<![CDATA[Dev1 Galaxy Forum / [SOLVED] nftables saving log with ulogd ?]]> http://dev1galaxy.org/viewtopic.php?id=4909 Fri, 25 Feb 2022 10:03:49 +0000 FluxBB <![CDATA[Re: [SOLVED] nftables saving log with ulogd ?]]> http://dev1galaxy.org/viewtopic.php?pid=34907#p34907 I found !!! The file was needed a LF at the end !!! lol

]]> Fri, 25 Feb 2022 10:03:49 +0000 http://dev1galaxy.org/viewtopic.php?pid=34907#p34907 <![CDATA[[SOLVED] nftables saving log with ulogd ?]]> http://dev1galaxy.org/viewtopic.php?pid=34880#p34880 Hi everyone,

I followed this tutorial https://www.mybluelinux.com/how-nftable … rnal-file/

in order to save some nftable log into a different file than the default : /var/log/messages but It's not working hmm any ideas ?

here my ulogd.conf (all the # lines have been removed)

[global]
logfile="syslog"
loglevel=3
stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu2:LOGEMU

[ct1]

[ct2]
hash_enable=0

[log1]
group=0

[ulog1]
nlgroup=1

[nuauth1]
socket_path="/tmp/nuauth_ulogd2.sock"

[emu1]
file="/var/log/ulog/syslogemu.log"
sync=1

[op1]
file="/var/log/ulog/oprint.log"
sync=1

[gp1]
file="/var/log/ulog/gprint.log"
sync=1
timestamp=1

[xml1]
directory="/var/log/ulog/"
sync=1

[json1]
sync=1

[pcap1]
sync=1

[mysql1]
db="nulog"
host="localhost"
user="nupik"
table="ulog"
pass="changeme"
procedure="INSERT_PACKET_FULL"

[mysql2]
db="nulog"
host="localhost"
user="nupik"
table="conntrack"
pass="changeme"
procedure="INSERT_CT"

[pgsql1]
db="nulog"
host="localhost"
user="nupik"
table="ulog"
pass="changeme"
procedure="INSERT_PACKET_FULL"

[pgsql2]
db="nulog"
host="localhost"
user="nupik"
table="ulog2_ct"
pass="changeme"
procedure="INSERT_CT"

[pgsql3]
db="nulog"
host="localhost"
user="nupik"
table="ulog2_ct"
pass="changeme"
procedure="INSERT_OR_REPLACE_CT"

[pgsql4]
db="nulog"
host="localhost"
user="nupik"
table="nfacct"
pass="changeme"
procedure="INSERT_NFACCT"

[dbi1]
db="ulog2"
dbtype="pgsql"
host="localhost"
user="ulog2"
table="ulog"
pass="ulog2"
procedure="INSERT_PACKET_FULL"

[sqlite3_ct]
table="ulog_ct"
db="/var/log/ulog/ulogd.sqlite3db"

[sqlite3_pkt]
table="ulog_pkt"
db="/var/log/ulog/ulogd.sqlite3db"

[sys2]
facility=LOG_LOCAL2

[nacct1]
sync = 1

[mark1]
mark = 1

[acct1]
pollinterval = 2

[graphite1]
host="127.0.0.1"
port="2003"
prefix="netfilter.nfacct"

[log2]
group=2
[emu2]
file="/var/log/ulog/test.log"
sync=1

and here the nftable rule ->

	chain chIN {
		type filter hook input priority 0; policy drop;
		icmp type echo-request counter name cntECHO log prefix "echo: " group 2 accept
		ct state established,related accept
		iifname lo accept		
	}

When I remove the group 2 the log goes well into the default /var/log/messages .

With it, the log doesn't go into /var/log/ulog/test.log hmm (as specified in line 129 of ulogd.conf)

Any ideas ?

Thanks.

]]> Thu, 24 Feb 2022 07:16:13 +0000 http://dev1galaxy.org/viewtopic.php?pid=34880#p34880