Re: Anyone using ulogd?
Vineet Kumar <[EMAIL PROTECTED]> writes: > * Gary Hennigan ([EMAIL PROTECTED]) [020501 14:35]: > > I've tried everything! The console messages I could live with, but > > losing the important stuff in dmesg output was the killer. So much > > stuff from iptables that the important stuff in dmesg output was > > pushed off the top. Unfortunately *nothing* I tried would get rid of > > Do you not have a /var/log/dmesg ? It should be created in > /etc/init.d/bootmisc with all the info in the ring at that point (which > is just the boot messages). It's not a solution, but maybe it's a > workaround for you. If you're looking specifically for messages since > boot, this won't help you at all. It's a matter of what "the important > stuff" you refer to is. Thanks for that info Vineet! I did not know that dmesg output was stored in that file during boot. Of course I got ulog to work so it's not an issue any more, but it's nice to know about /var/log/dmesg anyway! Gary -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Anyone using ulogd?
* Gary Hennigan ([EMAIL PROTECTED]) [020501 14:35]: > I've tried everything! The console messages I could live with, but > losing the important stuff in dmesg output was the killer. So much > stuff from iptables that the important stuff in dmesg output was > pushed off the top. Unfortunately *nothing* I tried would get rid of Do you not have a /var/log/dmesg ? It should be created in /etc/init.d/bootmisc with all the info in the ring at that point (which is just the boot messages). It's not a solution, but maybe it's a workaround for you. If you're looking specifically for messages since boot, this won't help you at all. It's a matter of what "the important stuff" you refer to is. good times, Vineet -- Currently seeking opportunities in the SF Bay Area Please see http://www.doorstop.net/resume.shtml pgps31Z6hw1f5.pgp Description: PGP signature
Re: Anyone using ulogd?
"Jonathan Matthews" <[EMAIL PROTECTED]> writes: > On Wed, May 01, 2002 at 04:30:24PM -0600, Gary Hennigan wrote: [snip] > > I also did something I wasn't sure was/is necessary. I recompiled my > > 2.4.18 kernel with CONFIG_NETLINK_DEV=y it's in the networking options > > if you're using xconfig or menuconfig. After booting that kernel I > [snip] > > Silly question maybe - did you compile ULOG target support into > the kernel? > Do you modprobe/insmod it if it's a module? > > Just a thought ... That's an important point to make for others. You need this! Of course I always compile all the iptables options as modules so I knew that wasn't my problem. Indeed one of the first things I checked when it wasn't working was that ipt_ULOG was there when doing "lsmod". My problem, I'm convinced, is something in the patch that the package developer for ulogd did, because the "virgin" copy works just fine. I've spent enough time on it at this point that I'm not going to look to find specifics. I'll probably add my info to the bug filed against ulogd though. Gary -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Anyone using ulogd?
On Wed, May 01, 2002 at 04:30:24PM -0600, Gary Hennigan wrote: > "Alan Poulton" <[EMAIL PROTECTED]> writes: > > Wednesday, May 01, 2002, 2:42:15 PM, Gary Hennigan wrote: > > > > > Okay. I lied a bit here. I compiled from source but I used > > > dpkg-buildpackage, so it applied the Debian patches. This time I > > > compiled just the straight source, without dpkg-buildpackage and using > > > the usual ./configure and now ulogd is working, pumping out iptables > > > output to /var/log/ulogd.syslogemu like a champ. Apparently there's > > > some problem with the Debian patches to ulogd. So I installed the > > > Debian package and just overwrote /usr/sbin/ulogd with the version I > > > compiled and it's working and *finally* iptables is putting it's crud > > > into my ring buffer. > > > > So, does this mean that you got it running? I'm wanting to install > > Ulogd for the same reason, to get the firewall messages out of dmesg and > > (hopefully) syslog. So that way, I can review the firewall messages by > > themselves without sorting through other messages. I am currently > > running kernel 2.4.17, but I downloaded the sources for IPTables and > > Kernel 2.4.18, then followed the instructions for patching IPTables, and > > have now just completed the compile of the kernel.. > > > > What command do you use in your firewall script to enable ULog? > > Yep, it's running exactly as it should and I'm getting iptables > logging in exactly *one* place, /var/log/ulogd.syslogemu. No ring > buffer (dmesg), no console, no syslog. Finally!! > > In my iptables script, which was pretty much generated via fwbuilder > BTW, there are two rules that I log. Here's an example chain named > RULE_0: > > iptables -N RULE_0 > iptables -A INPUT -j RULE_0 -f > iptables -A RULE_0 -j ULOG > iptables -A RULE_0 -j DROP > > I also did something I wasn't sure was/is necessary. I recompiled my > 2.4.18 kernel with CONFIG_NETLINK_DEV=y it's in the networking options > if you're using xconfig or menuconfig. After booting that kernel I [snip] Silly question maybe - did you compile ULOG target support into the kernel? Do you modprobe/insmod it if it's a module? Just a thought ... jc -- It may stop, it may not. And stop calling me "dj". -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Re[2]: Anyone using ulogd?
