On Wed, May 01, 2002 at 04:30:24PM -0600, Gary Hennigan wrote: > "Alan Poulton" <[EMAIL PROTECTED]> writes: > > Wednesday, May 01, 2002, 2:42:15 PM, Gary Hennigan wrote: > > > > > Okay. I lied a bit here. I compiled from source but I used > > > dpkg-buildpackage, so it applied the Debian patches. This time I > > > compiled just the straight source, without dpkg-buildpackage and using > > > the usual ./configure and now ulogd is working, pumping out iptables > > > output to /var/log/ulogd.syslogemu like a champ. Apparently there's > > > some problem with the Debian patches to ulogd. So I installed the > > > Debian package and just overwrote /usr/sbin/ulogd with the version I > > > compiled and it's working and *finally* iptables is putting it's crud > > > into my ring buffer. > > > > So, does this mean that you got it running? I'm wanting to install > > Ulogd for the same reason, to get the firewall messages out of dmesg and > > (hopefully) syslog. So that way, I can review the firewall messages by > > themselves without sorting through other messages. I am currently > > running kernel 2.4.17, but I downloaded the sources for IPTables and > > Kernel 2.4.18, then followed the instructions for patching IPTables, and > > have now just completed the compile of the kernel.. > > > > What command do you use in your firewall script to enable ULog? > > Yep, it's running exactly as it should and I'm getting iptables > logging in exactly *one* place, /var/log/ulogd.syslogemu. No ring > buffer (dmesg), no console, no syslog. Finally!! > > In my iptables script, which was pretty much generated via fwbuilder > BTW, there are two rules that I log. Here's an example chain named > RULE_0: > > iptables -N RULE_0 > iptables -A INPUT -j RULE_0 -f > iptables -A RULE_0 -j ULOG > iptables -A RULE_0 -j DROP > > I also did something I wasn't sure was/is necessary. I recompiled my > 2.4.18 kernel with CONFIG_NETLINK_DEV=y it's in the networking options > if you're using xconfig or menuconfig. After booting that kernel I [snip]
Silly question maybe - did you compile ULOG target support into the kernel? Do you modprobe/insmod it if it's a module? Just a thought ... jc -- It may stop, it may not. And stop calling me "dj". -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
