jano
18.09.07, 17:55
Hallo
Da ich die normalen Firewall-Logfiles von Linux doch recht unübersichtlich finde, möchte ich das ganze besser mit ulogd und dem php programm "iptableslogs"
realisieren.
Die Logdaten sollen also von ulogd in eine mysql Tabelle geschrieben werden.
Das php Programm läuft soweit, nur regt sich der ulogd deamon leider gar nicht.
Es wurden noch nicht einmal die ulogd.log Datei in /var/log erstellt :-(
Erstmal hier meine ulogd.conf:
################################################## ####################
# GLOBAL OPTIONS
################################################## ####################
# netlink multicast group (the same as the iptables --ulog-nlgroup param)
nlgroup 1
# logfile for status messages
logfile /var/log/ulogd.log
# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8)
loglevel 3
# socket receive buffer size (should be at least the size of the
# in-kernel buffer (ipt_ULOG.o 'nlbufsiz' parameter)
rmem 131071
# libipulog/ulogd receive buffer size, should be > rmem
bufsize 150000
################################################## ####################
# PLUGIN OPTIONS
################################################## ####################
# We have to configure and load all the plugins we want to use
# general rules:
# 1. specify the options FIRST, then load the plugin
# 2. interpreter plugins have to precede output plugins
#
# ulogd_BASE.so - interpreter plugin for basic IPv4 header fields
# you will always need this
plugin /usr/lib64/ulogd/ulogd_BASE.so
plugin /usr/lib64/ulogd/ulogd_LOCAL.so
#
# ulogd_LOGEMU.so - simple syslog emulation target
#
# where to write to
syslogfile /var/log/ulogd.packetlog
# do we want to fflush() the file after each write?
syslogsync 0
# load the plugin
plugin /usr/lib64/ulogd/ulogd_LOGEMU.so
#
# ulogd_OPRINT.so: file for packet dumping
#
# where to write the log
dumpfile /var/log/ulogd.pktlog
# load the plugin (remove the '#'if you want to enable it
plugin /usr/lib/ulogd/ulogd_OPRINT.so
#
# ulogd_MYSQL.so: optional logging into a MySQL database
#
# database information
mysqltable ulog
mysqlpass xxxxxx
mysqluser ulog
mysqldb ulog
mysqlhost localhost
# load the plugin (remove the '#' if you want to enable it)
plugin /usr/lib64/ulogd/ulogd_MYSQL.so
#
# ulogd_PGSQL.so: optional logging into a PostgreSQL database
#
# database information
#pgsqltable ulog
#pgsqlpass
#pgsqluser postgres
#pgsqldb ulogd
#pgsqlhost localhost
#load the plugin (remove the '#' if you want to enable it)
#plugin /usr/lib/ulogd/ulogd_PGSQL.so
#pcapfile /var/log/ulogd.pcap
#pcapsync 1
#plugin /usr/lib/ulogd/ulogd_PCAP.so
Beim starten von ulogd hab ich außerdem diese Meldung:
jan-network-server:/home/Jan # /etc/init.d/ulogd restart
Shutting down ulogd done
Starting ulogd Tue Sep 18 18:51:43 2007 <7> ulogd.c:522 section "global" not found
Tue Sep 18 18:51:43 2007 <8> ulogd.c:719 parse_conffile
startproc: exit status of parent of /usr/sbin/ulogd: 1
done
Meine iptables stehen auf " -j ULOG"
Wieso habe ich nicht einmal das logfile von ulogd in /var/log?
Zur Info:
-mysql tabelle und user mit Rechten erstellt.
