"Alan Poulton" <[EMAIL PROTECTED]> writes:
> Wednesday, May 01, 2002, 2:42:15 PM, Gary Hennigan wrote:
>
> > Okay. I lied a bit here. I compiled from source but I used
> > dpkg-buildpackage, so it applied the Debian patches. This time I
> > compiled just the straight source, without dpkg-buildpackage and using
> > the usual ./configure and now ulogd is working, pumping out iptables
> > output to /var/log/ulogd.syslogemu like a champ. Apparently there's
> > some problem with the Debian patches to ulogd. So I installed the
> > Debian package and just overwrote /usr/sbin/ulogd with the version I
> > compiled and it's working and *finally* iptables is putting it's crud
> > into my ring buffer.
>
> So, does this mean that you got it running? I'm wanting to install
> Ulogd for the same reason, to get the firewall messages out of dmesg and
> (hopefully) syslog. So that way, I can review the firewall messages by
> themselves without sorting through other messages. I am currently
> running kernel 2.4.17, but I downloaded the sources for IPTables and
> Kernel 2.4.18, then followed the instructions for patching IPTables, and
> have now just completed the compile of the kernel..
>
> What command do you use in your firewall script to enable ULog?
Yep, it's running exactly as it should and I'm getting iptables
logging in exactly *one* place, /var/log/ulogd.syslogemu. No ring
buffer (dmesg), no console, no syslog. Finally!!
In my iptables script, which was pretty much generated via fwbuilder
BTW, there are two rules that I log. Here's an example chain named
RULE_0:
iptables -N RULE_0
iptables -A INPUT -j RULE_0 -f
iptables -A RULE_0 -j ULOG
iptables -A RULE_0 -j DROP
I also did something I wasn't sure was/is necessary. I recompiled my
2.4.18 kernel with CONFIG_NETLINK_DEV=y it's in the networking options
if you're using xconfig or menuconfig. After booting that kernel I
did:
cd /dev
MAKDEV netlink
Again, not sure if that was necessary. I read some mention of ulog
using netlink and when I couldn't get it to work before I tried the
stuff above. Now I know at least one problem is the ulogd distributed
in the Debian package. The stuff above may also have been necessary.
I don't think you need to patch 2.4.18. I didn't. My understanding is
that any version less than 2.4.18 requires the patch. There's a Debian
package for that patch, BTW. I didn't install it, but I saw dselect
was trying to install it when I installed ulogd via dselect. It's a
"Recommend" so I don't think apt will try to install it.
One last "again". I installed the Debian package then got the source,
via apt-get source ulogd, unpacked the ulogd_0.97.orig.tar.gz ran
./configure --sysconfdir=/etc
make
and wrote over /usr/sbin/ulogd with the resulting binary from the
above make.
Gary
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
