Je souhaite utiliser ulogd pour les logs de mon firewall netfilter (iptables). Cependant, si ulogd semble fonctionner, je n'obtiens aucun log (le fichier /var/log/ulogd.syslogemu reste désespérement vide, de même pour la BD mysql).
Pour le log des paquets j'utilise des chaines de ce genre via iptables : iptables -N NEW_DROP iptables -A NEW_DROP -j LOG --log-prefix "[IPTABLES NEW_DROP] : " iptables -A NEW_DROP -j ULOG --ulog-nlgroup 1 iptables -A NEW_DROP -j DROP Les paquets sont bien loggués via syslog (target LOG) mais pas via ULOG... Bref, je sèche et ne comprends pas pourquoi ça ne marche pas... Si quelqu'un a une idée ce serait top :) Voici quelques éléments de ma configuration : > uname -a Linux linux 2.4.20 #10 Sat Apr 5 15:35:46 CEST 2003 i686 AMD-K7(tm) Processor AuthenticAMD GNU/Linux > cat /usr/src/linux/.config | grep CONFIG_IP_NF_TARGET_LOG CONFIG_IP_NF_TARGET_LOG=y > dpkg -l | grep ulog ii ulogd 0.97-1 The Userspace Logging Daemon ii ulogd-mysql 0.97-1 mySQL extension to ulogd > tail -n 6 /var/log/ulogd.log Sat Apr 5 12:47:27 2003 <5> ulogd.c:522 sigterm received, exiting Sat Apr 5 12:48:28 2003 <5> ulogd.c:590 initialization finished, entering main loop Sat Apr 5 16:49:11 2003 <5> ulogd.c:522 sigterm received, exiting Sat Apr 5 16:49:15 2003 <5> ulogd.c:590 initialization finished, entering main loop Sat Apr 5 17:05:03 2003 <5> ulogd.c:522 sigterm received, exiting Sat Apr 5 17:06:06 2003 <5> ulogd.c:590 initialization finished, entering main loop > cat /etc/ulogd.conf # Example configuration for ulogd # ulogd.conf,v 1.5 2001/05/20 14:44:37 laforge Exp # Modified for Debian by Daniel Stone <[EMAIL PROTECTED]>. ###################################################################### # GLOBAL OPTIONS ###################################################################### # netlink multicast group (the same as the iptables --ulog-nlgroup param) nlgroup 1 # logfile for status messages logfile /var/log/ulogd.log # loglevel: notice, warnings, error and fatal #loglevel 5 loglevel 1 ###################################################################### # PLUGIN OPTIONS ###################################################################### # We have to configure and load all the plugins we want to use # general rules: # 1. specify the options FIRST, then load the plugin # 2. interpreter plugins have to precede output plugins # # ulogd_BASE.so - interpreter plugin for basic IPv4 header fields # you will always need this plugin /usr/lib/ulogd/ulogd_BASE.so # # ulogd_LOGEMU.so - simple syslog emulation target # # where to write to syslogfile /var/log/ulogd.syslogemu # do we want to fflush() the file after each write? syslogsync 1 # load the plugin plugin /usr/lib/ulogd/ulogd_LOGEMU.so # # ulogd_OPRINT.so: file for packet dumping # # NOTE: This may or may not be broken. -DS # # where to write the log dumpfile /var/log/ulogd.pktlog # load the plugin (remove the '#'if you want to enable it #plugin /usr/lib/ulogd/ulogd_OPRINT.so # # ulogd_MYSQL.so: optional logging into a MySQL database # # database information mysqltable ulog mysqlpass <password removed> mysqluser ulog_a mysqldb ulog mysqlhost localhost # load the plugin (remove the '#' if you want to enable it) plugin /usr/lib/ulogd/ulogd_MYSQL.so