You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2022-02-24 07:16:13
- SpongeBOB
- Member
- From: Brussels
- Registered: 2022-02-07
- Posts: 114
[SOLVED] nftables saving log with ulogd ?
Hi everyone,
I followed this tutorial https://www.mybluelinux.com/how-nftable … rnal-file/
in order to save some nftable log into a different file than the default : /var/log/messages but It's not working 
any ideas ?
here my ulogd.conf (all the # lines have been removed)
[global]
logfile="syslog"
loglevel=3
stack=log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU
stack=log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu2:LOGEMU
[ct1]
[ct2]
hash_enable=0
[log1]
group=0
[ulog1]
nlgroup=1
[nuauth1]
socket_path="/tmp/nuauth_ulogd2.sock"
[emu1]
file="/var/log/ulog/syslogemu.log"
sync=1
[op1]
file="/var/log/ulog/oprint.log"
sync=1
[gp1]
file="/var/log/ulog/gprint.log"
sync=1
timestamp=1
[xml1]
directory="/var/log/ulog/"
sync=1
[json1]
sync=1
[pcap1]
sync=1
[mysql1]
db="nulog"
host="localhost"
user="nupik"
table="ulog"
pass="changeme"
procedure="INSERT_PACKET_FULL"
[mysql2]
db="nulog"
host="localhost"
user="nupik"
table="conntrack"
pass="changeme"
procedure="INSERT_CT"
[pgsql1]
db="nulog"
host="localhost"
user="nupik"
table="ulog"
pass="changeme"
procedure="INSERT_PACKET_FULL"
[pgsql2]
db="nulog"
host="localhost"
user="nupik"
table="ulog2_ct"
pass="changeme"
procedure="INSERT_CT"
[pgsql3]
db="nulog"
host="localhost"
user="nupik"
table="ulog2_ct"
pass="changeme"
procedure="INSERT_OR_REPLACE_CT"
[pgsql4]
db="nulog"
host="localhost"
user="nupik"
table="nfacct"
pass="changeme"
procedure="INSERT_NFACCT"
[dbi1]
db="ulog2"
dbtype="pgsql"
host="localhost"
user="ulog2"
table="ulog"
pass="ulog2"
procedure="INSERT_PACKET_FULL"
[sqlite3_ct]
table="ulog_ct"
db="/var/log/ulog/ulogd.sqlite3db"
[sqlite3_pkt]
table="ulog_pkt"
db="/var/log/ulog/ulogd.sqlite3db"
[sys2]
facility=LOG_LOCAL2
[nacct1]
sync = 1
[mark1]
mark = 1
[acct1]
pollinterval = 2
[graphite1]
host="127.0.0.1"
port="2003"
prefix="netfilter.nfacct"
[log2]
group=2
[emu2]
file="/var/log/ulog/test.log"
sync=1and here the nftable rule ->
chain chIN {
type filter hook input priority 0; policy drop;
icmp type echo-request counter name cntECHO log prefix "echo: " group 2 accept
ct state established,related accept
iifname lo accept
}When I remove the group 2 the log goes well into the default /var/log/messages .
With it, the log doesn't go into /var/log/ulog/test.log (as specified in line 129 of ulogd.conf)
Any ideas ?
Thanks.
Last edited by SpongeBOB (2022-02-24 16:10:08)
Linux noob, plz be kind 
Offline
#2 2022-02-25 10:03:49
- SpongeBOB
- Member
- From: Brussels
- Registered: 2022-02-07
- Posts: 114
Re: [SOLVED] nftables saving log with ulogd ?
I found !!! The file was needed a LF at the end !!! 
Linux noob, plz be kind
Offline
Pages: 1