"Alan Poulton" <[EMAIL PROTECTED]> writes: > Wednesday, May 01, 2002, 2:42:15 PM, Gary Hennigan wrote: > > > Okay. I lied a bit here. I compiled from source but I used > > dpkg-buildpackage, so it applied the Debian patches. This time I > > compiled just the straight source, without dpkg-buildpackage and using > > the usual ./configure and now ulogd is working, pumping out iptables > > output to /var/log/ulogd.syslogemu like a champ. Apparently there's > > some problem with the Debian patches to ulogd. So I installed the > > Debian package and just overwrote /usr/sbin/ulogd with the version I > > compiled and it's working and *finally* iptables is putting it's crud > > into my ring buffer. > > So, does this mean that you got it running? I'm wanting to install > Ulogd for the same reason, to get the firewall messages out of dmesg and > (hopefully) syslog. So that way, I can review the firewall messages by > themselves without sorting through other messages. I am currently > running kernel 2.4.17, but I downloaded the sources for IPTables and > Kernel 2.4.18, then followed the instructions for patching IPTables, and > have now just completed the compile of the kernel.. > > What command do you use in your firewall script to enable ULog? Yep, it's running exactly as it should and I'm getting iptables logging in exactly *one* place, /var/log/ulogd.syslogemu. No ring buffer (dmesg), no console, no syslog. Finally!! In my iptables script, which was pretty much generated via fwbuilder BTW, there are two rules that I log. Here's an example chain named RULE_0: iptables -N RULE_0 iptables -A INPUT -j RULE_0 -f iptables -A RULE_0 -j ULOG iptables -A RULE_0 -j DROP I also did something I wasn't sure was/is necessary. I recompiled my 2.4.18 kernel with CONFIG_NETLINK_DEV=y it's in the networking options if you're using xconfig or menuconfig. After booting that kernel I did: cd /dev MAKDEV netlink Again, not sure if that was necessary. I read some mention of ulog using netlink and when I couldn't get it to work before I tried the stuff above. Now I know at least one problem is the ulogd distributed in the Debian package. The stuff above may also have been necessary. I don't think you need to patch 2.4.18. I didn't. My understanding is that any version less than 2.4.18 requires the patch. There's a Debian package for that patch, BTW. I didn't install it, but I saw dselect was trying to install it when I installed ulogd via dselect. It's a "Recommend" so I don't think apt will try to install it. One last "again". I installed the Debian package then got the source, via apt-get source ulogd, unpacked the ulogd_0.97.orig.tar.gz ran ./configure --sysconfdir=/etc make and wrote over /usr/sbin/ulogd with the resulting binary from the above make. Gary -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re[2]: Anyone using ulogd?
Wednesday, May 01, 2002, 2:42:15 PM, Gary Hennigan wrote: > Okay. I lied a bit here. I compiled from source but I used > dpkg-buildpackage, so it applied the Debian patches. This time I > compiled just the straight source, without dpkg-buildpackage and using > the usual ./configure and now ulogd is working, pumping out iptables > output to /var/log/ulogd.syslogemu like a champ. Apparently there's > some problem with the Debian patches to ulogd. So I installed the > Debian package and just overwrote /usr/sbin/ulogd with the version I > compiled and it's working and *finally* iptables is putting it's crud > into my ring buffer. So, does this mean that you got it running? I'm wanting to install Ulogd for the same reason, to get the firewall messages out of dmesg and (hopefully) syslog. So that way, I can review the firewall messages by themselves without sorting through other messages. I am currently running kernel 2.4.17, but I downloaded the sources for IPTables and Kernel 2.4.18, then followed the instructions for patching IPTables, and have now just completed the compile of the kernel.. What command do you use in your firewall script to enable ULog? -- - Alan Poulton ([EMAIL PROTECTED]) - A man who correctly guesses a woman's age may be smart but he's not very bright. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Anyone using ulogd?
