Hi Folks
I am trying to log using netlink as a backend and the NFLOG ulogd combo.
I can see that shorewall includes NFLOG as log target into the iptable
rules, but ulogd is not impressed. I appear to be stuck with this as I
don't know where to continue diagnosis.
Here just a few straws
--- shorewall .conf
LOG_BACKEND=netlink
...
MACLIST_LOG_LEVEL=NFLOG
RELATED_LOG_LEVEL=
RPFILTER_LOG_LEVEL=NFLOG
SFILTER_LOG_LEVEL=NFLOG
SMURF_LOG_LEVEL=NFLOG
--- rules
Ping(ACCEPT):NFLOG loc fw
--- corresponding iptables entry
Chain ~log0 (1 references)
pkts bytes target prot opt in out source
destination
1 84 NFLOG all -- * * 0.0.0.0/0
0.0.0.0/0 /* Ping */ nflog-prefix "Shorewall:loc2fw:ACCEPT:"
---ulogd stack entry
stack=log4:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu4:LOGEMU
--- logging modules
gatekeeper# lsmod | grep xt_NFLOG
xt_NFLOG 694 11 - Live 0xc0ff7000
nfnetlink_log 5767 2 xt_NFLOG, Live 0xc0db4000
gatekeeper# lsmod | grep nfnetlink_log
nfnetlink_log 5767 2 xt_NFLOG, Live 0xc0db4000
nfnetlink 3620 6
nfnetlink_cttimeout,nfnetlink_cthelper,nfnetlink_acct,nfnetlink_queue,nfnetlink_log,
Live 0xc0dab000
--- proc/net/netfilter settings
gatekeeper# cat /proc/net/netfilter/nf_log
0 NONE (nfnetlink_log)
1 NONE (nfnetlink_log)
2 nfnetlink_log (nfnetlink_log)
3 NONE (nfnetlink_log)
4 NONE (nfnetlink_log)
5 NONE (nfnetlink_log)
6 NONE (nfnetlink_log)
7 NONE (nfnetlink_log)
8 NONE (nfnetlink_log)
9 NONE (nfnetlink_log)
10 NONE (nfnetlink_log)
11 NONE (nfnetlink_log)
12 NONE (nfnetlink_log)
I must be missing something, but to me it looks like all the elements
are in place.
Thanks for hints
Erich
------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
