The officially official Devuan Forum!

You are not logged in.

#1 2022-02-24 07:16:13

SpongeBOB
Member
From: Brussels
Registered: 2022-02-07
Posts: 114  

[SOLVED] nftables saving log with ulogd ?

Hi everyone,

I followed this tutorial https://www.mybluelinux.com/how-nftable … rnal-file/

in order to save some nftable log into a different file than the default : /var/log/messages but It's not working hmm any ideas ?

here my ulogd.conf (all the # lines have been removed)

[global]
logfile="syslog"
loglevel=3
stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu2:LOGEMU

[ct1]

[ct2]
hash_enable=0

[log1]
group=0

[ulog1]
nlgroup=1

[nuauth1]
socket_path="/tmp/nuauth_ulogd2.sock"

[emu1]
file="/var/log/ulog/syslogemu.log"
sync=1

[op1]
file="/var/log/ulog/oprint.log"
sync=1

[gp1]
file="/var/log/ulog/gprint.log"
sync=1
timestamp=1

[xml1]
directory="/var/log/ulog/"
sync=1

[json1]
sync=1

[pcap1]
sync=1

[mysql1]
db="nulog"
host="localhost"
user="nupik"
table="ulog"
pass="changeme"
procedure="INSERT_PACKET_FULL"

[mysql2]
db="nulog"
host="localhost"
user="nupik"
table="conntrack"
pass="changeme"
procedure="INSERT_CT"

[pgsql1]
db="nulog"
host="localhost"
user="nupik"
table="ulog"
pass="changeme"
procedure="INSERT_PACKET_FULL"

[pgsql2]
db="nulog"
host="localhost"
user="nupik"
table="ulog2_ct"
pass="changeme"
procedure="INSERT_CT"

[pgsql3]
db="nulog"
host="localhost"
user="nupik"
table="ulog2_ct"
pass="changeme"
procedure="INSERT_OR_REPLACE_CT"

[pgsql4]
db="nulog"
host="localhost"
user="nupik"
table="nfacct"
pass="changeme"
procedure="INSERT_NFACCT"

[dbi1]
db="ulog2"
dbtype="pgsql"
host="localhost"
user="ulog2"
table="ulog"
pass="ulog2"
procedure="INSERT_PACKET_FULL"

[sqlite3_ct]
table="ulog_ct"
db="/var/log/ulog/ulogd.sqlite3db"

[sqlite3_pkt]
table="ulog_pkt"
db="/var/log/ulog/ulogd.sqlite3db"

[sys2]
facility=LOG_LOCAL2

[nacct1]
sync = 1

[mark1]
mark = 1

[acct1]
pollinterval = 2

[graphite1]
host="127.0.0.1"
port="2003"
prefix="netfilter.nfacct"

[log2]
group=2
[emu2]
file="/var/log/ulog/test.log"
sync=1

and here the nftable rule ->

	chain chIN {
		type filter hook input priority 0; policy drop;
		icmp type echo-request counter name cntECHO log prefix "echo: " group 2 accept
		ct state established,related accept
		iifname lo accept		
	}

When I remove the group 2 the log goes well into the default /var/log/messages .

With it, the log doesn't go into /var/log/ulog/test.log hmm (as specified in line 129 of ulogd.conf)

Any ideas ?

Thanks.

Last edited by SpongeBOB (2022-02-24 16:10:08)


Linux noob, plz be kind big_smile

Offline

#2 2022-02-25 10:03:49

SpongeBOB
Member
From: Brussels
Registered: 2022-02-07
Posts: 114  

Re: [SOLVED] nftables saving log with ulogd ?

I found !!! The file was needed a LF at the end !!! lol


Linux noob, plz be kind big_smile

Offline

Board footer