|This forum is proudly powered by Scientific Linux 6||SL website Download SL Help Search Members|
|Welcome Guest ( Log In | Register )||Resend Validation Email|
Posted: Oct 18 2011, 05:21 AM
Member No.: 148
Joined: 10-May 11
On my old Centos 5 box, I setup all of my firewalls so that they used ULOG logging.
That made it really easy to redirect all of the kernel logging for firewall rejections to go to a special log, just full of "denied" messages.
I can't seem to find ulogd in any of the common repos. I was going to pull it down and recompile it, but maybe this just isn't standard practice anymore?
Is there some easier way to separate out the firewall logging to a separate file? Does anyone still use Ulogd anymore, or is an old school solution and there's a better way now.
Posted: Oct 21 2011, 07:33 PM
Member No.: 4
Joined: 8-April 11
sorry to answer a bit late, but kind of overlooked this not knowing answer from top of my head ..., been busy last days lots.. and i havent used this option yet, but looks might be quite handy.
OK, firstly, we have the support in kernel:
This option adds a `ULOG' target, which allows you to create rules in
any iptables table. The packet is passed to a userspace logging
daemon using netlink multicast sockets; unlike the LOG target
which can only be viewed through syslog.
The apropriate userspace logging daemon (ulogd) may be obtained from
ftp netfilter.org ulogd download
Basically, it's not included in the RHEL 6, nor clones (at least yet). i recommend to recompile and make rpm yourself.
If you'd need help on it ask ... :-)
This post has been edited by helikaon: Oct 21 2011, 07:44 PM
Posted: Dec 24 2011, 04:13 AM
Member No.: 191
Joined: 19-May 11
happy holidays. I just tried to compile an old copy of ulogd-1.24-2.src.rpm and it completely failed to.
i tried to took out "--with-mysql" from configure. It actually compiled the code, but failed in another place. Here is a log:
any help will be very much appreciated.
P.S. I also failed to get the latest ulogd 2.X to compile.
P.P.S one of the fellow users sent me a spec file for 1.24 version. Worked like a charm. issue is closed.