-openSuSe 10.2 64Bit
Hier noch die Ausgabe von lsmod:
ipt_ULOG 26632 27
st 57892 0
sr_mod 34596 0
ide_cd 59680 0
cdrom 54056 2 sr_mod,ide_cd
af_packet 57356 0
joydev 28160 0
xt_state 19200 4
ip_conntrack_ftp 25424 0
iptable_nat 24964 0
ip_nat 37804 1 iptable_nat
ip_conntrack 78372 4 xt_state,ip_conntrack_ftp,iptable_nat,ip_nat
nfnetlink 24648 2 ip_nat,ip_conntrack
iptable_mangle 19840 0
ipt_LOG 23808 0
xt_limit 20224 9
xt_tcpudp 20352 58
iptable_filter 19968 1
ip_tables 39400 3 iptable_nat,iptable_mangle,iptable_filter
x_tables 37384 7 ipt_ULOG,xt_state,iptable_nat,ipt_LOG,xt_limit,xt_ tcpudp,ip_tables
edd 27912 0
ipv6 357728 14
cpufreq_conservative 25608 0
cpufreq_ondemand 24592 1
cpufreq_userspace 24064 0
cpufreq_powersave 18688 0
powernow_k8 32416 0
freq_table 22912 1 powernow_k8
button 24736 0
battery 28168 0
ac 22792 0
apparmor 74264 0
aamatch_pcre 31232 1 apparmor
loop 34064 0
dm_mod 81872 0
8139too 46720 0
shpchp 56492 0
pci_hotplug 52228 1 shpchp
uhci_hcd 42520 0
ehci_hcd 51080 0
i2c_viapro 26392 0
i2c_core 41472 1 i2c_viapro
8139cp 43648 0
usbcore 148064 2 uhci_hcd,ehci_hcd
mii 22912 2 8139too,8139cp
parport_pc 58984 1
lp 30664 0
parport 59660 2 parport_pc,lp
reiserfs 260096 1
xfs 546248 0
ext3 167696 0
jbd 90872 1 ext3
mbcache 27016 1 ext3
sg 55080 0
amd74xx 32176 0 [permanent]
sata_nv 30084 0
sata_sil 30472 0
sata_via 28292 2
libata 145056 3 sata_nv,sata_sil,sata_via
3w_9xxx 51972 0
3w_xxxx 45088 0
raid1 40704 0
raid0 24576 0
fan 22408 0
thermal 33552 0
processor 53992 2 powernow_k8,thermal
via82cxxx 26116 0 [permanent]
sd_mod 39296 3
scsi_mod 173744 7 st,sr_mod,sg,libata,3w_9xxx,3w_xxxx,sd_mod
ide_disk 34304 0
ide_core 174720 4 ide_cd,amd74xx,via82cxxx,ide_disk
Bitte helft mir, ich finde einfach keine howtos und documentations über ulogd.
Gruß
Jan
Da ich die normalen Firewall-Logfiles von Linux doch recht unübersichtlich finde, möchte ich das ganze besser mit ulogd und dem php programm "iptableslogs"
realisieren.
Die Logdaten sollen also von ulogd in eine mysql Tabelle geschrieben werden.
Das php Programm läuft soweit, nur regt sich der ulogd deamon leider gar nicht.
Es wurden noch nicht einmal die ulogd.log Datei in /var/log erstellt :-(
Erstmal hier meine ulogd.conf:
