On Dec 01, 2009, Fred Leeflang wrote: > Hi,
Hello, > We've recently hacked NFLOG support into vuurmuur. An old-ish writeup > of making psad work together with vuurmuur is here: > http://vuurmuur.org/trac/wiki/PSAD > > I tried to make psad work with vuurmuur/nflog again but there are two > issues stopping me from doing so: > > - I could not find any NFLOG support in psad. Maybe I've missed it. Is > it in there or are there any plans to hack it in psad? > - the netfilter core apparently does not do multicasting to multiple > applications listening to the same nflog-group. > > If there's no nflog support in psad but it's desirable I would like to > help as I have gained some experience with it (see > http://wordpress.3dn.nl/2009/11/25/iptabes-nflog-support-in-vuurmuur/) There is no support currently in psad for NFLOG, but I think that would be an interesting feature. I suppose the question would be whether to write a perl XS extension of libnetfilter_log (since a quick look at CPAN didn't turn up anything) so that psad can handle the data from the netlink socket itself, or if it would be better to have a lightweight C application that takes the data from the netlink socket and writes iptables LOG formatted data to a file or to stdout. The later would certainly be easier (especially when ulog2 is ready for general release I think), but do you see a compelling reason to have psad itself receive data from the netlink socket? Thanks, -- Michael Rash | Founder http://www.cipherdyne.org/ Key fingerprint: E2EF 0C8A 5AA9 654C 4763 B50F 37AC E946 7F51 8271 > > -Fred > > ------------------------------------------------------------------------------ > Join us December 9, 2009 for the Red Hat Virtual Experience, > a free event focused on virtualization and cloud computing. > Attend in-depth sessions from your desk. Your couch. Anywhere. > http://p.sf.net/sfu/redhat-sfdev2dev > _______________________________________________ > psad-discuss mailing list > psad-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/psad-discuss ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev _______________________________________________ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss
