Iptables FW ulog / ulogd still used?

On my old Centos 5 box, I setup all of my firewalls so that they used ULOG logging.

That made it really easy to redirect all of the kernel logging for firewall rejections to go to a special log, just full of "denied" messages.

I can't seem to find ulogd in any of the common repos. I was going to pull it down and recompile it, but maybe this just isn't standard practice anymore?

Is there some easier way to separate out the firewall logging to a separate file? Does anyone still use Ulogd anymore, or is an old school solution and there's a better way now.

Thanks,
Greg

Hi Greg,
sorry to answer a bit late, but kind of overlooked this not knowing answer from top of my head ..., been busy last days lots.. and i havent used this option yet, but looks might be quite handy.

OK, firstly, we have the support in kernel:

Explained:

CONFIG_IP_NF_TARGET_ULOG:

This option adds a `ULOG' target, which allows you to create rules in
any iptables table. The packet is passed to a userspace logging
daemon using netlink multicast sockets; unlike the LOG target
which can only be viewed through syslog.

The apropriate userspace logging daemon (ulogd) may be obtained from
netfilter.org

download source:
ftp netfilter.org ulogd download

Basically, it's not included in the RHEL 6, nor clones (at least yet). i recommend to recompile and make rpm yourself.
If you'd need help on it ask ... :-)


cheers,

This post has been edited by helikaon: Oct 21 2011, 07:44 PM

Gentlemen,
happy holidays. I just tried to compile an old copy of ulogd-1.24-2.src.rpm and it completely failed to.
i tried to took out "--with-mysql" from configure. It actually compiled the code, but failed in another place. Here is a log:

CODE

+ mkdir -p /builddir/build/BUILDROOT/ulogd-1.24-2.el6.x86_64/var/log/ulogd + mkdir -p /builddir/build/BUILDROOT/ulogd-1.24-2.el6.x86_64/etc/logrotate.d + install -m644 /builddir/build/SOURCES/ulogd.logrotate /builddir/build/BUILDROOT/ulogd-1.24-2.el6.x86_64/etc/logrotate.d/ulogd + mkdir -p /builddir/build/BUILDROOT/ulogd-1.24-2.el6.x86_64/usr/share/man/man8 + sed -e s/@VERSION@/1.24/g /builddir/build/SOURCES/ulogd.8 + gzip /builddir/build/BUILDROOT/ulogd-1.24-2.el6.x86_64/usr/share/man/man8/ulogd.8 + /usr/lib/rpm/find-debuginfo.sh --strict-build-id /builddir/build/BUILD/ulogd-1.24 extracting debug info from /builddir/build/BUILDROOT/ulogd-1.24-2.el6.x86_64/usr/sbin/ulogd extracting debug info from /builddir/build/BUILDROOT/ulogd-1.24-2.el6.x86_64/usr/lib64/ulogd/ulogd_LOCAL.so *** ERROR: No build ID note found in /builddir/build/BUILDROOT/ulogd-1.24-2.el6.x86_64/usr/lib64/ulogd/ulogd_LOCAL.so

any help will be very much appreciated.
Andrew
P.S. I also failed to get the latest ulogd 2.X to compile.

P.P.S one of the fellow users sent me a spec file for 1.24 version. Worked like a charm. issue is closed.