Re: [pve-devel] pve-firewall : log conntrack sessions ?
>>Will look into it. Thanks ! - Mail original - De: "David Limbeck" À: "pve-devel" Envoyé: Mercredi 21 Novembre 2018 11:14:17 Objet: Re: [pve-devel] pve-firewall : log conntrack sessions ? Will look into it. On 11/21/18 7:50 AM, Alexandre DERUMIER wrote: > Hi, > > I'm currently to finally use proxmox firewall in production next year, > > and I missing piece is session logging (create in conntrack, end in > conntrack). > > It's currently possible with ulogd2, but ulogd2 don't start with pve fw > logger is running. > > > I have found a blog about it: > > https://home.regit.org/2014/02/logging-connection-tracking-event-with-ulogd/ > > > It's need to enable : > > echo "1"> /proc/sys/net/netfilter/nf_conntrack_acct > echo "1"> /proc/sys/net/netfilter/nf_conntrack_timestamp > > then ulogd2 listen for 2 netlink events: > > NF_NETLINK_CONNTRACK_NEW: 0x0001 > NF_NETLINK_CONNTRACK_DESTROY: 0x0004 > > https://git.netfilter.org/ulogd2/tree/input/flow/ulogd_inpflow_NFCT.c > > > I'm pretty poor in C , don't known if it's difficult to port this ulogd code > in pve fw logger ? > > ___ > pve-devel mailing list > pve-devel@pve.proxmox.com > https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] pve-firewall : log conntrack sessions ?
Will look into it. On 11/21/18 7:50 AM, Alexandre DERUMIER wrote: Hi, I'm currently to finally use proxmox firewall in production next year, and I missing piece is session logging (create in conntrack, end in conntrack). It's currently possible with ulogd2, but ulogd2 don't start with pve fw logger is running. I have found a blog about it: https://home.regit.org/2014/02/logging-connection-tracking-event-with-ulogd/ It's need to enable : echo "1"> /proc/sys/net/netfilter/nf_conntrack_acct echo "1"> /proc/sys/net/netfilter/nf_conntrack_timestamp then ulogd2 listen for 2 netlink events: NF_NETLINK_CONNTRACK_NEW: 0x0001 NF_NETLINK_CONNTRACK_DESTROY: 0x0004 https://git.netfilter.org/ulogd2/tree/input/flow/ulogd_inpflow_NFCT.c I'm pretty poor in C , don't known if it's difficult to port this ulogd code in pve fw logger ? ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] pve-firewall : log conntrack sessions ?
Hi, I'm currently to finally use proxmox firewall in production next year, and I missing piece is session logging (create in conntrack, end in conntrack). It's currently possible with ulogd2, but ulogd2 don't start with pve fw logger is running. I have found a blog about it: https://home.regit.org/2014/02/logging-connection-tracking-event-with-ulogd/ It's need to enable : echo "1"> /proc/sys/net/netfilter/nf_conntrack_acct echo "1"> /proc/sys/net/netfilter/nf_conntrack_timestamp then ulogd2 listen for 2 netlink events: NF_NETLINK_CONNTRACK_NEW: 0x0001 NF_NETLINK_CONNTRACK_DESTROY: 0x0004 https://git.netfilter.org/ulogd2/tree/input/flow/ulogd_inpflow_NFCT.c I'm pretty poor in C , don't known if it's difficult to port this ulogd code in pve fw logger ? ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel