Home > Linux, RedHat, Security > Ulogd 2.x on CentOS 6

Ulogd 2.x on CentOS 6

Windcolour – second sight
A touch of silence and the violence of dark
Illusion span – the aroma of time
Shadowlife and the scent of nothingness

(Dark Tranquillity – Insanity’s Crescendo)

Ulogd is a small deamon capable of logging iptables output from ULOG (or other targets) to various different backends. One can log into MySQL, PostgreSQL, sqlite, or plain old textual log file. I used ulogd massively on servers on CentOS 5, so I really missed the CentOS 6 version. Now, I’ve noticed ulogd 2.0.0-beta4 being available in Fedora 17, so opportunity came for me to backport it. RedHat Enterprise Linux 6 is based on Fedora 12, and luckily things haven’t gone out of reach quite yet, so backporting from latest Fedora to RHEL/CentOS 6 are still quite easy.

Binary and source packages are available in Srce RPM repository for Enterprise Linux. You can add SRCE to your yum repositories list simply by running following set of commands:

# /usr/bin/wget http://ftp.srce.hr/redhat/_repos/RPM-GPG-KEY-SRCE
# /bin/rpm --import RPM-GPG-KEY-SRCE
# /bin/rm -f RPM-GPG-KEY-SRCE
# /bin/rpm -Uvh http://ftp.srce.hr/srce-redhat/base/el6/x86_64/srce-release-5-3.el6.srce.noarch.rpm

After this things are quite easy, just use yum and install the software:

# yum install ulogd

Enjoy!

Advertisements
  1. adamtaunowilliams
    January 2, 2015 at 6:30 pm

    Any chance of seeing an updated ulogd package? the package in the repo is still 2.0.0, while 2.0.4 is current.

  2. March 11, 2015 at 12:43 pm

    I can look into it, but last time I tried to package it up I had problems with ULOGD target requiring some libs that are newer then the ones delivered with CentOS 6.

  3. Basher52
    June 6, 2015 at 9:41 pm

    The probability for ulogd 2.0.5 in CentOS7?
    Here the libs should be OK, I tried to compile all from netfilter.org myself but the result just gives me these errors:

    [root@~]# ulogd -v
    Wed Jun 3 12:34:05 2015 ulogd.c:843 building new pluginstance stack: ‘log1:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU’
    Wed Jun 3 12:34:05 2015 ulogd_inppkt_NFLOG.c:503 forcing unbind of existing log handler for protocol 2
    Wed Jun 3 12:34:05 2015 ulogd_inppkt_NFLOG.c:503 forcing unbind of existing log handler for protocol 10
    Wed Jun 3 12:34:05 2015 ulogd_inppkt_NFLOG.c:503 forcing unbind of existing log handler for protocol 7
    Wed Jun 3 12:34:05 2015 ulogd_inppkt_NFLOG.c:552 unable to bind to log group 0
    Wed Jun 3 12:34:05 2015 ulogd.c:813 error starting `log1′
    Wed Jun 3 12:34:05 2015 ulogd.c:843 building new pluginstance stack: ‘log2:NFLOG,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU’
    Wed Jun 3 12:34:05 2015 ulogd_inppkt_NFLOG.c:552 unable to bind to log group 1
    Wed Jun 3 12:34:05 2015 ulogd.c:813 error starting `log2′
    Wed Jun 3 12:34:05 2015 ulogd.c:843 building new pluginstance stack: ‘ulog1:ULOG,base1:BASE,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU’
    Wed Jun 3 12:34:05 2015 ulogd.c:870 can’t find requested plugin ULOG
    Wed Jun 3 12:34:05 2015 ulogd.c:843 building new pluginstance stack: ‘log2:NFLOG,mark1:MARK,base1:BASE,ifi1:IFINDEX,ip2str1:IP2STR,print1:PRINTPKT,emu1:LOGEMU’
    Wed Jun 3 12:34:05 2015 ulogd.c:870 can’t find requested plugin MARK
    Wed Jun 3 12:34:05 2015 ulogd.c:843 building new pluginstance stack: ‘ct1:NFCT,ip2str1:IP2STR,print1:PRINTFLOW,emu1:LOGEMU’
    Wed Jun 3 12:34:05 2015 ulogd_inpflow_NFCT.c:1399 NFCT plugin working in event mode

  4. Basher52
    June 7, 2015 at 2:06 am

    Tried that one and it still gave the same result 😦

    Think I better do a total reinstall just to be sure that nothing got ‘F’ed up 😛

    I also think that you know what your doing so if you could fix this for CentOS7, I sure would spread that around 🙂 with the latest ulogd(v2.0.5) though 😛

  5. Basher52
    June 11, 2015 at 3:07 pm

    Just want to let you know that ‘ulogd-2.0.4-3.el7.lux.1.x86_64.rpm’ does not work on my
    CentOS7 – Linux 3.10.0-229.el7.x86_64 #1 SMP Fri Mar 6 11:36:42 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux.

  6. Basher52
    June 14, 2015 at 12:19 am

    You got anymore things you could help out with?
    My mind is blank. I tried installing the required packages that are needed for the dependencies that follow trying to installing this but I got to the same error.

  7. Basher52
    June 28, 2015 at 12:25 am

    Just to let everyone know, I got it working 🙂
    First I installed the dependencies through netfilter.org but that was a bad thing. Later I used the RPMs on the place I got this ulogd RPM from and after that it all worked fine.
    Some problem though with config and the output of it but that’s another matter 😛
    Thx again jsosic 😀

    • newton
      September 2, 2015 at 1:20 pm

      I have the same error, but I only used the packages coming from lux. Can you explain what you did exactly?

      • Basher52
        January 22, 2016 at 8:20 pm

        well, like I wrote in my last post, the one you answered to.
        I had mixed the RPM of this with the dependencies from netfiler.org and that didn’t mid well so I used everything from the place I got this RPM, thus http://ftp.srce.hr/

        Try that.

        PS. I still haven’t understood how to config it to get it to work properly, but haven’t got much time for it so…. right now, I can’t see anything from the ip-tables log.

        If you @newton ever finds another solution for this iptables-log-viewing preferably a browser solution or such, lemme know 🙂

      • Basher52
        January 22, 2016 at 8:22 pm

        da*n it…
        exchange the word ‘mid’ with mix 😛

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: