[Shorewall-users] Strange error with Centos 7

Wed, 14 Nov 2018 06:59:03 -0800

Same Ulogd error here following shorewall's logging set up man page(s) to move iptables output into its own log file, in my case, shorewall.log.

Sometimes, ulogd does not log to file.  Seems dependent upon when Ulogd is started by systemd. I am now starting it after shorewall. Note that it works without  ipt_ULOG being loaded nonetheless (see #3 below).

Ulogd appear to be needed, but I remain confused as to whether ulogd is doing anything or whether rsyslogd configure edits (see #5 below) are handling the correct logging or whether it takes both rsyslogd and ulogd.

Applicable excerpts of my set up is as follows:
1. Kernel 3.10.0-862.14.4.el7.x86_64

2. Shorewall.conf
    LOG_LEVEL="NFLOG(2,0,1)"
    LOG_BACKEND="netlink"
    LOG_MARTIANS=Yes
    LOG_VERBOSITY=2
    LOG_ZONE=Both
    LOGFILE=/var/log/shorewall.log
    LOGFORMAT="Shorewall:%s:%s:"
    LOGTAGONLY=No
    LOGLIMIT="s:1/sec:10"

3. cat /proc/sys/net/netfilter/nf_log/*   #0-12 # Note "ipt_ULOG" not loaded
NONE
NONE
nfnetlink_log
NONE
NONE
nfnetlink_log
NONE
NONE
NONE
NONE
nfnetlink_log
NONE
NONE

4. ulogd.conf
    loglevel=7
    stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,firewall:LOGEMU
    [log2]
    group=2 # Group has to be different from the one use in log1
    netlink_socket_buffer_size=217088
    netlink_socket_buffer_maxsize=1085440
    bind=1

5. rsyslog.conf
   if $msg contains 'Shorewall' then {
  action(type="omfile" file="-/var/log/shorewall.log")
  if ($syslogfacility == 0 and $syslogseverity <= 6) then stop  # info
}
 
6. ulogd.service
   Before=shorewall.service
   Conflicts=firewalld.service iptables.service  #iptables.service is disabled

On 11/13/2018 6:39 PM, Tom Eastep wrote:
On 11/13/18 3:00 AM, Paolo Prandini wrote:

I installed the minimal version of Centos 7, run a yum upgrade
and then yum install shorewall
When I test my configuration with shorewall check ( I only set zones
interfaces policy) , I always get
nf_log: can't load ipt_ULOG, conflicting nfnetlink_log already loaded
What can I do to avoid this problem?
Thanks a lot


I've reproduced the problem. Are you trying to log via ULOG or is it
just the journal message that concerns you?

Thanks,
-Tom


    

    

  



_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users






















					Reply via email to