FS#37198 - [ulogd] NFLOG support and logrotate broken
Attached to Project:
Community Packages
Opened by Raphaël R. (raphaelr) - Friday, 04 October 2013, 19:09 GMT
Last edited by Sergej Pupykin (sergej) - Monday, 07 October 2013, 10:03 GMT
Opened by Raphaël R. (raphaelr) - Friday, 04 October 2013, 19:09 GMT
Last edited by Sergej Pupykin (sergej) - Monday, 07 October 2013, 10:03 GMT
|
Details
Description:
_ ulogd can't "out-of-the-box" use the newest NFLOG plugin which will remplace the ULOG plugin which is marked as "deprecated" in netfilter since March 2013 _ the logrotate part is broken: there's no more /etc/rc.d/ Additional info: * package version : 2.0.2-1 Steps to reproduce: 1) Use these simple (and stupid) iptables rules to log acess to a http/s server : sudo iptables -A INPUT -p tcp -m multiport --dports 80,443 -j NFLOG --nflog-group 1 sudo iptables -A OUTPUT -p tcp -m multiport --sports 80,443 -j NFLOG --nflog-group 1 2) Use this basic ulog configuration base on NFLOG input: [global] logfile="/var/log/ulogd.log" loglevel=1 rmem=131071 bufsize=150000 # Base, always needed! plugin="/usr/lib/ulogd/ulogd_raw2packet_BASE.so" # Input plugins plugin="/usr/lib/ulogd/ulogd_inppkt_NFLOG.so" #plugin="/usr/lib/ulogd/ulogd_inppkt_ULOG.so" #plugin="/usr/lib/ulogd/ulogd_inppkt_UNIXSOCK.so" # Filters plugins plugin="/usr/lib/ulogd/ulogd_filter_IFINDEX.so" plugin="/usr/lib/ulogd/ulogd_filter_IP2STR.so" plugin="/usr/lib/ulogd/ulogd_filter_PRINTPKT.so" # Output plugins plugin="/usr/lib/ulogd/ulogd_output_LOGEMU.so" #plugin="/usr/lib/ulogd/ulogd_output_SQLITE3.so" #plugin="/usr/lib/ulogd/ulogd_output_SYSLOG.so" # This is a stack for packet-based logging via LOGEMU stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU # Plugins configuration [log1] group=1 [emu1] file=/var/log/ulogd.syslogemu sync=1 3) Start ulog via systemctl and in /var/log/ulogd.log we'll see: Fri Oct 4 20:37:00 2013 <5> ulogd.c:375 registering plugin `BASE' Fri Oct 4 20:37:00 2013 <7> ulogd.c:613 load_plugin: '/usr/lib/ulogd/ulogd_inppkt_NFLOG.so': libnetfilter_log.so.1: cannot open shared object file: No such file or directory We miss the libnetfilter_log dependency. We'll have this error also with ulogd_output_XML.so Note that the NFCT module won't work because libnetfilter_acct and libnetfilter_conntrack are also missing. Proposed fixes : _ PKGBUILD.patch : move libnetfilter_acct, libnetfilter_conntrack and libnetfilter_log and to depends as stated on the Netfilter ulogd projet ( http://www.netfilter.org/projects/ulogd/index.html ) _ ulogd.logrotate.patch : use systemctl kill feature to send a SIGHUP to handle log rotation as stated in ulogd manpage _ ulogd.conf.patch : use a NFLOG example instead of deprecated ULOG as stated in https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/net/ipv4/netfilter/ipt_ULOG.c?id=de94c4591bd606729af1b913d6e98c6c449e42df commit. Feel free to improve them. |
PKGBUILD.patch
This task depends upon
Closed by Sergej Pupykin (sergej)
Monday, 07 October 2013, 10:03 GMT
Reason for closing: Fixed
Additional comments about closing: thanks
Monday, 07 October 2013, 10:03 GMT
Reason for closing: Fixed
Additional comments about closing: thanks