Hi Wanye
Thanks for the replay!
Was wonder if NFLOG support accounting module.
At least shorewall support this according to
http://www.shorewall.net/shorewall-accounting.html
but I didn't manage to make it working
Thanks
Sassy
On Sat, Nov 2, 2013 at 1:34 AM, Wayne S <[email protected]> wrote:
> At 10/31/2013 08:56 AM, you wrote:
>
> Hi Group,
>
> Congratulation about shorewall.org !
> No question shorewall is the best tool I know for playing with iptables
> rules!
>
> Second I wonder if any one can help me with the following:
>
> 1. I'm trying to configure a rule with the NFLOG option.
> I manage to make it work with ULOG withouy any problem, but making it with
> NFLOG doesn't seems to work :-(
> My question is if the netfilter userspace log daemon (ULOG) knows how to
> capture NFLOG msg.
> At the moment I'm using ULOG version 1.X.
> Is this only supported via ULOG version 2.0?
>
> I'm using ulog version 1 cause this is the native version my CentOS
> machine support, and install it from source requires me to update a lot of
> packages with I want to avoid.
>
> 2. What is the true different between ULOG to NFLOG?
>
> 3. I'm not sure I got it right from the documentation at
> http://www.shorewall.net/shorewall_logging.html
>
> Where I configure the shorewall LEVEL?
> It says is has the following:
>
>
> *debug,info,error, etc.... *
> but I don't see where to change it under the shore-wall configuration
>
> 4. A rule like this
> ACCEPT:info(tcp_options,ip_options,macdecode,tcp_sequence) fw
> all all
>
> Doesn't seems to work.
> I'm getting Invalid log level
> (info(tcp_options,ip_options,macdecode,tcp_sequence)
>
> Why? any idea?
>
> 5. Under ULOG, u have the option to configure nlgroup. the default is 1,
> but say I want to have nlgroup=2 and nlgroup=3, so nlgroup=1 will save logs
> to file 1.log nlgroup=2 to 2.log and 3=nlgroup. How can it be done? is this
> mean I need run 3 different ULOG process?
> I didn't manage to find how to do it in ulog.conf
>
>
> Thanks
> Sassy
>
>
> I'm running on Arch Linux, so I may be way out of touch with older
> systems and the following may not match with your system.
> I'm also a somewhat new with shorewall/iptables. I found
> #shorewall check -r
> to be very helpful when changing the shorewall files.
>
> I believe you need ulogd2 and kernel > 2.6.14 for NFLOG
>
> NFLOG is part of ulogd (http://www.netfilter.org/projects/ulogd/index.html
> ).
> ULOG is entering end-of-life. NFLOG requires support to be compiled
> into the kernel.
>
> # zcat /proc/config.gz | grep NFLOG
> CONFIG_NETFILTER_XT_TARGET_NFLOG=m
> CONFIG_BRIDGE_EBT_NFLOG=m
>
> Use NFLOG as your log level, and as with ULOG you can specify the
> group NFLOG(1,0,1). NFLOG may default to group 0?
>
> Make sure you have your NFLOG filter stack correct in /etc/ulogd.conf.
> See /usr/share/doc/ulogd/ulogd.conf for some example stacks.
>
> Example rule I have:
>
> SECTION NEW
>
> # Drop blacklist ipset and log to ulogd.blacklist
> DROP:NFLOG(4,0,1) net:+blset all
>
> and /etc/ulogd.conf
> ~~~~~~~~~~~~
> [global]
> logfile="/var/log/ulogd.log"
> loglevel=5
> rmem=131071
> bufsize=150000
>
> plugin="/usr/lib/ulogd/ulogd_inppkt_NFLOG.so"
> plugin="/usr/lib/ulogd/ulogd_raw2packet_BASE.so"
> plugin="/usr/lib/ulogd/ulogd_filter_IFINDEX.so"
> plugin="/usr/lib/ulogd/ulogd_filter_IP2STR.so"
> plugin="/usr/lib/ulogd/ulogd_filter_PRINTPKT.so"
> plugin="/usr/lib/ulogd/ulogd_output_LOGEMU.so"
>
> # shorewall normal log packets group 1
>
> stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
>
> # shorewall log blacklist group 4
>
> stack=log4:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu3:LOGEMU
>
> [log1]
> group=1
> #sync=1
>
> [log4]
> group=4
>
> [emu1]
> file=/var/log/ulogd.syslogemu
>
> [emu3]
> file=/var/log/ulogd.blacklist
> ~~~~~~~
>
> and add logrotate for the new log.
>
> Wayne S
>
>
>
> ------------------------------------------------------------------------------
> Android is increasing in popularity, but the open development platform that
> developers love is also attractive to malware creators. Download this white
> paper to learn more about secure code signing practices that can help keep
> Android apps secure.
> http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