################################################## ####################
# GLOBAL OPTIONS
################################################## ####################
# netlink multicast group (the same as the iptables --ulog-nlgroup param)
nlgroup 1
# logfile for status messages
logfile /var/log/ulogd.log
# loglevel: debug(1), info(3), notice(5), error(7) or fatal(8)
loglevel 3
# socket receive buffer size (should be at least the size of the
# in-kernel buffer (ipt_ULOG.o 'nlbufsiz' parameter)
rmem 131071
# libipulog/ulogd receive buffer size, should be > rmem
bufsize 150000
################################################## ####################
# PLUGIN OPTIONS
################################################## ####################
# We have to configure and load all the plugins we want to use
# general rules:
# 1. specify the options FIRST, then load the plugin
# 2. interpreter plugins have to precede output plugins
#
# ulogd_BASE.so - interpreter plugin for basic IPv4 header fields
# you will always need this
plugin /usr/lib64/ulogd/ulogd_BASE.so
plugin /usr/lib64/ulogd/ulogd_LOCAL.so
#
# ulogd_LOGEMU.so - simple syslog emulation target
#
# where to write to
syslogfile /var/log/ulogd.packetlog
# do we want to fflush() the file after each write?
syslogsync 0
# load the plugin
plugin /usr/lib64/ulogd/ulogd_LOGEMU.so
#
# ulogd_OPRINT.so: file for packet dumping
#
# where to write the log
dumpfile /var/log/ulogd.pktlog
# load the plugin (remove the '#'if you want to enable it
plugin /usr/lib/ulogd/ulogd_OPRINT.so
#
# ulogd_MYSQL.so: optional logging into a MySQL database
#
# database information
mysqltable ulog
mysqlpass xxxxxx
mysqluser ulog
mysqldb ulog
mysqlhost localhost
# load the plugin (remove the '#' if you want to enable it)
plugin /usr/lib64/ulogd/ulogd_MYSQL.so
#
# ulogd_PGSQL.so: optional logging into a PostgreSQL database
#
# database information
#pgsqltable ulog
#pgsqlpass
#pgsqluser postgres
#pgsqldb ulogd
#pgsqlhost localhost
#load the plugin (remove the '#' if you want to enable it)
#plugin /usr/lib/ulogd/ulogd_PGSQL.so
#pcapfile /var/log/ulogd.pcap
#pcapsync 1
#plugin /usr/lib/ulogd/ulogd_PCAP.so
Beim starten von ulogd hab ich außerdem diese Meldung:
jan-network-server:/home/Jan # /etc/init.d/ulogd restart
Shutting down ulogd done
Starting ulogd Tue Sep 18 18:51:43 2007 <7> ulogd.c:522 section "global" not found
Tue Sep 18 18:51:43 2007 <8> ulogd.c:719 parse_conffile
startproc: exit status of parent of /usr/sbin/ulogd: 1
done
Meine iptables stehen auf " -j ULOG"
Wieso habe ich nicht einmal das logfile von ulogd in /var/log?
Zur Info:
-mysql tabelle und user mit Rechten erstellt.
-openSuSe 10.2 64Bit
Hier noch die Ausgabe von lsmod:
ipt_ULOG 26632 27
st 57892 0
sr_mod 34596 0
ide_cd 59680 0
cdrom 54056 2 sr_mod,ide_cd
af_packet 57356 0
joydev 28160 0
xt_state 19200 4
ip_conntrack_ftp 25424 0
iptable_nat 24964 0
ip_nat 37804 1 iptable_nat
ip_conntrack 78372 4 xt_state,ip_conntrack_ftp,iptable_nat,ip_nat
nfnetlink 24648 2 ip_nat,ip_conntrack
iptable_mangle 19840 0
ipt_LOG 23808 0
xt_limit 20224 9
xt_tcpudp 20352 58
iptable_filter 19968 1
ip_tables 39400 3 iptable_nat,iptable_mangle,iptable_filter
x_tables 37384 7 ipt_ULOG,xt_state,iptable_nat,ipt_LOG,xt_limit,xt_ tcpudp,ip_tables
edd 27912 0
ipv6 357728 14
cpufreq_conservative 25608 0
cpufreq_ondemand 24592 1
cpufreq_userspace 24064 0
cpufreq_powersave 18688 0
powernow_k8 32416 0
freq_table 22912 1 powernow_k8
button 24736 0
battery 28168 0
ac 22792 0
apparmor 74264 0
aamatch_pcre 31232 1 apparmor
loop 34064 0
dm_mod 81872 0
8139too 46720 0
shpchp 56492 0
pci_hotplug 52228 1 shpchp
uhci_hcd 42520 0
ehci_hcd 51080 0
i2c_viapro 26392 0
i2c_core 41472 1 i2c_viapro
8139cp 43648 0
usbcore 148064 2 uhci_hcd,ehci_hcd
mii 22912 2 8139too,8139cp
parport_pc 58984 1
lp 30664 0
parport 59660 2 parport_pc,lp
reiserfs 260096 1
xfs 546248 0
ext3 167696 0
jbd 90872 1 ext3
mbcache 27016 1 ext3
sg 55080 0
amd74xx 32176 0 [permanent]
sata_nv 30084 0
sata_sil 30472 0
sata_via 28292 2
libata 145056 3 sata_nv,sata_sil,sata_via
3w_9xxx 51972 0
3w_xxxx 45088 0
raid1 40704 0
raid0 24576 0
fan 22408 0
thermal 33552 0
processor 53992 2 powernow_k8,thermal
via82cxxx 26116 0 [permanent]
sd_mod 39296 3
scsi_mod 173744 7 st,sr_mod,sg,libata,3w_9xxx,3w_xxxx,sd_mod
ide_disk 34304 0
ide_core 174720 4 ide_cd,amd74xx,via82cxxx,ide_disk
Bitte helft mir, ich finde einfach keine howtos und documentations über ulogd.
Gruß
Jan