this package in /usr, too.
If you don't want that, just leave the --prefix out - than it will be installed
in /usr/local. With the --sysconfdir=/etc we ensure, that the configuration file
will be stored in /etc and not in /usr/etc.
Building the binaries
---------------------
After configuring we do the well known sequence of
make &&
make install
Creating startup script
-----------------------
To start the ULOG daemon when system is (re-)started, create the startup script:
cat > /etc/rc.d/init.d/ulogd <<"EOF"
#!/bin/sh
# Begin $rc_base/init.d/ulogd
# Based on sysklogd script from LFS-3.1 and earlier.
# Rewritten by Gerard Beekmans - [EMAIL PROTECTED]
source /etc/sysconfig/rc
source $rc_functions
case "$1" in
start)
echo "Starting ULOG daemon..."
loadproc ulogd -d
evaluate_retval
;;
stop)
echo "Stopping ULOG daemon..."
killproc ulogd
evaluate_retval
;;
reload)
echo "Reloading ULOG daemon..."
reloadproc ulogd
evaluate_retval
;;
restart)
$0 stop
sleep 1
$0 start
;;
status)
statusproc ulogd
;;
*)
echo "Usage: $0 {start|stop|reload|restart|status}"
exit 1
;;
esac
# End $rc_base/init.d/ulogd
EOF
Don't forget to make it executable by issuing
chmod 754 /etc/rc.d/init.d/ulogd
and create the links for the different runlevels:
ln -sf ../init.d/ulogd /etc/rc.d/rc0.d/K95ulogd
ln -sf ../init.d/ulogd /etc/rc.d/rc1.d/K95ulogd
ln -sf ../init.d/ulogd /etc/rc.d/rc2.d/K95ulogd
ln -sf ../init.d/ulogd /etc/rc.d/rc3.d/S12ulogd
ln -sf ../init.d/ulogd /etc/rc.d/rc4.d/S12ulogd
ln -sf ../init.d/ulogd /etc/rc.d/rc5.d/S12ulogd
ln -sf ../init.d/ulogd /etc/rc.d/rc6.d/K95ulogd
Patching the conf-file
----------------------
With the first installation, you will get a configuration file placed in
/etc/ulogd.conf. This configuration file is usable (at least for me) but there
are some links to wrong directories in it. Simply do a
sed -i -e 's;/usr/local/;/usr/;g' /etc/ulogd.conf
to remove the /usr/local directory references and insert the /usr instead. If
you have installed your ULOG daemon un /usr/local, than of course, do not do
this sed.
Example for firewall scripts
----------------------------
In my firewall start script, there is a definition which allowes me to do an
outbound connection to port 888 (cddb). In (seldom activated) verbose mode, my
script will generate the following lines to enable this:
/usr/sbin/iptables -A OUTPUT -o ppp+ -p tcp --dport 888 \
-j ULOG --ulog-prefix "ACCEPT:O:CDDB "
/usr/sbin/iptables -A OUTPUT -o ppp+ -p tcp --dport 888 -j ACCEPT
Note the rest of the first command, which is folded into the second line. This
is the definition to pass the log info to ULOG.
The log files
-------------
When using the default configuration file, there will be two new logfiles in
/var/log. This logfiles are
ulogd.log - for logging ulogd's activities
and
ulogd.syslogemu - there will the log infos go to
VERSION: 1.0
CHANGELOG: 1.0 Creation
|
