On Wed, May 01, 2002 at 04:30:24PM -0600, Gary Hennigan wrote:
> "Alan Poulton" <[EMAIL PROTECTED]> writes:
> > Wednesday, May 01, 2002, 2:42:15 PM, Gary Hennigan wrote:
> > 
> > > Okay. I lied a bit here. I compiled from source but I used
> > > dpkg-buildpackage, so it applied the Debian patches. This time I
> > > compiled just the straight source, without dpkg-buildpackage and using
> > > the usual ./configure and now ulogd is working, pumping out iptables
> > > output to /var/log/ulogd.syslogemu like a champ. Apparently there's
> > > some problem with the Debian patches to ulogd. So I installed the
> > > Debian package and just overwrote /usr/sbin/ulogd with the version I
> > > compiled and it's working and *finally* iptables is putting it's crud
> > > into my ring buffer.
> > 
> > So, does this mean that you got it running?  I'm wanting to install
> > Ulogd for the same reason, to get the firewall messages out of dmesg and
> > (hopefully) syslog. So that way, I can review the firewall messages by
> > themselves without sorting through other messages.  I am currently
> > running kernel 2.4.17, but I downloaded the sources for IPTables and
> > Kernel 2.4.18, then followed the instructions for patching IPTables, and
> > have now just completed the compile of the kernel..
> > 
> > What command do you use in your firewall script to enable ULog?
> 
> Yep, it's running exactly as it should and I'm getting iptables
> logging in exactly *one* place, /var/log/ulogd.syslogemu. No ring
> buffer (dmesg), no console, no syslog. Finally!!
> 
> In my iptables script, which was pretty much generated via fwbuilder
> BTW, there are two rules that I log. Here's an example chain named
> RULE_0:
> 
> iptables -N RULE_0
> iptables -A INPUT  -j RULE_0 -f
> iptables -A RULE_0  -j ULOG
> iptables -A RULE_0  -j DROP 
> 
> I also did something I wasn't sure was/is necessary. I recompiled my
> 2.4.18 kernel with CONFIG_NETLINK_DEV=y it's in the networking options
> if you're using xconfig or menuconfig. After booting that kernel I
[snip]

Silly question maybe - did you compile ULOG target support into
the kernel?
Do you modprobe/insmod it if it's a module?

Just a thought ...

jc
-- 
It may stop, it may not.  And stop calling me "dj".


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to