subject:"Re\: \[pve\-devel\] pve\-firewall \: log conntrack sessions \?"

Re: [pve-devel] pve-firewall : log conntrack sessions ?

2018-11-21 Thread Alexandre DERUMIER

>>Will look into it.

Thanks !

- Mail original -
De: "David Limbeck" 
À: "pve-devel" 
Envoyé: Mercredi 21 Novembre 2018 11:14:17
Objet: Re: [pve-devel] pve-firewall : log conntrack sessions ?

Will look into it. 

On 11/21/18 7:50 AM, Alexandre DERUMIER wrote: 
> Hi, 
> 
> I'm currently to finally use proxmox firewall in production next year, 
> 
> and I missing piece is session logging (create in conntrack, end in 
> conntrack). 
> 
> It's currently possible with ulogd2, but ulogd2 don't start with pve fw 
> logger is running. 
> 
> 
> I have found a blog about it: 
> 
> https://home.regit.org/2014/02/logging-connection-tracking-event-with-ulogd/ 
> 
> 
> It's need to enable : 
> 
> echo "1"> /proc/sys/net/netfilter/nf_conntrack_acct 
> echo "1"> /proc/sys/net/netfilter/nf_conntrack_timestamp 
> 
> then ulogd2 listen for 2 netlink events: 
> 
> NF_NETLINK_CONNTRACK_NEW: 0x0001 
> NF_NETLINK_CONNTRACK_DESTROY: 0x0004 
> 
> https://git.netfilter.org/ulogd2/tree/input/flow/ulogd_inpflow_NFCT.c 
> 
> 
> I'm pretty poor in C , don't known if it's difficult to port this ulogd code 
> in pve fw logger ? 
> 
> ___ 
> pve-devel mailing list 
> pve-devel@pve.proxmox.com 
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 

___ 
pve-devel mailing list 
pve-devel@pve.proxmox.com 
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 

___
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] pve-firewall : log conntrack sessions ?

2018-11-21 Thread David Limbeck


Will look into it.

On 11/21/18 7:50 AM, Alexandre DERUMIER wrote:

Hi,

I'm currently to finally use proxmox firewall in production next year,

and I missing piece is session logging (create in conntrack, end in conntrack).

It's currently possible with ulogd2, but ulogd2 don't start with pve fw logger 
is running.


I have found a blog about it:

https://home.regit.org/2014/02/logging-connection-tracking-event-with-ulogd/


It's need to enable :

echo "1"> /proc/sys/net/netfilter/nf_conntrack_acct
echo "1"> /proc/sys/net/netfilter/nf_conntrack_timestamp

then ulogd2 listen for 2 netlink events:

NF_NETLINK_CONNTRACK_NEW: 0x0001
NF_NETLINK_CONNTRACK_DESTROY: 0x0004

https://git.netfilter.org/ulogd2/tree/input/flow/ulogd_inpflow_NFCT.c


I'm pretty poor in C , don't known if it's difficult to port this ulogd code in 
pve fw logger ?

___
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


___
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] pve-firewall : log conntrack sessions ?

Re: [pve-devel] pve-firewall : log conntrack sessions ?

2 matches

Site Navigation

Mail list logo

Footer information