I wrote: [snip] > I decided to surrender and use ULOG instead, but now I get > nothing. I've installed the testing "ulogd" package and tried > installing the original source, with the same result, no > output. There's a Debian bug filed against this behavior (#132675 & > #1356688) but I'm not hopeful since the bugs are pretty old. Okay. I lied a bit here. I compiled from source but I used dpkg-buildpackage, so it applied the Debian patches. This time I compiled just the straight source, without dpkg-buildpackage and using the usual ./configure and now ulogd is working, pumping out iptables output to /var/log/ulogd.syslogemu like a champ. Apparently there's some problem with the Debian patches to ulogd. So I installed the Debian package and just overwrote /usr/sbin/ulogd with the version I compiled and it's working and *finally* iptables is putting it's crud into my ring buffer. Gary -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Anyone using ulogd?
"Jamin W.Collins" <[EMAIL PROTECTED]> writes: > On 01 May 2002 14:58:21 -0600 > "Gary Hennigan" <[EMAIL PROTECTED]> wrote: > > > Since I got no responses to my query about stopping iptables from > > logging crud to the ring buffer (dmesg output) > > Not sure if this pertains to the dmesg output too, but to stop the > iptables log entries from spewing out the console, I needed to add a "-c > 4" to the KLOGD setting in "/etc/init.d/klogd" and restart the klogd > script. > > (snip) > > > I can > > replace ULOG with LOG and get output (to just about everything, dmesg > > output, console, syslog, etc., > > Looks like you too were getting messages to the console. So, the above > change may help. I've tried everything! The console messages I could live with, but losing the important stuff in dmesg output was the killer. So much stuff from iptables that the important stuff in dmesg output was pushed off the top. Unfortunately *nothing* I tried would get rid of it. I changed to "-c 4" a while ago, but output was still going to the ring buffer (what's apparently shown in the output of dmesg). In fact I killed klogd entirely and *still* got the iptables output shoved into dmesg output. I decided to surrender and use ULOG instead, but now I get nothing. I've installed the testing "ulogd" package and tried installing the original source, with the same result, no output. There's a Debian bug filed against this behavior (#132675 & #1356688) but I'm not hopeful since the bugs are pretty old. Gary -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Anyone using ulogd?
On 01 May 2002 14:58:21 -0600 "Gary Hennigan" <[EMAIL PROTECTED]> wrote: > Since I got no responses to my query about stopping iptables from > logging crud to the ring buffer (dmesg output) Not sure if this pertains to the dmesg output too, but to stop the iptables log entries from spewing out the console, I needed to add a "-c 4" to the KLOGD setting in "/etc/init.d/klogd" and restart the klogd script. (snip) > I can > replace ULOG with LOG and get output (to just about everything, dmesg > output, console, syslog, etc., Looks like you too were getting messages to the console. So, the above change may help. -- Jamin W. Collins -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Anyone using ulogd?
Since I got no responses to my query about stopping iptables from logging crud to the ring buffer (dmesg output) I decided to give ulogd a try. Unfortunately it logs absolutely nothing but start/stop messages to /var/log/ulogd.log. I know that ulogd used to require a kernel patch, but thought this has changed in the 2.4.18 kernel, which is what I'm running. Is anyone else using ulogd with a 2.4.18 kernel? What was involved in getting it to log iptables output? Did you have to apply a kernel patch? I have ULOG as a target in my iptables setup script, and I can replace ULOG with LOG and get output (to just about everything, dmesg output, console, syslog, etc., which is why I'm trying ulogd), so I know the rules are acting the way they're supposed to. I'm stumped. Any help appreciated. Gary -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]